Network Detection and Response(NDR)

REAL-TIME IN-DEPTH VISIBILITY

For each and every flow in and out of the organization network.

The platform monitors North-South & East-West traffic and applies Machine Learning & Artificial Intelligence models to detect the hidden threats and respond to them using automated response.

Deeper Insights

Provides unparalleled visibility into organization traffic by native application profiling. Innspark NDR platform profiles each flow to its respective application categories such as Search Engines, Social Media, Media Streaming, Cloud Storage and to applications such as Google, Facebook, Netflix etc.

DDOS Detection & Response

Deep Learning based modules detects and alerts potential DDOS attacks on the networks. Innspark NDR will detect various types of DDOS attacks such as SYN flood attack, DNS amplification attack, NTP amplification attack, Memcached amplification and much more. Quicker Response & Mitigation actions to DDOS alerts will be done by integrated SOAR playbooks.

Faster Forensics

Innspark NDR platform is built on Web Scale Big Data based architecture which retrieves required network forensics data within sub-seconds. Application of Granular level of filters in the forensics search enables the analysts to dig deeper without spending much time.

Integrated Enrichment

Native integration with curated Innspark Intelligence sources such as PDNS Intelligence, Geospatial Intelligence, WHOIS Intelligence and Autonomous System Number (ASN) Intelligence automatically enrich all the flows.

Anonymous Traffic Identification

Identifies the anonymous traffic through VPN, TOR, SOCKS Proxies, HTTP Proxies and classifies them to provide increased visibility and context awareness for the analysts.

Threat Intelligence Integration

Integration with external threat sources using standard formats like STIX, CSV, JSON & TAXI. Native integration with Innspark Threat Intelligence feeds containing regularly updated threat intelligence signatures for a variety of malwares including Botnets, Ransomware, Trojans, Spyware and APT backdoors.

Quicker Response - SOAR

Automated Response actions to mitigate the threats in real time using predefined and customizable playbooks. Orchestrate the threat contamination workflow across the network by integrating with Firewalls, IPS, WAF, Routers and other security products.

Our Key Features

  • Managed Entity Profiling for closely monitoring specific entities
  • Real Time Traffic monitoring and statistics dashboards and visualizations for ease of operations
  • Live Services Detection detects running service inside the organization
  • Port Scan Detection powered by ML models identifies even the stealthiest reconnaissance scans from adversaries
  • Support Offline Network Traffic Analysis by uploading a packet capture file
  • Multi tenant and Role Based Access control ensures the segregation of data among the analysts
  • AI powered Anomaly Detection Engines which identifies sophisticated attacks and exploitation attempts
  • Supports all formats of flows including Netflow v5, Netflow V9, IPFIX, sFlow, Jflow
  • Dedicated Application Bandwidth Dashboards for each of the profiled applications
  • Supports Blacklist monitoring and alerting
  • Predefined & Customizable Report Generation Engines
  • Supports integration with other security tools such as SIEM, UEBA, EDR for improving the security posture
img/cb3.png

Key Features

  • Managed Entity Profiling for closely monitoring specific entities
  • Real Time Traffic monitoring and statistics dashboards and visualizations for ease of operations
  • Live Services Detection detects running service inside the organization
  • Port Scan Detection powered by ML models identifies even the stealthiest reconnaissance scans from adversaries
  • Support Offline Network Traffic Analysis by uploading a packet capture file
  • Multi tenant and Role Based Access control ensures the segregation of data among the analysts
img/cb4.png
  • AI powered Anomaly Detection Engines which identifies sophisticated attacks and exploitation attempts
  • Supports all formats of flows including Netflow v5, Netflow V9, IPFIX, sFlow, Jflow
  • Dedicated Application Bandwidth Dashboards for each of the profiled applications
  • Supports Blacklist monitoring and alerting
  • Predefined & Customizable Report Generation Engines
  • Supports integration with other security tools such as SIEM, UEBA, EDR for improving the security posture

Highlights


  • Advanced AI modules monitoring the traffic 24 X 7 for detecting anomalous behavior such as C2C communication, Web Shell Traffic, Botnet Traffic, Reconnaissance Port Scanning and DDOS attacks

  • Native Layer 7 Metadata Analysis providing application wise traffic categorization and deeper insights into network

  • Automated Response using SOAR ensures that threats are mitigated in sub seconds


  • 360 Threat Identification by correlating the traffic with JA3/JA3S, FQDN, User-Agent, IP, Port, URL signatures

  • Enhanced Threat Detection Engines powered by refined global threat intelligence leaves no gap for the malware and adversaries

  • Provides contextual information for all the flows by auto-enrichment and PDNS integration

Talk to our Security Experts for demo & how we can be of help?


EMAIL:
[email protected]

CALL:
+91 476 2912 111

Download Datasheet