Network Detection & Response
We help you to get the most out of your security budget and resources
The Best Solution For Your Security
Network Detection and Response (NDR), also called network traffic analysis (NTA), or network analysis and visibility (NAV), checks the network metadata (IP flow or netflow) or raw full packet streams for abnormal behavior that violates dynamic threshold values or pre-defined policies. Application layer traffic is deconstructed, compared to a baseline, and analyzed by machine learning algorithms to detect anomalies.
By purchasing a NDR solution, you can reduce risk, save time, and make the most of your budget. We help you achieve these goals and support you in finding the right provider- until your purchase has conducted the final negotiation.
Our provider directory - are you already part of it?
Our customers can receive offers from the following providers - and all others
Our Service for you
Simple. Clear. Affordable.
Bosch CyberCompare is the independent purchasing platform for CyberSecurity and your partner for the procurement of IT, OT and IoT security.
We will help you find the right provider in 4 steps and will be happy to advise you:
What our customers have to say about us
It's the Result That Counts
benefit from our knowledge and experience
Good to Know
The difference between IDS/IPS systems and NDR
Technically speaking, NDR is a subgroup of network intrusion detection systems (NIDS), which includes both signature-based and behavior-based detection. However, intrusion detection systems (IDS) are increasingly often used to refer to monitoring for malware based solely on signatures (hashes) and known and documented threats. IDS are used to passively observe “North-South” traffic via network TAPs or SPAN ports, with Intrusion Prevention Systems (IPS) inline, often as part of perimeter firewalls.
If suspicious behavior is noticed in comparison to a network traffic baseline, NDR systems sound and alarm. They can in theory, also detect unknown “zero-day” cyber threats and are deployed via switches to monitor “East-West” lateral traffic between company-internal endpoints (mostly client-server communication).
Perspectives from IT Security:
There is general agreement that NDR is improving visibility and thereby security. The future of threat detection and prevention will most likely be in a kind of XDR system that combines AV/EDR, NDR, SIEM, and cloud workload protection functions. However, today those are mostly disparate products, and for organizations that are constrained in personnel and budgets, the order of implementation matters. Therefore, priority should be given to the solution(s) that reduce risk significantly while being cost-efficient.
In general, we advise that customers start with state-of-the-art endpoint protection (incl. EDR) and deploy the agent to as many computing systems as possible (laptops, desktops, servers, and virtual machines) to monitor events like process creation, registry changes, or system commands.
We keep you up-to-date with our whitepapers
Network Detection and Response (NDR) – Buyer’s Guide