Simon Hanke, Cyber Defense Consultant
With co-managed NDR, we keep the
See through your network security!
- Modular: Takeover of individual roles up to complete NDR operation.
- Flexible: We adapt flexibly to your
needs and processes.
- Hybrid: Provision of services from our Cyber Defense Center or at your site.
for your safety
With NDR, we bring transparency to your network infrastructure and enable you to respond quickly to threats.
With our expertise, we have your network under control!
In the SECUINFRA co-managed-NDR approach, all components and data of the NDR always remain in your possession. The detection mechanisms are also your intellectual property and belong to you. This enables trouble-free adjustments to be made at any time during operation.
Depending on the task at hand, our cyber defense experts sit directly at your site or access your NDR tool via a secure connection.
Our co-managed NDR is the ideal network-level threat detection service.
Simon Hanke, Cyber Defense Consultant
Individual NDR deployment
Together with you, we plan your optimal NDR.
According to your individual requirements and ideas.
Managed Detection and Response
With our MDR service, we offer you a comprehensive service. By combining EDR, NDR and SIEM, we monitor your organization completely.
As part of our co-managed approach, we install and operate your NDR tool together with your internal security department. In close consultation, we develop new detection rules or provide support for alarm analysis. You decide individually which services you would like to take advantage of from us.
The most important FAQ from the NDR area
IT security teams face the challenge of providing active, rapid, and comprehensive threat detection and mitigation for enterprises in the face of numerous and increasingly complex cyber threats. This calls for a wide range of threat detection and response tools that aim to detect and report attack activities in a timely manner and thus sustainably increase the level of IT security.
Network Detection & Response forms the building block of network security and ensures the visibility of threats within the company’s own network infrastructure. In addition, NDR enables targeted and rapid defense against identified threats.
In order for your NDR to efficiently and effectively address current and future cyber threats, you must
detection rules and response capabilities are always kept up to date. This is exactly where we come in with our flexible co-managed SIEM approach: You decide individually which competencies you want to build up in-house and which services you additionally obtain from us.
In order to use an NDR tool, the infrastructure must provide a way to analyze network communications. This can be done, for example, by a switch SPAN port or a dedicated Test Access Point (TAP).
It is also necessary to specify which network traffic is to be analyzed. Typically, a first point of analysis is the network interface between their organization and the public network. Here they have the possibility to analyze all accesses from their network. In addition, the transitions between individual network segments within their organization can be monitored, e.g. to identify lateral movement activities.
In addition, SECUINFRA needs secure access to their network environment to keep their NDR tools up to date.
SECUINFRA offers you the possibility to realize your individual NDR solution according to the modular principle. In the process, our experts work with you to plan the implementation and connection of the NDR tool to your existing security infrastructure. We also provide long-term support with our co-managed NDR approach to respond to current cyber threats. To this end, our cyber defense experts develop additional detection rules or adapt your protective measures to current needs.
Comprehensive NDR introduction
We work with you to holistically prepare the introduction of your NDR to ensure smooth and efficient operation for your company right from the start.
Before you implement an NDR tool, you should at least think about the following points: Goals and framework of your NDR, network interfaces to be connected, “response” tools, detection rules, data volume/storage duration and log data forwarding.
SECUINFRA supports you with all these and other questions regarding the NDR.
You bring in your expectations and goals for your NDR tool and we complement them with our years of experience in consulting and operational support.
When installing your NDR tool, we support you with the initial setup, the connection of the network interfaces for monitoring and other security tools, and the forwarding of log data to SIEM and/or SOAR systems. Through our co-managed approach, we also perform future customizations upon request.
In addition to the network interface required to analyze network information, an NDR tool needs other information to work effectively. This includes internal company information about the network infrastructure as well as indicators about current threats. For a fast and automated response, it is also necessary to connect to existing firewalls or web proxies. SECUINFRA selects the necessary tools together with you and supports you with the connection.
For your NDR tool to fully detect threats, it needs detection rules that are customized to your infrastructure. SECUINFRA offers you a choice in individual use cases. Our cyber defense experts draw on years of experience in developing use cases as well as existing rules. In addition, they receive new detection rules via our co-managed NDR service to respond to current threats.
For efficient use of an NDR tool, its log data is transferred to a SIEM. This allows security analysts to link network information to other logs and further contextualize alerts. With the help of a SOAR tool, it is again possible to automatically analyze incoming alarms from their NDR tool. It is also possible to use the “Response” properties of the NDR when another tool in your security infrastructure detects suspicious behavior. SECUINFRA offers you complete monitoring of your infrastructure through NDR and SIEM with our MDR service.
During operation, the alarms from the NDR tool must be evaluated and, if necessary, protective measures must be taken that go beyond the tool’s automatic response. In addition, new detection rules must be implemented for current threats. SECUINFRA supports you individually in these tasks with our co-managed NDR approach
Modular and flexible NDR operation
With our co-managed NDR approach, we support you exactly where you need additional competencies from our experts.
The information provided by an NDR tool offers numerous opportunities for threat hunting. By analyzing network traffic, security analysts have a wealth of information at their disposal to identify past or current threats within their own infrastructure. If you wish, we can perform a regular search for possible compromises in your network.
For the analysis of security alarms, the NDR tools provide additional information besides the original alarm. This enables us to answer your questions about the course of a possible security incident quickly and specifically.
NDR tools also support analysis work in the area of incident response. If a security alert occurs or Indicators of Compromise (IoC) become known, we can use the network logs to quickly isolate and assess the current threat to your organization.
Strong enterprise security benefits from the continuous evolution of detection rules and capabilities. That’s why we also provide long-term support in the area of content development for your NDR tool.
To ensure the NDR operation, we support you on request with administrative activities as well as with the installation of software updates.
Finally, monitoring proper operation is also part of our co-managed approach. Here we support you in monitoring the connected data sources as well as the error-free functioning of your NDR tool.
That's why SECUINFRA!
More informative blog posts and professional articles
References in the area of Co-Managed NDR
SECUINFRA does not name clients or references publicly!
Our customers’ desire for discretion always takes precedence over SECUINFRA’s marketing interests.
- SUCCESS THROUGH RECOMMENDATION
Since 2010 we have been focusing on cyber attack detection, analysis & defense and have gained more experience than most IT security companies in Europe in over 150 customer projects and 37,000 consulting days. Almost all customers have become aware of SECUINFRA through recommendations and have in turn recommended us to others.
- REFERENCE ON REQUEST
In case of legitimate interest, we will establish contact with suitable reference customers.