Sophos XDR

Cloud-integrated network detection and response
Buy now Contact

Publisher

SOPHOS

About this software

Sophos Central Network Detection and Response monitors internal network traffic to identify suspicious behavior across unmanaged devices, IoT, insider activity, and zero-day command-and-control attempts. Deployments use a log collector appliance—virtual, hardware, or AWS AMI—that forwards data to the Sophos Data Lake and Sophos Central for investigation. As a licensed integration add-on, NDR integrates with Sophos Central, XDR, MDR, and Sophos Firewall to provide investigation tools and automated response coordination.

Licenses & prices

Standard

Base Sophos XDR functionality providing endpoint and server telemetry, basic threat detection, investigation, and alerting capabilities.

Sophos central extended support for w7/8.1/2008 r2/2012/2012 r2

Adds Sophos Central-managed extended endpoint support for Windows 7/8.1 and Server 2008 R2/2012/2012 R2 legacy systems.

Sophos central network detection and response

Sophos Central-hosted network detection and response integrating firewall and network telemetry with XDR for centralized threat detection.

Network detection and response

On-premises or appliance-based network detection and response that analyzes network traffic for threats and forensic details.

Extended support for w7/8.1/2008 r2/2012/2012 r2

Provides extended endpoint support for Windows 7/8.1 and Server 2008 R2/2012/2012 R2 legacy operating systems.

Extended support

Adds extended endpoint compatibility and security updates for legacy operating systems unsupported by standard XDR support policies.

Central network detection and response

Network detection and response delivered through Sophos Central, correlating network telemetry with endpoint and server XDR data.

Purchase

Sophos XDR

Sophos XDR
In Stock
Delivery: 1 working day
Loading...
€1.42
Free and without obligation

Do you need more information or looking for another license?

envelope Get in contact phone Call me calendar Schedule a meeting

Benefits

  • Network visibility: Exposes unmanaged, IoT, and rogue devices communicating on the network.
  • Behavioral detection: Uses machine learning and multiple detection engines to find anomalous flows.
  • Encrypted traffic analysis: Analyzes encrypted sessions for command-and-control and zero-day indicators.
  • Centralized investigation: Investigation Console in Sophos Central provides forensic tools and drill-downs.
  • Automated response: Can push threat feeds to Sophos Firewall and coordinate automated actions.

Available languages

  • English
  • Spanish
  • French
  • German
  • & more supported languages

Support information

  • Documentation and guides: Setup, administration, and integration guides are available on Sophos Docs.
  • Datasheets and briefs: Product datasheet and solution brief can be downloaded from the product page.
  • Deployment resources: Hardware specifications, sizing guidance, and AWS deployment instructions are published.
  • Product updates and news: Feature announcements and NDR updates are posted on Sophos News.
  • Integration examples: Guides show integration with Sophos Central, XDR, MDR, and Firewall workflows.

Frequently asked questions

How is Sophos NDR deployed?
NDR is deployed via a log collector appliance hosted on certified hardware, virtual machines, or AWS AMIs, forwarding data to the Sophos Data Lake and Sophos Central for investigation.
What threats can NDR detect?
It detects unprotected devices, rogue assets, insider threats, lateral movement, anomalous traffic flows, and zero-day command-and-control activity.
Does NDR integrate with other Sophos products?
Yes, NDR integrates with Sophos Central and can coordinate with XDR, MDR, and Sophos Firewall for automated response and shared telemetry.
Is NDR licensed as an add-on?
Sophos requires the NDR integration license pack; NDR is available as an add-on to XDR and can be used alongside Sophos MDR offerings.
What investigation tools are included?
Includes an Investigation Console, five independent detection engines, deep packet inspection, encrypted payload analysis, and session risk analytics for forensic investigations.