Logpoint NDR

Logpoint NDR (Network Detection and Response) analyzes network traffic and behavioral patterns to identify anomalies and detect and respond to potential threats in real time. Logpoint NDR provides detailed analysis of notifications, also known as detections, network traffic, assets, topology, statistics, metadata, and raw network packet data.

How Logpoint NDR Works

Notifications include key information to investigate a potential threat, such as source and destination IP addresses, severity level, affected assets, timestamps, and relevant metadata. You can further explore these notifications in great detail by leveraging both the metadata and raw data that Logpoint NDR stores and provides, and by using its search functionality to conduct threat hunting, forensic investigation, and other relevant activities.

Logpoint NDR contains two components:

1. AI Detect

   Logpoint NDR AI Detect is a product module that provides organizations with visibility into attack indicators and network anomalies, leveraging machine learning and network behavior analysis. Logpoint NDR AI Detect also provides organizations with visibility into the usage of insecure or unsanctioned applications and protocols, including weak encryption.

2. AI Prevent

   Logpoint NDR AI Prevent enables organizations to go beyond detecting potential security risks and threats. With Logpoint NDR AI Prevent, customers can automatically respond to risks and threats. When an activity is identified as malicious, Logpoint NDR can, in real time, natively act or orchestrate the response actions across other platforms (depending on configured integrations), like containment of a rogue or compromised endpoint or by blocking specific IOCs at the perimeter firewall, thus mitigating or preventing potential security risks from further escalation.