AI Prevent

AI Prevent

AI Prevent autonomously responds to network threats and reacts to specific notifications. When a detection is triggered, NDR blocks the offending machine.

NDR blocks threats through:

• Interacting with the network's switch controller.

• Applying a blocking flow or MAC address block.

By default, a device with a given IP or MAC address will be blocked (isolated and disallowed communication by the SDN controller) if,

• A notification is generated from a network event.

• The notification's severity level is High.

• NDR AI Prevent is enabled, and the SDN controller configuration has been correctly set up.

• The notification trigger rule is activated. A notification trigger rule is a condition that determines when NDR must generate a notification.

If email notifications are enabled, NDR sends an email whenever AI Prevent is triggered.