Sophos NDR is now available on AWS
Credit to Author: Karl Ackerman| Date: Wed, 21 Feb 2024 12:27:56 +0000
Sophos NDR can now be deployed in AWS AMI for all NDR and XDR/MDR customers with a licensed integration pack that requires a log collector.
Sophos NDR in AWS offers several advantages for threat detection and response:
What you get
Cloud-native security monitoring:
- AWS-native NDR sensors can now efficiently provide visibility into the network traffic and security events within AWS environments. This is crucial for monitoring and securing cloud-based workloads.
- If the NDR sensor is external to the AWS environment, then the network traffic has to be routed to the external NDR sensor at a significant data transfer cost.
Scalability:
- Deploying an NDR sensor as an AMI allows you to scale your security monitoring capabilities based on the growth of your AWS infrastructure. You can easily launch multiple instances of the sensor to cover larger environments or increasing workloads.
- Each deployed sensor can support 1GBS network traffic via a span/rspan configuration.
Real-time threat detection and response:
- Sophos NDR monitors both encrypted and un-encrypted network traffic in real time, detecting and alerting on potential security incidents.
- Combining Sophos NDR and XDR/MDR with Sophos Firewall in AWS provides real-time Active Threat Response to block active adversaries dead in their tracks.
How it works
Amazon Machine Image (AMI) is a pre-configured virtual machine image used to create Amazon Elastic Compute Cloud (EC2) instances within the Amazon Web Services (AWS) environment. An AMI contains the necessary information to launch an instance, which includes the operating system, application server, and any additional software required to run your application. The AWS AMI also supports log collectors for third-party integrations, as well as NDR.
Getting started
Check out the video, documentation, and links to AWS on the Sophos NDR community for information on how to get started quickly.