Network Detection & Response (NDR)

Zerum Lynx™ combines wire data, machine learning and threat intelligence to provide detailed, real-time analysis of threats in your digital environment – from endpoints to the data center.

Rely on powerful Deep Packet Inspection (DPI) and User & Entities Behavior Analytics (UEBA) capabilities to proactively detect and neutralize the most sophisticated cyber attacks before they threaten your operation.

Zerum Lynx highlights

analytics for cybersecurity

Thoroughly investigate all user and machine network traffic, decoded in real time. Navigate billions of daily events intuitively and quickly, like never before.

detection with embedded intelligence

Detect various attacks automatically with AI algorithms specially designed to identify suspicious behavior, without relying on attack signatures.

behavioral training

Let Lynx Deep Learning algorithms continuously learn the behavior of all your users and endpoints (including IOT) to identify Zero-day attacks, Advanced Persistent Threats and Insider Threats.

exclusive database behavior analytics

Identify threats to your databases before the information is breached with Database Behavior Analytics, an exclusive Zerum Lynx algorithm.

native integration with threat intelligence

Identify connections to malicious servers and sites, malware traffic and more in real time, using the most reliable source of Threat Intelligence on the market.

fast and uncomplicated

Plug & play installation, non-intrusive operation and immediate results. You’ve never seen a security tool so powerful and so simple to install and use.

More
benefits

Real-time insights

Our Threat Hunting service features high-performance Network Detection and Response (NDR), real-time Security Analytics and world-class embedded Threat Intelligence, all integrated and optimized to detect hidden threats in your operation.

embedded intelligence

ZML and SOAR (Security Orchestration Automation and Response) Our ZML, Zerum Multiprocessing Language, allows our team to automate and orchestrate responses to events. In conjunction with our User & Entities Behavior Analytics (UEBA) and dozens of other detection algorithms.

accelerated results

Equipped with Plug & Play detection technology and following rigorous Threat Hunting methods, Zerum’s veteran experts work around the clock to ensure you know what’s wrong and how to resolve it as soon as a cyber threat is found, helping you avoid damage faster.

Questions and answers

Is Zerum’s NDR based only on Netflow, IPFIX, sFlow and so on?

No. Zerum’s NDR is not just based on Netflow, IPFIX, sFlow or similar protocols, that’s just one of the capabilities we have. Our solution performs deep packet inspection (DPI), application-level data extraction and analysis (ETL) and other advanced mechanisms to ensure complete visibility and rich context on network traffic, far beyond the summary data provided by flows.

Is the NDR actively involved in traffic?

No. NDR acts passively on network traffic, without introducing latency or impacting the performance of the customer’s infrastructure. In the on-premise solution, it is deployed through traffic mirroring (SPAN, TAP or Port Mirroring), usually in the core switch, which offers a significant advantage from an analytical point of view. Unlike solutions such as IPS, which operate inline and can introduce delays or block legitimate traffic due to false positives, NDR performs deep packet inspection without directly interfering with network communication. NDR can only be active when integrated with an automation solution, such as a SOAR. In this scenario, as in the case of Zerum Lynx, incident response is orchestrated through playbooks, which trigger commands for active network tools – such as firewalls and intrusion prevention systems (IPS) – to perform threat blocking or containment in a coordinated and automated manner.

Does Zerum’s NDR depend on agents installed on the machines?

No. Zerum’s NDR is completely agentless. It collects and analyzes traffic directly from strategic points on the network, such as switches or network taps, without the need to install any software on the endpoints or servers. This allows for agile deployment, with comprehensive coverage and no impact on monitored devices, as well as facilitating scalability and compliance with critical and heterogeneous environments.

Does Zerum’s NDR identify encrypted traffic as HTTPS?

Yes. The solution allows the use of private keys, inserted directly into the Appliance, or integration with proxies for environments where complete inspection of TLS traffic is possible and desirable, always respecting the organization’s security and privacy policies.

I have an IDS. What’s the difference between IDS and NDR?

NDR(Network Detection and Response) is an evolution of traditional IDS(Intrusion Detection System) systems, especially NIDS(Network-based IDS). While IDS focus primarily on detecting intrusions by identifying known signatures or pre-defined rules, their performance is mostly passive: they issue alerts about suspicious activity, but rarely offer in-depth context or native response mechanisms.

NDR, on the other hand, goes beyond simple detection. It combines multiple layers of analysis – including deep packet inspection (DPI), behavioral modeling, statistical analysis and machine learning – to identify both known threats and anomalous behavior and sophisticated attacks, such as zero-day or lateral movement.

In addition, NDR is designed to integrate with automated response flows. When connected to a SOAR(Security Orchestration, Automation and Response), NDR can trigger containment or mitigation measures in real time, drastically reducing incident response times.

Do you want expert support
to identify and eliminate cyber threats?

We’re here
to help you.

AI Applied to Cybersecurity

Threat Intelligence Database

Network Detection & Response (NDR)

Security Event Management (SIEM) and XDR

Security Orchestration, Automation and Response (SOAR)

Network Packet Broker

Real-Time Analytics for IT (aaNPM)

Monitoring, Detection and Response

Proactive Investigation of Stealth Threats

Evidence Preservation and Analysis

Public Info Analysis to Predict Risks

Specialized Trainings for Risk Prevention

Finding Flaws Before Exploitation

Security Evaluation via Attack Simulation

Automated Simulations of Real Attacks

Monitoring and Analysis of IT Operations

Network Detection & Response (NDR)

Zerum Lynx highlights

analytics for cybersecurity

detection with embedded intelligence

behavioral training

exclusive database behavior analytics

native integration with threat intelligence

fast and uncomplicated

Morebenefits

Real-time insights

embedded intelligence

accelerated results

Questions and answers

Do you want expert supportto identify and eliminate cyber threats?

More
benefits

Do you want expert support
to identify and eliminate cyber threats?