Latest news with #NDR
Al Bawaba
10-06-2025
- Business
- Al Bawaba
Sophos Updates Its Sophos Firewall Software to Enhance Protection and Incident Response Capabilities
Sophos, a global leader of innovative security solutions for defeating cyberattacks,, announces an update to its Sophos Firewall, now including Sophos NDR Essential, which is free for all customers with an XStream Protection license for Sophos this integration, Sophos Firewall leverages two dedicated artificial intelligence engines to detect malware communications and communications using algorithmically generated domain names. This new feature, stemming from the Sophos Network Detection and Response probe, aims to identify malware communications even when they are previously unknown or not yet indexed. It complements the Active Threat Response capabilities already implemented in Sophos to Chris McCormack, Senior Product Marketing Manager at Sophos, 'NDR traffic analysis requires substantial processing power. That's why we've adopted a new approach by deploying an NDR solution in Sophos Cloud to offload the heaviest tasks from the firewall.'Sophos Connect now integrates EntraID for SSOThis new feature of the VPN client bundled with Sophos Firewall enhances both security and user experience for SSL and IPSEC VPN connections. It is now possible to use EntraID (Azure AD) to authenticate users and implement multi-factor authentication for Sophos Connect and access to the user portal hosted by the VPN-related improvements include:• Improved user interface and usability: Connection types have been renamed from 'site-to-site' to 'policy-based', and tunnel interfaces have been renamed 'route-based' to make them more intuitive.• Dynamic validation of the IP address pool allocated to VPN connections (SSL VPN, IPsec, L2TP, and PPTP) to better resolve potential IP address conflicts.• Strict profile enforcement: In IPsec profiles, default values are now excluded to ensure algorithm synchronization, thereby eliminating possible fragmentation of session negotiation packets that could otherwise prevent site-to-site VPN tunnels from being established.• Route-based VPN and SD-RED scalability: The system now supports up to 3,000 simultaneously established tunnels. Sophos Firewall solutions can now handle up to 1,000 SD-RED site-to-site tunnels and up to 650 concurrent SD-RED management improvements include:• More flexible DHCP Prefix Delegation (IPv6 DHCP-PD): Now supports /48 to /64 prefixes, improving compatibility with certain internet service providers.• Router Advertisement (RA) and DHCPv6 server: Now enabled by default.• Resizable table columns: The web admin interface continues to adapt to ultra-wide screens, and many configuration pages now allow column resizing as needed.• Enhanced object search functionality: The search field in the SD-WAN routing configuration screen now supports more criteria (route name, ID, objects, object values such as IP addresses and domains, among others). Local ACL rules now also support object name and value searches, including content-based searches.• Default configuration changes: Default firewall rules and rule groups previously created during new firewall setups have been removed. Only the default network rule and MTA rules are now provided in the initial configuration. The default firewall rule group and the default gateway probe for custom gateways are both now set to 'None' by by DesignSophos continues to enhance the intrinsic design of its firewalls. The secure-by-design approach includes containerization of specific features and integrity checks on critical operating system files using mathematical checksums. Any checksum mismatch triggers a potential compromise alert, allowing monitoring teams to proactively identify possible security incidents affecting the firewall OS integrity. Incident response and development teams are then able to react swiftly to critical Customers can now manually download and deploy this update on any Sophos Firewall equipped with a valid license.
National Post
09-06-2025
- Business
- National Post
Stellar Cyber Positioned in the Challenger Quadrant of the Gartner Magic Quadrant for Network Detection and Response
Article content Evaluation based on the company's overall ability to execute and completeness of vision. Article content SAN JOSE, Calif. — Stellar Cyber, the cybersecurity illumination company, today announced that it has been positioned by Gartner, Inc. in the Challengers Quadrant of the inaugural Magic Quadrant for Network Detection and Response (NDR). Stellar Cyber is the only vendor to be positioned in the Challengers Quadrant in the report. Article content 'Being named a Challenger in Gartner, Inc. Magic Quadrant for NDR is more than a logo on a slide. We feel it's a testament to the performance, vision, and results that our platform delivers to the midmarket,' said Changming Liu, CEO of Stellar Cyber. 'We consider our positioning by Gartner as a Challenger in a highly competitive space to be confirmation of our relentless innovation and commitment to providing open, modern, and cost-effective solutions that help our customers thwart cyberattacks faster.' Article content Stellar Cyber's Network Detection and Response is natively built into its award-winning Open XDR platform, delivering a fully unified experience for end users. NDR gives security teams live, real-time visibility into user and system behavior. Stellar Cyber's live network traffic analysis capabilities deliver the following benefits: Article content Correlated insights across the entire attack surface, including network, endpoints, cloud, and identity data Built-in AI/ML for automated triage, alert noise reduction, and root cause analysis Single-pane-of-glass operations, where detection, investigation, and response all happen in one place Article content To download a complimentary copy of the Gartner, Inc. Magic Quadrant for Network Detection and Response, click here. Article content Gartner Magic Quadrant for Network Detection and Response, 29 May 2025, By Thomas Lintemuth, Esraa ElTahawy, John Collins, Charanpal Bhogal, Nahim Fazal Article content Gartner does not endorse any vendor, product, or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Article content GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Article content About Stellar Cyber Article content By shining a bright light on the darkest corners of security operations, Stellar Cyber empowers organizations to see incoming attacks, know how to fight them, and act decisively – protecting what matters most. Stellar Cyber's award-winning open security operations platform includes NG SIEM, NDR / OT, Open XDR, and Multi-Layer AI™ under one license. With almost 1/3 of the top 250 MSSPs and over 14,000 customers worldwide, Stellar Cyber is one of the most trusted leaders in security operations. Learn more at Article content Article content Article content Article content Article content Contacts
Associated Press
09-06-2025
- Business
- Associated Press
ThreatBook Selected in the First-ever Gartner® Magic Quadrant™ for Network Detection and Response (NDR)
BEIJING, June 9, 2025 /PRNewswire/ -- After nearly a year of research and evaluation, Gartner released the first 'Magic Quadrant for Network Detection and Response' report on May 29, ThreatBook became the only Chinese company selected. As enterprises accelerate their migration to the cloud and network attacks become increasingly complex, NDR technology has become an indispensable underlying facility for modern security operations centers (SOCs). By continuously monitoring east-west and north-south traffic, it effectively covers lateral threats that are difficult to detect with traditional security devices. It can achieve closed-loop disposal by combining traffic blocking, host containment or linkage with SOAR and SIEM, greatly shortening response time. It also supports IaaS and SaaS deployment, and flexibly adapts to multi-cloud hybrid environments, becoming an important cornerstone of cloud security. ThreatBook believes the release of the Magic Quadrant for NDR not only marks the maturity of traffic detection and response technology and the advancement of market size, but also marks the transformation of the security paradigm from 'passive defense' to 'active operation.' Attacker-centric capabilities: accurate detection, automatic response and cloud advantages As an attacker-centric detection and response platform with deep intelligence integration, ThreatBook TDP relies on cutting-edge innovative technologies to effectively solve core security issues such as zero-day vulnerability detection, attack surface identification, and compromised host detection. Accurate detection Comprehensively covers attack chain techniques, automatically determines the success or failure of an attack, and conducts alert correlation analysis, reducing the false alert rate to 0.003%. Combined with high-quality vulnerability intelligence, behavioral analysis engine, and cloud sandbox, the detection rate of zero-day attacks in actual combat scenarios is as high as 81%. Efficient decryption and response Innovative integration of bypass deployment and proxy technology, high-performance TLS decryption can be achieved without adjusting the network architecture, with an encrypted communication recognition rate of 99%; based on threat intelligence, attack analysis and custom strategies, subsequent attacks are automatically bypassed and blocked, with a two-way blocking rate of 99%, and threats are accurately located at the process level. More than 20 third-party security devices can be linked to form a closed-loop response. Cloud-native adaptation Fully supports mainstream cloud platforms such as Alibaba Cloud, AWS, and Azure, and replaces traditional NFV images with lightweight agents, greatly reducing cloud detection costs; accurately captures the risk of sensitive credential leakage such as AK/SK during transmission. Multi-scenario capabilities and high renewal rate ThreatBook TDP provides multi-scenario solutions to the core traffic threat pain points currently faced by enterprises: Full-network advanced threat protection In an environment with complex network structure, basic protection but lack of advanced defense capabilities, it can not only focus on real threats and filter massive invalid alerts, but also provide advanced threat identification and APT defense. Unified management of multiple branches For large groups, headquarters can centrally display, analyze and manage branch alert data, reduce operation and maintenance costs, and improve overall security. Asset risk monitoring Automatically sort out network assets, identify exposed surfaces and unsafe APIs, prevent data leakage, and provide personalized risk monitoring and centralized alerts. With its core advantages of 'precision, practical, closed-loop, and easy to use', ThreatBook TDP has served thousands of companies in multiple industries such as finance, energy, manufacturing, Internet, and real estate, and has maintained a high renewal rate, with market performance leading the industry. Its capabilities have also been highly recognized by customers, and it has been selected as a 'Strong Performer' in Gartner® Peer Insights™ Voice of Customers for Network Detection and Response for two consecutive years. ThreatBook believes, the inclusion in Gartner's first Magic Quadrant for NDR is not only a verification of its 'technical depth + scenario-based deep cultivation' route by an international market, but also a dual recognition of ThreatBook's product technology strength and service capabilities. In the future, in the complex and ever-changing network security environment, ThreatBook will continue to focus on threat detection, relying on the core capabilities of AI + TI to provide industry users with more reliable traffic detection support. Gartner, Magic Quadrant for Network Detection and Response, 29 May 2025 Gartner, Voice of the Customer for Network Detection and Response, 30 August 2024 Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER, MAGIC QUADRANT and Peer Insights are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. About ThreatBook ThreatBook is a leading provider of cyber threat detection and response that driven by threat intelligence (TI) and AI. We pioneered new approaches to deliver high-fidelity, efficient and actionable security intelligence and integrated the ability with full life cycle threat detection system and incident response capabilities to empower the protection on cloud, network and endpoints, help enterprises achieve high efficiency of responding to threats, reduce complexity and improve security operations. View original content to download multimedia: SOURCE ThreatBook
Business Insider
06-06-2025
- Business
- Business Insider
Comcast Stock (NASDAQ:CMCSA) Gains With a New Sports Connection
Good news for Chicago sports fans who turn to communications giant Comcast (CMCSA) for their television. The deal has been made, and Chicago Sports Network access will be on Comcast now, as of today, at last report. The downside, though—and you knew there would be one—is that the costs will be on the rise. But good news was still good news, and Comcast shareholders sent shares upward modestly in Friday afternoon's trading. Confident Investing Starts Here: Yes, Chicago Sports Network will be on Comcast service, but it will only be on the Ultimate tier, which requires pretty much the highest level of subscription there is. Exact details of the agreement were not disclosed, but reports suggest that the Ultimate tier will add an extra $20 per month to customers' bills, on top of the $20.25 regional sports network fee being charged to Chicagoland subscribers. However, there is something of a plus here. Subscribers were getting a monthly credit of $8.85 from the loss of NBC Sports Chicago. For those basic subscribers that do not upgrade to the Ultimate tier and get access to Chicago Sports Network, the $8.85 credit will remain in place, and drop the regional sports fee to just $11.40 a month, which, all things considered, could be worse. Cybersecurity Advancements It may surprise you to note that Comcast actually has a cybersecurity arm, which is not all that surprising given its connection to online services. But it does, and that arm is known as DataBee. DataBee recently announced that it added new tools to its lineup, specifically the BluVector network detection and response (NDR) platform. BluVector uses artificial intelligence (AI) to search networks for evidence of a variety of potential failure points. These include ransomware, zero-day exploits, malware contained in memory, and more. It inspects packets at a rate of millions per second, which allows it to be used as a real-time threat detection mechanism. Is Comcast Stock a Good Buy Right Now? Turning to Wall Street, analysts have a Moderate Buy consensus rating on CMCSA stock based on nine Buys, 10 Holds and two Sells assigned in the past three months, as indicated by the graphic below. After a 12.17% loss in its share price over the past year, the average CMCSA price target of $40.86 per share implies 18.23% upside potential.
Business Wire
06-06-2025
- Business
- Business Wire
Lumu Named a Leader and Outperformer in the GigaOm Radar for Network Detection and Response for Third Consecutive Year
MIAMI--(BUSINESS WIRE)-- Lumu, the cybersecurity company pioneering Continuous Compromise Assessment®, today announced that GigaOm named the company a leader and outperformer in the GigaOm Radar for Network Detection and Response (NDR) for the third consecutive year. "SaaS is redefining how NDR is delivered, and it's clear that the future of the category will be dominated by platforms that can deliver speed, scalability, and simplicity." -Ricardo Villadiego, founder and CEO of Lumu Lumu achieved the highest possible scores in contextualized visibility and automated response, as well as configurability, manageability, observability, performance, resiliency, framework support, and integrated flow data — setting the standard for the NDR category. These results reflect Lumu's ability to deliver deep, actionable insights and immediate threat mitigation through a SaaS-based platform. By combining advanced detection with ease of management and resilient architecture, Lumu empowers organizations to streamline security operations, accelerate response times, and stay ahead in today's evolving threat landscape. The recent GigaOm Radar report examines 29 of the top NDR solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading NDR offerings, and help decision-makers evaluate solutions to make a more informed investment decision. 'We are thrilled to be recognized by GigaOm in their Radar for Network Detection and Response for the third year in a row — a validation of Lumu's commitment to delivering scalable, cloud-native detection and response capabilities to organizations of all sizes and industries. Today's cyberattacks are designed to bypass traditional, siloed defenses like perimeter security and endpoint detection. Lumu Defender provides real-time, network-level threat detection and integrates seamlessly with existing security stacks to automate and accelerate response — all through a SaaS model that ensures rapid deployment, continuous updates, and immediate value. SaaS is redefining how NDR is delivered, and it's clear that the future of the category will be dominated by platforms that can deliver speed, scalability, and simplicity. We're proud to be acknowledged for empowering organizations to detect and respond faster with a solution built for the future of cybersecurity,' said Ricardo Villadiego, founder and CEO of Lumu. Lumu Defender, the company's flagship NDR solution, acts as the core of an organization's security operation. It delivers Continuous Compromise Assessment to identify network threats and applies its powerful capabilities beyond the network to cover identities, devices, and workloads. Lumu Defender captures and analyzes a wide range of network metadata. This metadata is then fed into Lumu's Illumination Process, which combines known Indicators of Compromise (loCs) correlation, anomaly detection using AI models, and deep correlation analysis to identify potential threats with high accuracy. The solution leverages collective defense by continuously learning from the network data of all its customers, enabling it to adapt to evolving threats rapidly. Providing complete network visibility, Lumu Defender integrates seamlessly with existing cybersecurity defenses to automate threat response. Once a threat is detected, the solution provides rich context and visibility into the incident, including affected assets, attack techniques (mapped to the MITRE ATT&CK framework), and potential impact. It then enables automated response actions through Lumu AutoPilot and out-of-the-box integrations with over 125+ existing security tools. To learn more about Lumu's industry-leading cybersecurity solutions and download the latest GigaOm report, please visit Lumu is a cybersecurity company that helps organizations operate cybersecurity proficiently by measuring and understanding compromise in real time. Through its Continuous Compromise Assessment model, Lumu empowers security teams to act immediately on confirmed compromises and minimize risk exposure. For more information, visit
