Sophos Network Detection and Response (NDR) is a virtual appliance that monitors network traffic for suspicious flows as an add-on to Sophos MDR. Detections are sent to the Sophos Data Lake, evaluated, and provided with a risk score that is analyzed and validated by the Sophos Threat Response team. NDR can also trigger analysis of internal host connections to network Serverand be used to supplement threat hunts following endpoint activity. It is easy to deploy as a native Sophos MDR integration without disruption and is offered as a virtual appliance. It has multiple detection engines such as Encrypted Payload Analytics (EPA), Domain Generation Algorithms (DGA) and Deep Packet Inspection (DPI) that monitor suspicious network flows and provide insights.