How to detect unauthorized network traffic? - safesqr | we make your cybersec


A telecommunications services company lost access to important data. It turned out that a few months earlier a file with an almost identical name to an existing file had been embedded in the company’s cloud resources. It was just waiting for the moment designated by the cybercriminal to begin its operation.

The file was spread throughout the company’s network, after which it encrypted disk data, effectively blocking the smooth operation of the entire company. This resulted in huge losses both financially and in terms of image.

What was the reason for the successful attack?

  • Lack of tools to analyze the network infrastructure
  • Lack of automation tools to detect the attack


Detecting unauthorized network traffic in today’s world full of cyber threats is an extremely time-consuming task. Well-equipped SOC (Security Operation Center) teams should have access to tools that keep the need for their involvement to a minimum. A tool that would prevent problems for the aforementioned telecommunications services company is an NDR-class solution – Network Detection & Response.

NDR-class solutions provide a complete view of an organization’s network infrastructure in real time. Through packet analysis and behavioral analysis, they detect unusual network traffic and unusual user behavior. Thus, they prevent an attack at the very first stage, i.e. the creation of the threat. An alert sent to the SOC operator gives a high priority to the event, so that it is able to respond immediately to a security incident. This type of NDR solution that can effectively detect unauthorized network traffic is NetWitness Network.



After implementing an NDR-class tool, the organization is able to detect unauthorized network traffic quickly and efficiently to take action. Automation tools allow prioritizing actions and avoiding false positives. All events are sent to a SIEM-class tool, where full analysis takes place. On the other hand, in the event of a similar event as in the past, the organization gains access to tools that allow the full course of the attack to be reconstructed for investigation.

We are waiting for your questions

Explore other challenges in the area of: Data and network security

Take care of your cybersecurity with us