LinkShadow offers three integrated cybersecurity products – Network Detection & Response (NDR), Data Security
Posture Management (DSPM), and Identity Threat Detection & Response (ITDR) – each targeting a different domain
(network, data, and identities). Below, we break down how each product supports the six CSF Functions (GV, ID, PR, DE,
RS, RC) and their Categories/Subcategories:Network Detection & Response (NDR)LinkShadow NDR monitors network traffic and uses analytics/ML to detect threats in real time, aligning strongly with
Detect and Respond functions, while also contributing to Identify and Protect:Identify (ID): NDR provides complete visibility into network assets and activity. It can identify and classify all devices,
applications, and users on the network, giving security teams a comprehensive asset inventory and understanding of data
flows. This supports Asset Management (ID.AM) outcomes – e.g. ensuring all networked systems are inventoried and their
communication flows are known. NDR’s Network Mapping feature visualizes device connections and highlights any
unmanaged or rogue devices, directly aiding ID.AM and identification of organizational network boundaries.Protect (PR): While primarily a detection tool, NDR indirectly supports Protect functions. By identifying misconfigured or anomalous network behaviors (such as unusual protocols or ports in use), LinkShadow NDR helps organizations
remediate configuration weaknesses – aligning with Platform Security controls (PR.PS) like network integrity and
segmentation. Additionally, integration with enforcement tools (firewalls, NAC) allows NDR to trigger protective actions
(e.g. quarantining a device) to prevent threat spread, supporting Protect – Access Control (PR. AA) by limiting adversary
movement.Detect (DE): This is NDR’s core strength. It continuously monitors all network traffic (fulfilling DE.CM Continuous
Monitoring) and uses behavioral analytics plus threat intelligence to spot anomalies and attacks in real time. LinkShadow
NDR’s AI/ML engine learns normal network behavior and can detect new or stealthy threats that evade traditional tools.
It analyzes vents for signs of malware, lateral movement, data exfiltration, etc., addressing Detect – Adverse Event (DE.AE)
subcategories by flagging unusual patterns (e.g. a surge in internal port scanning or an uncharacteristic data transfer).
These advanced detection capabilities allow organizations to catch incidents early, a key CSF outcome.Respond (RS): LinkShadow NDR includes automated and analyst-guided response features. When a threat is confirmed,
it can execute response playbooks (e.g. send alerts, isolate affected hosts, block malicious traffic) to contain the incident.
Through integration with tools like Cisco ISE, NDR automates Threat Containment (RS.MI) by removing compromised
devices from the network. The platform also provides detailed incident analysis and forensic data (supporting RS.AN),
helping responders understand the scope and root cause of an attack. NDR’s dashboard and reporting tools facilitate
incident communication – security teams can generate real-time incident reports and compliance logs at the push of a
button, aligning with Respond – Communications (RS.CO) requirements to inform stakeholders and regulators.Recover (RC): Although NDR is not a data backup or recovery solution, it meaningfully aids the Recover function. By swiftly containing threats and minimizing damage, NDR reduces the effort needed to restore systems (supporting the outcome of
timely Recovery Plan execution, RC.RP).Additionally, the audit trails and logs collected by NDR serve as a knowledge base for recovery efforts. After an incident,
these logs help identify affected assets and data, which informs the recovery plan and any necessary system restoration.
NDR’s reports also support Recovery Communications (RC.CO) by providing post-incident summaries for management,
compliance auditors, and incident response lessons learned.Example: In practice, deploying LinkShadow NDR helps an organization meet CSF outcomes like “anomalous network activity is detected in a timely manner” and “response activities are automatically triggered and coordinated”. A 2025 LinkShadow
case study notes that NDR gave full visibility into advanced threats through AI-driven Threat Hunting and UEBA, allowing
the team to immediately act on the riskiest threats and improve reporting for better decision-making. This directly speaks
to CSF’s Detect and Respond objectives.
