LinkShadow Network Detection and Response (NDR) ingests network traffic and uses machine learning to detect malicious activity and to understand security risks and exposure. It combines detection for known attack behavior with the ability to recognise what is typical for any given organization, flagging unusual network activity or session that can indicate an attack. Once a malicious activity is detected, LinkShadow NDR responds using third-party integration like firewall, Endpoint Detection and Response (EDR), Network Access Control (NAC) etc. NDR solutions analyze network traffic to detect malicious activity inside the perimeter—otherwise known as the east-west corridor—and support intelligent threat detection, investigation, and response. Using an out-of-band network mirror port, NDR solutions passively capture network communications and apply advanced techniques, including behavioral analytics and machine learning, to identify known and unknown attack patterns. This data can also be used to perform a real-time investigation into activity and investigate incidents.