A more secure world

Real-time security data monitoring

and reporting with Nokia NetGuard
Endpoint Detection and Response
 Minimize costs Reduce cost of The NetGuard The leader in
Every second counts NetGuard Total visibility NetGuard EDR
and damage integration XDR advantage telco security

With cyber attacks,

every second counts  
—  and has a cost
Security operations teams are under increasing pressure from regulators and
need to address the growing risks while keep critical services running. Reducing
the attack surface and remediating affected endpoints has never been more
important to avoid disruption of service.

The urgency for early detection and response manual tasks. Lack of automation can often
in 5G networks has steadily become more drive-up cost and damage when a sophisticated
pressing for communication service providers attack is discovered as there is no telling how
(CSPs). With an expanded attack surface, there’s long the attacker has been actively working.

65%
more entry points for malicious actors to gain And with cyber attacks, every second counts.
unauthorized access to sensitive information
with cloudification, virtualization, multiplying To contain threats and minimize potential
application programming interfaces (APIs) and damage in 5G networks, CSP security
open 5G architectures. Detection of those operations teams need smart, fast tools
malicious actors is only as valuable as how fast to help security analysts act quickly and
and how automated the response can be. easily – such as the automated, highly
flexible Nokia NetGuard Endpoint Detection
CSP security teams are working around the and Response (EDR).
clock to maintain the critical infrastructure and of CSP respondents
analyze data for threats – leaving their teams
exhausted by spending too much time on
said their security
teams spend more than
30% of their time on
automatable
Source: Nokia commissioned GlobalData tasks.
report, 2022
 Minimize costs Reduce cost of The NetGuard The leader in
Every second counts NetGuard Total visibility NetGuard EDR
and damage integration XDR advantage telco security

Minimize costs and potential “In 2022, the

average number of
damage by reducing the attack credential insider
threat incidents have
surface of each endpoint risen 84% over the
past two years.
The volume of network activity makes it challenging for any security team to identify suspicious errors in logs, user In addition to the
access and behavior anomalies, compliance monitoring, known vulnerability detection and multiple other security
threats. And one of the biggest challenges many businesses are facing is the threat of compromised insider attacks.
average cost per
incident growing
Nokia expanded its eXtended Detection and elements, including the stringent Design for collecting, aggregating, indexing, and analyzing to $184,548, the
Response (XDR) portfolio with a new solution, Security (DFSEC) development process. By the core network endpoint data to detect and
NetGuard Endpoint Detection and Response (EDR). adopting a multi-layered security approach respond to threats such as intrusion and time to contain an
A lightweight agent-based security platform
designed to protect telecommunications
including endpoint detection and response, it
can provide effective protection against cyber
behavioral anomalies in real-time. insider threat incident
network components e.g., Nokia Core Network threats and address regulatory requirements by has increased from
77 days to 85 days.”

Cost of Insider Threat report

conducted by Ponemon Institute, 2022.
 Minimize costs Reduce cost of The NetGuard The leader in
Every second counts NetGuard Total visibility NetGuard EDR
and damage integration XDR advantage telco security

NetGuard
Nokia NetGuard EDR is a part of the Nokia security
ecosystem and benefits from our wealth of experience

NetGuard Cybersecurity Dome

Security Threat Dashboards/ Auto-

analytics intelligence Reporting response
Use cases for Core/RAN/Transport network
Use cases for Slices
Customized Use cases
Open Development environment

Endpoint IoT and PKI and Automated Privileged

Detection and end-user device lifecycle audit compliance access and
Response security management security identity
 Minimize costs Reduce cost of The NetGuard The leader in
Every second counts NetGuard Total visibility NetGuard EDR
and damage integration XDR advantage telco security

NetGuard EDR detection capabilities:

Reduces cost of integration — • Anomalies of user access and

behaviour

built to fit in existing security environments

• Suspicious file system changes, errors
in logs or process execution
• Outbound network scans and
Nokia NetGuard Endpoint Detection and Response can be deployed on-premises and in any cloud reconnaissance
environment without compromising the performance and stability of the network functions. • Configuration changes, unknown
Nokia EDR is designed to protect network Solaris, AIX, and Win. Without the threat hunting. Its native integration into software installation or container
elements such as Cloud-Native Functions (CNF) dependencies of complex SIEM/XDR systems, NetGuard Cybersecurity Dome is another key image deviations
and Virtual Network Functions (VNF EDR has it improves analyst workflow while providing to curating seamless remediation workflows to
• Compliance monitoring
multi-platform support including Linux, HPUX, customization for investigation, response, and optimize threat response efficacy.
• Remediation actions
 Minimize costs Reduce cost of The NetGuard The leader in
Every second counts NetGuard Total visibility NetGuard EDR
and damage integration XDR advantage telco security

The XDR advantage Figure 2. Design and topology of NetGuard EDR

XDR is at the heart of Nokia NetGuard Endpoint Detection NetGuard 3rd party
and Response and easily integrates with a multi-vendor Cybersecurity Dome systems
security orchestration solution. Leveraging telco-driven
XDR uses cases to easily provide alert prioritization and
classification capabilities. XDR also helps CSPs meet
slice-specific service level agreements.

NetGuard Endpoint Detection and Response

Analytics engine NBI / API Storage Web server

NetGuard EDR server

NetGuard NetGuard NetGuard NetGuard

EDR Agent EDR Agent EDR Agent EDR Agent

Network Network Network Network

element element element element
 Minimize costs Reduce cost of The NetGuard The leader in
Every second counts NetGuard Total visibility NetGuard EDR
and damage integration XDR advantage telco security

Delivering total visibility across the network

Nokia NetGuard Endpoint Detection and Response provides you with confident Figure 3. High-level architecture of Nokia NetGuard EDR – box sizes can be adjusted,
security assurance custom for the critical telecommunications infrastructure structure can be re-organized (SIEM, KAFKA, Web server above the Central server,
Storage on the right of the Central server - so it doesn’t take too much space
with tailored EDR agents according to Nokia Cloud Core rules and specifications.

NetGuard EDR monitors network and endpoint response can be triggered for external action.
Infrastructure Central server SIEM
events and stores the information on a
centralized database for further analysis, Built on a modular architecture, all
investigation, action or reporting. Then the components are configurable. Meaning that Integration Kafka

agent software is installed enabling real-time each component can be enabled or disabled
according to the exact requirements of the EDR Agent Analysis engine
data monitoring and reporting potential
threats. By incorporating rules designed network function being monitored. Web server
API
specifically for the CSP, an automated Filebeat

The four components are: Dashboard

• EDR Server – Analyzes the data received by • EDR Indexer – Highly scalable, full-text
Storage
the agents and is responsible for managing search and analytics engine that indexes and
the agents, configuring, and upgrading them stores alerts by the NetGuard EDR Server
remotely when necessary
• EDR Dashboard - Web user interface for Search engine
• EDR Agents - Installed on endpoints such data visualization and analysis that includes
network elements on cloud instances or out-of-the-box dashboards for security
virtual machines and provide threat prevention, events, regulatory compliance, detected
detection, and response capabilities vulnerable applications and others
 Minimize costs Reduce cost of The NetGuard The leader in
Every second counts NetGuard Total visibility NetGuard EDR
and damage integration XDR advantage telco security

What sets Nokia NetGuard

Endpoint Detection and
Response apart
NetGuard EDR improves analyst workflow while prioritizing resilience and
providing customization for investigation, response, and threat hunting. It also
maps detections to the MITRE ATT&CK framework to investigate alerts further.

Why NetGuard EDR helps to build trust: • Scalable to tens of thousands of endpoints

• Automated deployment on endpoints and • Threat hunting with advanced AI/ML analysis
centralized configured and maintained and Auto-response capability

• Deployable on-prem and in any cloud

environment
 Minimize costs Reduce cost of The NetGuard The leader in
Every second counts NetGuard Total visibility NetGuard EDR
and damage integration XDR advantage telco security

NetGuard Endpoint Detection and Response

offers innovative features and applications
that stand out from others

Little to no impact on network functions Reduce cost of integration

Take advantage of this lightweight highly flexible solution Easily integrates with a multi-vendor security orchestration
without compromising the performance and stability of the solution such as Nokia NetGuard XDR and Nokia NetGuard
network functions. Cybersecurity Dome.

Remediate affected endpoints with automation On-premises and cloud deployment models
Nokia provides the security posture of Cloud Core network
Seize the power of the public cloud while ensuring sensitive
elements by controlling applications, shielding vulnerabilities
data is kept on-premises as needed.
from exploit, and maintaining secure configuration

Specialized 5G security knowledge

Nokia has infused endpoint detection and response with 5G use cases
built on years of deep telco network expertise.
 Minimize costs Reduce cost of The NetGuard The leader in
Every second counts NetGuard Total visibility NetGuard EDR
and damage integration XDR advantage telco security

The leader in telco

network security
Nokia’s real-world knowledge of telecommunications service providers and
their critical infrastructure make NetGuard Endpoint Detection and Response
a practical solution for 5G security assurance.

Built on Nokia’s unmatched know how and security solution that reduces the attack
experience in RAN, Core, IP, Digital Operations, surface and remediates affected endpoints by
Service Orchestration and Assurance, providing real-time data monitoring. By
Analytics, and Security, our solution is focused collecting, aggregating, indexing, and analyzing
on telecommunications service providers and the core network endpoint data, NetGuard
critical telecommunications infrastructure. EDR can detect and respond to threats such
as intrusion and behavioral anomalies.
Nokia NetGuard Endpoint Detection and
Response is an automated an agent-based

Visit our website or contact us today to learn more about

Nokia Endpoint Detection and Response.
Nokia OYJ
Karakaari 7
02610 Espoo
Finland
Tel. +358 (0) 10 44 88 000
CID:213111 (March)
nokia.com

At Nokia, we create technology that helps the world act together.

As a B2B technology innovation leader, we are pioneering the future where networks meet
cloud to realize the full potential of digital in every industry.
Through networks that sense, think and act, we work with our customers and partners to
create the digital services and applications of the future.
Nokia is a registered trademark of Nokia Corporation. Other product and company names
mentioned herein may be trademarks or trade names of their respective owners.
© 2023 Nokia