MaxxMDR MDR + NDR is a managed detection and response service that combines endpoint monitoring with network-layer visibility. The service utilizes license-free SIEM and network intrusion detection system (NIDS) sensors deployed in customer environments to monitor network traffic and security events. The service performs full packet captures of network traffic via span ports and collects security logs from various sources. Network sensors are placed at the edge and throughout the network to monitor lateral movement and detect anomalies. A dedicated security analyst is assigned to each customer to correlate data from multiple detectors and investigate network traffic anomalies, breaches, compliance violations, and threats. The platform includes 24/7 monitoring and incident response capabilities. Security analysts perform proactive threat hunting by mining network data, investigating anomalies, evaluating host behavior thresholds, and identifying exposures. The service takes defensive actions based on customer-defined change control and severity criteria. Network behavior analysis is conducted using packet captures, flow and session data, and switch polls. Analysts tune sensors and set thresholds to account for network behavior patterns, reducing false positives. The service provides alerting, analysis, and response for detected events. The platform supports compliance requirements by checking for violations and providing supportive data for policy improvements. Incident response includes data mining and forensic analysis when needed. Reporting is customized to customer needs, and network behavior thresholds are updated regularly based on the dedicated analyst's knowledge of the environment.