How CyGlass Cloud-Native SaaS NDR lowers Total Cost of Ownership

A cloud-native SaaS deployment offers a 3 to 1 value advantage over an on-premise deployment. The benefits of deploying on-premise appliances no longer make business sense for any organisation. At the same time, the cost savings of deploying a cloud-native SaaS NDR solution like CyGlass, especially for small and medium-sized organisations, is apparent. With CyGlass, there is now a compelling business reason for small and medium organisations to add critical NDR capabilities to their cybersecurity program.

Download the Case Study, SaaS vs On-Premise Solutions Brief and Network Detection and Response TCO Solutions Brief.

Advanced Network Security Made Simple

CyGlass Network Defence as a Service (NDaaS) delivers a cost-effective network detection, response, and compliance solution for cybersecurity teams that have a distributed, hybrid network and do not have the resources to operate a SIEM or 24X7 security operations centre.

Built for Small Security Teams

CyGlass’ unique NDaaS delivery model provides enterprise-class cybersecurity at a fraction of the cost of traditional NDR tools. CyGlass is designed for operational success in any environment delivering:


100% SaaS solution with no appliance, no agents, no new on-premises software or hardware


Policy by objective with advanced AI and automation reduce overhead, increase effectiveness and use case coverage over time.


Objective policy packs and advanced AI drive automation, increasing operational effectiveness and threat detection and response.

Fast and Easy to Deploy

NDaaS From CyGlass is up and running in minutes with no additional hardware or software required. It integrates seamlessly with your existing cybersecurity tools and can be entirely managed remotely.

  • This field is for validation purposes and should be left unchanged.

Features of the NDaaS Platform

NDaaS monitors and protects network and hybrid cloud environments by extending coverage to include M365, AD Azure, and AWS services.  Incorporating activity logs into SaaS AI engine, NDaaS monitors for:

  • Authentication threats including guest user and non-MFA accounts
  • Brute force password attacks
  • Access control threats including change in privilege user accounts
  • File sharing threats including sensitive files moved to public clouds or open sharing folders

Security Information and Event Management (SIEM) tools were supposed to be the solution to the lack of visibility into the security posture of a company.

The reality is they have been too expensive and too complicated to deploy for many companies. Small IT Security teams do not have the resources to operate a SIEM. CyGlass Network Defense as a Service (NDaaS) delivers a cost-effective network detection, response, and compliance solution built for Small IT Security Teams.

Be proactive about managing the increased risks of a continued work-from-home landscape.

  • VPN Network Labeling
  • AI-Based Threat Analytics and Alerts
  • Unique Policies for Your Remote Workforce
  • Dedicated Interface for Managing Alerts
  • Fast and Easy to Deploy

Adding CyGlass Network Defense as a Service to your on-premise or cloud firewall transforms this critical border guard into an AI driven risk and threat detection and remediation machine


The CyGlass NDaaS firewall add-on connects in under 30 minutes, requires no on-promise hardware, and costs as low as $4.99 per user per month.

Together, firewall plus CyGlass NDaaS allows IT & Security teams to see risks across your network, detect cyberattacks like ransomware, and automatically remediate attacks 24X7 without the need for a SIEM.


  • Be notified when your EDR solution has not received an update or is turned off
  • Get an alert if your network backups stop or are interrupted
  • Learn about abnormally encrypted RDP and DNS tunnels
  • Know about abnormal lateral movement or after hour VPN access


  • Be informed when your network returns to normal operations
  • Machine learning captures the characteristics of the ransomware attack to further improve detection of future threats
  • CyGlass provides you with the deep knowledge of your network needed to effectively detect advanced cyberthreats.
  • Rich APIs CyGlass ingests real-time network traffic, learns your network, and establishes a baseline of normal behavior.
  • CyGlass identifies assets that have significant traffic and allows users to assign an underlying business value.
  • CyGlass uses a layered AI approach to reduce the massive volume of network traffic into Smart Alerts – prioritized by threat and risk.
  • CyGlass emulates human analyst thinking and contextualizes the nature of the threat in relation to the
    value of your assets.
  • CyGlass surfaces threats, including but not limited to command and control, unauthorized web and DNS activities, masqueraders (tunneling), credential compromise, rogue behaviors, low and slow, low and fast, insider threats, lateral movement, and data exfiltration.
  • CyGlass Smart Alerts guide analysts to focus on those emerging threats which pose the greatest risk and organizational impact.
  • CyGlass GUI provides a visual timeline mapping of the evolving threat, allowing analysts to drill down into the context of the threat for pre-emptive remediation
  • CyGlass learns from feedback provided by SOC analysts to improve the priority and accuracy of Smart Alerts.

In depth visibility and automated reports

CyGlass’ objective-driven alerts and reports enable security teams to focus on what is important, why, and what remediation action is needed to mitigate the risk or threat. Prebuilt policy objectives mean teams click a button to activate controls, AI models and reports based on organisational needs. Policies cover threats like ransomware defence, risks like rogue device identification, or regulations/frameworks like HIPAA or NIST. Security teams save both time and money with these easy-to-activate prebuilt policies.

Take the next step