Frequently Asked Questions

Here you will find answers to the most important questions about ForeNova, our MDR solution and our services. The FAQs provide a quick overview of features, operation, support and technical requirements.

Do you have a specific enquiry that you’d like to discuss in person? Just get in touch!

About ForeNova

ForeNova is a cybersecurity company founded in Europe with a mission to make enterprise-grade Managed Detection and Response (MDR) accessible to small and medium-sized enterprises across Europe. We offer first-class protection on attractive terms by combining our strong local presence in Germany with cutting-edge technology and the expertise of our strategic partner Sangfor, a leading technology company from Asia.

Our 24/7 German-speaking SOC in Nuremberg, combined with dedicated local Customer Success Managers (CSMs), offers enterprise-level MDR protection tailored to SMEs and MSP/MSSP partners. We combine state-of-the-art technologies for endpoints, networks, firewalls, M365 and cloud workloads with global expertise and personalised support. In this way, we ensure GDPR and NIS-2 compliance, competitive pricing and seamless integration into existing environments.

Sangfor is a strategic technology partner of ForeNova. This enables us to combine high-performance technology with local, European operational and technical expertise, and to deliver high-quality MDR services from our SOC in Germany. We utilise Sangfor’s technology, adapt it to our requirements and further develop it for the European market.

Our primary Security Operations Centre is based in Nuremberg, Germany. All customer-facing communication, reporting and support is handled by our German-speaking team. To ensure continuous 24/7/365 protection, we also work on a ‘follow-the-sun’ basis with the SOC of our technology partner Sangfor in Kuala Lumpur, Malaysia.

All about MDR

Managed Detection and Response (MDR) is a cybersecurity service that helps organisations detect, investigate and respond to security incidents. It combines modern technologies such as AI and XDR with the work of a SOC (Security Operations Centre) team, which actively assesses and responds to threats. MDR bridges the gap between individual security tools and comprehensive protection, reduces the time taken to detect and respond to incidents, and helps organisations comply with the GDPR and NIS2.

No. Both are managed security services, but they have different areas of focus. MDR focuses on 24/7 monitoring, threat detection, analysis and rapid response to attacks on endpoints, networks and cloud environments. An MSSP typically covers a broader range of operational security tasks, such as firewall management, VPNs, compliance audits and vulnerability scanning. MDR is therefore particularly suitable for organisations seeking targeted threat defence and rapid response times. If you are already using an MSSP, ForeNova’s NovaMDR™ can complement it as a specialised layer for deeper detection.

EDR (Endpoint Detection & Response) and XDR (Extended Detection & Response) are technologies on which MDR is often based. MDR supplements these with a managed service provided by SOC analysts who monitor, assess and respond to threats originating from endpoints, networks and cloud environments. MXDR (Managed Extended Detection & Response) describes MDR approaches in which SOC analysts work using an XDR backend and monitor events and logs from sources that extend beyond the endpoint. Therefore, if network, M365 or firewall data is also monitored, this functionally corresponds to MXDR.

Firewalls are a key component of perimeter defence, but they have their limitations. They focus on inbound and outbound traffic and on known threats, but often fail to detect lateral movement within the network, zero-day exploits or advanced persistent threats such as ransomware, which circumvent rules. MDR complements this with 24/7 monitoring, AI-powered anomaly detection, threat hunting and expert response across endpoints, networks and cloud environments. Our SOC analysts take a holistic view of security; firewall logs are just one part of the bigger picture.

MDR provides expert protection around the clock, without you having to set up your own in-house IT security or SOC team. At the same time, MDR is significantly more cost-effective than an in-house SOC, particularly in the current European cybersecurity market, which is facing a shortage of skilled staff.

Yes. At a time when sophisticated threats such as ransomware and APTs are on the rise, MDR extends visibility across endpoints, networks and cloud environments. It lowers the risk of security incidents and reduces downtime, whilst supporting the 72-hour reporting obligation under the GDPR and the NIS-2 requirements for risk management and resilience.

  • Skills shortage in the cybersecurity sector.
  • Lack of cybersecurity knowledge and expertise.
  • A rapidly evolving threat landscape and increasing complexity.
  • Rising compliance requirements.
  • Requirements imposed by cybersecurity insurance policies.

Scope of Services

The core scope of the MDR service includes:

  • Collection of events and logs from the customer’s environment.
  • Detection of anomalies and potential threats.
  • Correlation of events/logs and threat intelligence data from various sources.
  • Investigation of incidents.
  • Notification of incidents.
  • Response to incidents within the capabilities of ForeNova technology.
  • Recommendations for remediation and future prevention.

Additional, free MDR services include:

  • Threat hunting.
  • Penetration testing.
  • Dark web monitoring.

We offer a standard package that includes the following services:

  • Core MDR functions.
  • A dedicated CSM as your central point of contact.
  • 24/7/365 operation.
  • Storage of low-level events/logs for 180 days and of incidents for the entire duration of the service.
  • Endpoint sensors.
  • Network sensors; typically, 1–2 sensors are sufficient for a standard environment; available as a software deployment or hardware device.
  • XDR proxy for connecting third-party integrations.

As standard, we offer flexible contract terms of 1, 2 or 3 years, tailored to the requirements of our customers and partners. We can customise the contract terms on request. In addition, we are planning to introduce a usage-based billing model in the future, which will offer even greater flexibility for efficient and scalable protection.

Yes. Our service is available round the clock – both technically, for example in the collection, correlation and detection of events, and operationally in terms of monitoring, response, reporting and consultancy. How incidents and potential incidents are handled outside normal business hours depends on the agreement with the respective customer, as well as on the availability of the relevant contacts on both the customer’s and ForeNova’s sides.

How it works

MDR collects data in the form of low-level events and logs, detects anomalies, correlates data from various sources, enriches potential incidents with threat intelligence, investigates incidents, notifies the relevant personnel and responds to threats.

Key features include monitoring, detection, correlation, response, notification, threat hunting, reporting and real-time dashboards available at all times.

If our SOC analysts confirm a potentially malicious incident, they escalate it to our CSMs, who immediately inform our customers via the agreed communication channel. Where necessary and possible, the SOC analysts also carry out response measures to stop the immediate threat, such as terminating a malicious process or isolating the affected endpoint from the rest of the network.

The identification of a potentially harmful incident takes place at several levels; the final decision is made by our experienced SOC team. Notification, including full incident details, is sent by email. Communication and delivery via Microsoft Teams are also available on request.

Yes. When our SOC detects a compromised endpoint, it sends an isolation command to the Lightweight Endpoint Agent via the NovaGuard Manager. This immediately blocks all incoming and outgoing network connections on the device; only the management channel to the NovaGuard/XDR Manager remains open. This stops active attacks and prevents lateral movement, whilst the endpoint remains accessible to the SOC. This means that forensic analysis, log retrieval and remote remediation remain possible. The SOC can lift the isolation; controlled reconnection is also carried out via the NovaGuard Manager.

Technology & Integrations

Our backend utilises advanced XDR, big data analytics, correlation, AI, machine learning, orchestration and various forms of automation.

Yes. ForeNova uses several advanced AI engines, including those designed to correlate and detect anomalies in large volumes of data, as well as AI-powered large language models (LLMs) that provide our SOC analysts with context and useful information during their analysis.

ForeNova uses two main types of sensor to detect events: endpoint sensors for Windows and Linux systems, and network sensors that monitor IPv4 and IPv6 network traffic. In addition, Microsoft Office 365 and third-party firewalls are supported via integrations. Currently, Palo Alto, Check Point, WatchGuard and Fortinet, amongst others, are integrated.

Firewalls from Palo Alto, Check Point, WatchGuard and Fortinet, as well as Microsoft Office 365 (M365), are currently supported.

Yes. We are constantly reviewing our integration requirements and plan to integrate further key firewall providers in the near future, particularly for the German market. The specific roadmap has not yet been finalised; we are currently evaluating integrations with solutions from Cisco, Sophos, SonicWall, Forcepoint and Lancom.

The following versions of Windows and Linux systems are supported:

Windows OS

  • Windows 7 SP1 and later (with SHA256 patch); Windows 8; Windows 8.1; Windows 10; Windows 11.
  • Windows Server 2008 R2 SP1 and later (with SHA256 patch); Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server 2019; Windows Server 2022.

Linux OS

  • CentOS v7 and later (including 7.x and 8.x).
  • Ubuntu 18.x; 20.x; 22.x; 24.x.
  • Debian v9.1.0 and later; Debian 11.9; Debian 12.x.
  • Red Hat Enterprise Linux 3.x; 8.x; 9.x.
  • SUSE 11.x; 12.x; SUSE 15.
  • Oracle Linux 5.x; 6.x; 7.x; 8.x; 9.x.
  • AlmaLinux 8.x; 9.x.
  • Rocky Linux 8.x; 9.x.
  • Alibaba Cloud Linux 2.1903 LTS; 3.2104 LTS.

Note: The list of supported operating systems is subject to change. The currently released versions are decisive; the list should not be regarded as an exhaustive list of all supported subversions.

Typical log types include processes, programmes, paths, DNS queries and IP information.

Typical log types include application data such as HTTP, DNS and FTP, as well as TCP/IP data for IPv4 and IPv6, domains and URLs, network alerts and IP information.

Microsoft log data is collected, including audit information, email information and configuration checks.

Yes. All communication between agents, sensors, the proxy and the platform takes place via secure HTTPS protocols. We use encryption with TLS 1.3 or higher, mutual authentication using certificates, and integrity protection against interception and tampering.

Deployment

Deployment is non-disruptive and does not require the replacement of existing solutions. Depending on your requirements, our team will assist with the installation of endpoint and/or network sensors within your environment and connect them to the MDR platform.

The endpoint sensor (NovaGuard Agent) supports Windows and Linux and can be installed either individually on endpoints – for example, via an offline installation or a download link – or, in large environments, via bulk installation, for example via Active Directory, desktop management software, integrated internet access control systems, virtual machines or a Linux bulk installation tool.

The Network Sensor (NovaSensor) is available both as a software sensor and as a hardware device. A SPAN port is used to monitor traffic; the hardware device is designed as a simple plug-and-play system.

Data & Compliance

The data is always processed in our proprietary XDR backend and stored in our data centre in Frankfurt. For human-led MDR processing, we operate our own SOC in Nuremberg and also utilise an SOC in Kuala Lumpur, Malaysia. All data flows are fully disclosed and certified to ISO 27001. The data collected from customer environments for analysis never leaves Germany; it remains in our data centre in Frankfurt.

NovaMDR™ collects, processes and stores data at the ForeNova data centre, specifically at the Equinix site (Equinix FR7) in Frankfurt.

All data – such as event logs – collected by the ForeNova sensors is stored in our proprietary data lake at a data centre in Frankfurt and does not leave Germany.

We collect only endpoint events and network logs; we do not collect actual content such as documents. The data collected is analysed for anomalies in our XDR backend and stored in our data lake in Frankfurt.

Original logs – such as events recorded by endpoint sensors – are retained for 180 days. Service data is stored permanently for the entire duration of the service, for example incidents, reports and other objects generated as part of the service. Customer data is retained for 30 days following the expiry or termination of the contract.

At present, the retention periods for data categories are set globally; all customers are subject to the same data processing arrangements. However, ForeNova is always open to listening to your requirements and considering them carefully.

In every NovaMDR™ component, all data artefacts are assigned a unique customer ID. This ensures that your data is completely separated from that of other customers, and that only your data can be accessed, viewed, retrieved or deleted at any one time.

Our endpoint and network sensors collect logs at the endpoint and network levels and send them securely to our XDR backend for analysis and storage. Our M365 connector retrieves Microsoft logs via the public API once the integration has been set up. Our XDR Proxy collects logs from third-party solutions, such as firewalls, once the integration has been set up.

Yes. The GDPR gives you the right to receive a copy of your data. You may also request that it be deleted once you have received it. We arrange secure data transfers on a case-by-case basis. The data format may vary depending on the source; for example, raw logs in their original format or platform exports in JSON for greater portability. Reports are usually provided as PDFs. As a data processor, ForeNova works with you to find a solution that suits both parties.

As part of our turnkey service, the first request for a data copy or deletion is included in your NovaMDR™ subscription. Additional or multiple requests require separate consultation and a cost estimate based on your specific needs.

Yes. The GDPR gives you the right to have your data erased.

ForeNova first identifies all instances of your data within our components and sub-components. We then apply an overwriting process in which software algorithms overwrite all storage sectors on HDDs or SSDs with meaningless characters such as 0s and 1s to ensure secure deletion.

Yes. We can provide a company letter by email containing the timestamp of the deletion and the methods used. This document serves as a deletion certificate for audit purposes.

Ongoing partnership

We work closely with our customers and partners and listen to their requirements, needs and use cases. Our internal processes are continuously optimised, and our product management team works closely with our technology partner to develop new features specifically tailored to the requirements of the European market.

Requirements and feedback are continuously gathered from various sources, such as customer feedback, tenders, RFIs and market trends, and are analysed by the product management team. Where possible, they are incorporated into the development process in collaboration with our R&D team.

Our aim is to achieve the highest level of customer satisfaction and a renewal rate of almost 100 per cent. However, should NovaMDR™ no longer meet your needs, your Customer Success Manager will arrange a smooth transition. Access to the Customer Security Portal will end at midnight on the last day of the subscription period; please download all reports and data beforehand.

No-obligation consultation

Have we not been able to answer your question?

Please get in touch with us or speak directly to one of our experts.