Contextual Awareness in Network Detections
By Mal Fitzgerald, Sales Engineer
As a lifelong New Englander, you can be assured that I love sports. Football, baseball, basketball, hockey, I will watch it all. Shoot, I’ve even watched water polo simply because I turned on the sports channel at just the right time. As it turns out, Boston College has a water polo team.
Additionally, I’ve been in tech almost as long as I’ve loved the Red Sox. Over that time, one of the main things I’ve come to learn is that not all situations are created equally, and the context of the situation tends to be the biggest determining factor.
So let’s use a sports analogy for a moment.
It’s the bottom of the 9th, the game is coming up on its fourth hour, and the last two innings alone have taken the better part of 90 minutes. The bases are loaded, and the Red Sox star slugger is at the plate, having run the count to 3 and 2, while fouling off 10 pitches. The opposing pitcher is sweating, having thrown every pitch he has without finding a way to get the slugger out.
You’re on the edge of your seat, right? Can’t wait to read what happens next right? Right?
The Red Sox are losing 17 to 1.
That one little piece of context completely changes the level of concern. As a matter of fact, you just switched the channel and are now watching Boston College water polo. You’ve moved on based on the context of the situation.
We’ve taken the same approach here at Netography. Your network is unique to you, it has its own challenges and security concerns. So why shouldn’t you be able to take that uniqueness and address it in your network monitoring tool? Why should you be forced to accept a vendor’s hundreds of out-of-the-box detections without a way to tweak them to your own environment? And by tweak, I don’t mean on or off – or setting discards or higher thresholds. Truly tailoring the detections to match what we know about our environment.
In your environment today you have multiple tools that contain a wealth of contextual information about the assets running on your networks, whether those assets are in the datacenter, remote sites, or even in a large public cloud provider. This context can come anywhere from endpoint software like CrowdStrike and SentinelOne, to CMDB applications, to cloud providers and CSPM tools such as Wiz, and lastly the good old, bring your own personal spreadsheet.
At Netography, we know you have this context in numerous buckets and we also are aware that utilizing that context in your monitoring tools can be the difference between digging into a detection that could have a long-lasting effect on your brand or spending three hours on a concern that had no blast radius.
There’s no need to waste time watching the game when it’s 17 to 1, even my Red Sox aren’t coming back from this one.