Accelerating Threat Detection and Mitigation with Wiz + Netography Integration
By David Meltzer, Chief Product Officer, Netography
Industry-leading organizations have invested in Wiz as the core of their cloud security programs. The Wiz Cloud Security Platform offers an extremely powerful way to discover and resolve cloud security risks at the infrastructure and application levels. It identifies and prioritizes cloud security risks across infrastructure, surfaces issues earlier in the SDLC to prevent vulnerabilities from reaching production, and detects real-time threats in your cloud environments.
Netography’s enhanced partnership with the Wiz Integration Network (WIN) provides a unified view of your cloud security risks and potentially malicious communications with at-risk assets in your cloud environments. The Fusion platform offers additional ways to use Wiz data in your security program to strengthen protection across your multi-cloud environment. Here’s how:
Closing the monitoring gap
Networks still exist in the cloud, and network monitoring is essential to detect anomalous activity, such as an attacker’s lateral movement between cloud assets. However, organizations often find security gaps in monitoring cloud assets that their traditional network monitoring and on-prem network security tools cannot address. This leaves them open to attack, including ransomware, supply chain compromise, and cyber espionage.
Netography’s core capability is multi-cloud network security and observability, which address the monitoring gap. The Netography Fusion® Platform complements Wiz Cloud, enabling you to see your cloud assets, what they are doing, and what’s happening to them from a network perspective.
Wiz data provides valuable context about cloud assets that Fusion leverages for enriched network observability to detect and alert you to security threats across your multi-cloud network. This includes unauthorized access attempts and lateral movement, unusual communication patterns, data harvesting before exfiltration, internal misuse and policy violations, network scanning and enumeration, unusual data transfer rates and protocols, configuration errors, and network mismanagement.
Vulnerabilities, exposures, and issues
The first phase of our integration focused on providing enhanced network monitoring for vulnerabilities identified by Wiz. We’ve expanded our integration to include network monitoring for exposures and issues Wiz detects. Let’s take a more detailed look at these three types of risks Wiz identifies.
- Wiz simplifies vulnerability management by telling you which assets in your multi-cloud environment have vulnerabilities and the severity of any vulnerabilities. It provides a range of vulnerability data, including the total number of vulnerabilities in each cloud asset, CVSS ratings and scores, and CVE IDs, to help inform vulnerability management processes.
- Wiz tells you about the exposure paths of cloud resources attackers can use to access the environment (e.g., publicly facing cloud assets or cross-cloud accounts). Unlike vulnerabilities, which may or may not be critical depending on the system impacted and its location in the environment, exposures present critical risks. Leveraging network path analytics, Wiz identifies when cloud resources are accessible to an attacker and provides path details to help with prioritization, investigation, and mitigation.
- Issues in Wiz include misconfigurations, such as enabling guest access and forgetting to disable it, or exposed secrets identified in your cloud environment that represent active risks or threats. Wiz provides detailed information to help you understand and remediate risk.
Complementing application monitoring with a network perspective
Once you know about a vulnerability, exposure, or issue that exists within a cloud asset, the next thing you want to know is if anyone has tried to exploit it. That’s where integration with Netography Fusion comes into play.
As a 100% SaaS platform, Fusion can start ingesting vulnerability, exposure, and issue data from Wiz in minutes. Teams now have a single console that accelerates and simplifies detecting and mitigating anomalous and malicious network activity on vulnerable, exposed, and misconfigured assets in real-time across multi-cloud environments.
Teams can:
- Create custom dashboards focused on the network activity related to assets with vulnerabilities, exposures, and issues identified by Wiz.
- Look back in time forensically to see network activity to determine if an asset has already been exploited and initiate an investigation. This is critical for zero-day vulnerabilities that may have existed for weeks, months, or years before they were discovered and made public.
- Start immediate, real-time enhanced observability of at-risk assets to identify anomalous or malicious activity that may occur during the high-risk period between discovery and the completion of patching or reconfiguration.
- Create custom escalation workflows to accelerate response, such as sending higher-priority detections directly to the SOC or a designated SIEM.
- Build custom detections based on asset context ingested from Wiz.
Increased security effectiveness
An effective security program reduces risk, including Mean-Time-to-Detection (MTTD) and Mean-Time-to-Repair (MTTR). The longer it takes to find and fix a security threat or risk, the greater the damage and costs associated with the breach to the organization. In a ransomware attack, once data is encrypted and/or stolen, the costs snowball – as much as 1,000 times higher than if an incident is not detected and contained early. Netography fills a costly gap in monitoring for organizations that reduces their ability to detect and investigate compromises, leading to increased dwell time.
We’re extremely excited to deliver this enhanced level of integration with Wiz, which will help Wiz customers increase the value of their investments and strengthen security across their multi-cloud environments.
Want to see it in action? Contact us for a demo or start your free trial.