Four Ways Our Customers Win With API-Driven, Bi-Directional Integration
By Gus Cunningham, SVP Strategy
A recent study finds that global organizations have anywhere from 29 – 45 security tools in place, yet half claim they no longer use many of these tools for reasons including lack of integration (42%), lack of skilled professionals (39%), and difficulty understanding how to operationalize solutions (38%). When you consider that until recently many tools were made up of closed APIs with little concern for interoperability, this isn’t surprising.
At Netography, we have long recognized that as organizations strive to detect cyber threats and defend their Atomized Network, the security stack becomes more disparate and threat actors take advantage of the complexity to execute damaging attacks. So, we decided to prioritize security interoperability from the start, with an API-driven, bi-directional approach to integration that has now been in use for more than four years.
What does this integration strategy mean for our customers?
- Integration in minutes.
Whether through an API, generic webhook, or existing portal integration, customers have an easy and flexible way to setup data communication with Netography Fusion. If no API or portal integration exists, Netography’s webhook integrations are simple to create and are reusable. Simply name the integration, describe it, and add the basic auth id (or optionally add SSL verification and header information) and you are operational. You can create connections in minutes, and label integrations using our GUI to enable point and click user access through an intuitive dashboard. We support all major network and security tools along with standard protocols and practices out of the gate. You can even add levels of security using the authentication processes you want, to control access to the Fusion Portal and to each of the integrations in a way that is acceptable to you and ensures data remains secure. As needed, custom integrations can also be created and tailored quickly.
- Orchestrated alerting.
We provide complete flexibility over how to receive alerts from the Fusion platform, including via PagerDuty, Teams, Slack, Twilio, and email. When you know you want to block or redirect suspicious traffic, these channels can offer the most efficient way to manage communication. In situations where further analysis is needed to determine the right action to take, messages and alerts can also be sent to your SIEM, SOAR, or other tools in the technology stack, for correlation with additional data so you can determine how to escalate an event within the organization.
- Remediation with scalpel-like precision.
Netography Fusion also integrates with all your routing and switching gear. You can use BGP or Flowspec for scalpel-like precision when changing thresholds and fine-tuning traffic rerouting. You have the flexibility to block or redirect traffic from bad actors via DNS mechanisms, including Route 53 and NS1. And you can also use APIs to update block lists, firewall and EDR policies, and other tools to remediate automatically or reroute traffic for further analysis.
- Context for improved decision making.
First-party context (i.e., data from within your environment) is hugely helpful to understand more fully what is happening and make better decisions about what actions to take. Bi-directional integration makes it easy to bring in data from complementary security technologies, like EDR agents that track the activity on endpoints. But you also need to make sure there’s a plan for how to make sense of this data and display it. We normalize data and provide flexibility in the way it is presented so that anyone with access to the Netography Fusion Portal can understand and make use of it.
We also bring in third-party context from a variety of sources to further enrich data at the time of ingestion. Geo, Org, Bogon, DNS, Flow Tagging, and threat intelligence details help with threat hunting and forensics across all five major cloud providers (Amazon Web Services, Google Cloud, IBM Cloud, Microsoft Azure, and Oracle Cloud) as well as your remaining on-premises equipment. Custom dashboards provide a clean way to detect cyber threats in real-time and retrospectively from within Netography Fusion or through complementary tools via API.
Our API-driven, bi-directional approach to security integration is proven to help organizations get more from their security stack and teams—and we’re not done. We designed Netography Fusion for interoperability out of the gate, and Atomized Networks continue to expand, so we’ll continue to enable your evolving ecosystem of tools with powerful yet simple integrations.