Cloud security: Unlocking the power of network metadata
By Dan Murphy
Co-Founder and CTO
If you’ve been reading our blog, you probably know that at Netography we believe that packet acquisition is dying for a number of reasons. Enterprises face headwinds including encryption and the rapid adoption of Zero Trust as well as compliance and privacy concerns. Additionally, in today’s Atomized Networks appliances won’t be viable much longer and you can’t run an agent on everything. Traditional on-prem network detection and response (NDR) tools have to be retrofitted to support the cloud, introducing scalability, cost, and manageability challenges.
Some NDR vendors are using traffic mirroring which is extremely difficult to setup and configure across a large, distributed cloud footprint and still relies on packet capture. Others are beginning to acknowledge that capturing cloud flow logs is necessary for threat detection and response in the cloud. But they are in the early stages and these integrations aren’t easy, so their offerings are extremely limited.
When we founded Netography, we recognized the headwinds were only going to get stronger, so we decided to tackle security for the Atomized Network from a different angle. By using metadata in the form of flow data, not packets, we provide customers with complete network visibility across their entire network infrastructure – on-prem and cloud. This includes visibility into threats, misconfigurations, and new services and devices. What does this mean for companies that choose Netography? Here are three key takeaways:
- Your options are open. For more than three years we’ve integrated with and can pull cloud flow logs from all five major cloud providers: Amazon Web Services, Google Cloud, IBM Cloud, Microsoft Azure, and Oracle Cloud. This means our customers’ options are open – they aren’t locked into one vendor. If customers switch cloud providers or operate in a multi-cloud environment, they won’t lose visibility. In addition to cloud flow logs, we also ingest on-prem flow types, which is important since 67% of IT professionals view hybrid cloud as their permanent destination.
- Data is actionable. No cloud flow log standards exist so each cloud provider offers a version of flow logs with differences in the type of data provided, the format, and timeliness. This creates a huge normalization challenge that requires a deep understanding of the data each cloud provider supports and creativity to make it useable. We aggregate all the different cloud flow types and normalize them so we can operate on them with a common functionality set in a timely fashion. Customers can take action in the same workflows they are used to without having to switch between different consoles and tools.
- Improved decision making. Any time you do threat detection, the more context and intelligence you have to compare and analyze, the better your ability to focus on what’s happening on your network, which is why real-time enrichment is so important. Netography enriches data at three different points: at ingest time, alert time, and at query time. Our enrichment is also multi-dimensional across multiple sources and source types, including from our own Threat Research Team so we can provide context other vendors can’t. This allows us to magnify the data set, typically by 5 to 10x, for added richness and improved decision making,
Netography grew up developing technology that allows companies to take advantage of the cloud as a great enabler without struggling to defend it. From detecting threats to misconfigurations to new services and devices, we close the giant visibility gap and eliminate complexity across cloud, multi-cloud, and hybrid environments, so security and network operations teams can better protect their expanding enterprise networks.