Skip to main content

Netography Fusion Detection Capabilities

Detection Engineered for Your Hybrid Multi-cloud and On-Prem Network

Netography Fusion® is a cloud-native Network Defense Platform (NDP) that provides real-time detection and response to anomalies and threats across hybrid, multi-cloud, and on-prem networks from a single console without deploying sensors or taps.

Free from Limitations of Legacy Technology

Fusion is a 100% SaaS platform that eliminates the need to deploy outdated appliance-based or packet-based detection technology. Those tools create significant gaps in your ability to detect anomalies and compromises due to:

  • The inability to deploy sensors or taps everywhere in your network to monitor traffic due to the high cost
  • The pervasive use of encryption as organizations embrace Zero Trust that blinds inspection-based tools.

Fusion, because it is engineered for your multi-cloud and on-prem network, closes critical detection gaps caused by single-purpose legacy tools originally designed for use solely in on-prem networks with siloed tech stacks and isolated teams.

Comprehensive Visibility Using Enriched Metadata

Fusion provides unified detection, investigation, and response to anomalies, threats, and misconfigurations across your multi-cloud and on-prem networks. Fusion analyzes enriched metadata, enabling you to see what your devices, users, applications, and data are doing and what’s happening to them in real-time.

The Fusion platform ingests metadata from your multi-cloud and on-prem network, including all five major cloud providers (Amazon Web Services, Microsoft Azure, Google Cloud, IBM Cloud, and Oracle Cloud) and the physical and virtual devices you have already deployed (including NetFlow, sFlow, and IPFIX flow data).

It then enriches that metadata with context labels and tags from your cloud and on-prem applications, devices, and services. These labels and tags include dozens of attributes that are included in the high-fidelity alerts the Fusion platform generates, eliminating the need for your analysts to launch queries in other tools or consult with other teams as they investigate and respond to the alert.

Fusion detects anomalous and malicious activity with Netography Detection Models (NDMs). You have complete flexibility to customize Fusion’s preconfigured NDMs as well as create your own NDMs. Netography’s Detection Engineering team continuously creates new NDMs as well as updates existing detection models to identify new threats and variants of existing threats. 

You can eliminate delays in detecting active threats by searching billions enriched and normalized flow logs in real-time. And, for greater response effectiveness, multiple teams can utilize a single NDM to launch diverse response workflows, ensuring all teams have access to the same critical alerts.

“A lot of vendors were trying to sell me this full deep packet inspection that I didn’t need, and at a cost I wasn’t willing to pay.”

– Branden Wagner
Head of Information Security, Mercury

Take a Self-Guided Tour

See Netography Fusion in action

Take a Tour

Types of Activities Fusion Detects

Compromises & Threat Hunting

The Fusion platform enables your SecOps teams to detect, investigate, and respond to suspicious or malicious activity anywhere in your network in real-time.

You will see when threat actors are targeting your assets and are active in your network. You can also hunt for IoCs that have previously evaded detection by your legacy security stack, and limit the scope of damage by reducing the dwell time of any threat actors. 

The Fusion platform continuously analyzes the enriched metadata it ingests from across your network, giving you unmatched awareness of unwanted activity.

Fusion provides a single platform to monitor activity from your on-prem network to your multi-cloud workloads, intra-cloud activity, as well as cloud to on-prem, including: 

  • C&C activity
  • Beaconing
  • Communicating with unusual assets / services
  • Downloading of malicious content including ransomware
  • Anomalous lateral traffic from internal systems 
  • Data harvesting & storage internally (pre-exfiltration)
  • Data exfiltration 
  • Cryptomining


Your NetOps and Governance teams can detect, investigate, and respond to issues related to violations of internal policies, regulatory requirements, or industry best-practices in real-time. 

Fusion enables you to validate that your Zero Trust other policy implementations and enforcements are working as intended across your hybrid network. You gain real-time awareness of the activities of your devices, users, applications, and data all from a single console, enabling you to respond to policy violations immediately.

Fusion unifies governance across all multi-cloud, and on-prem environments to enable continuous monitoring, validation, and enforcement of trust boundaries in real-time (not just during periodic audits).

Fusion can detect anomalous and malicious activity related to governance, including: 

  • Network segmentation violations (such as PCI DSS, GDPR, etc.)
  • Zero trust violations
  • Communication with embargoed nations
  • Social media violations
  • Use of obfuscation technologies (e.g., Tor, VPN, etc.)

Activity Targeting Vulnerable Cloud Assets Detection

The Fusion platform can ingest vulnerability data from the Wiz platform, giving your SecOps or CloudOps teams value in three ways: 

1. Real-time detection of anomalous or malicious activity targeting your vulnerable cloud assets. The Wiz integration accelerates the detection of any current or past attempts to exploit unpatched vulnerabilities in your cloud assets.

  • After being notified of a new vulnerability present in your cloud assets, you can immediately begin continuously monitoring all vulnerable systems for signs of targeting or compromise, until you have remediated the vulnerability.
  • You can also analyze past activity related to vulnerable assets, to identify potentially compromised assets.

2. Accelerated investigations with critical insights at your analysts’ fingertips. The Wiz integration eliminates the need for you to pivot between multiple consoles or teams to monitor, investigate, and remediate potential compromises of vulnerable cloud assets.

  • You can understand the vulnerability state of an asset you are investigating without leaving the Fusion platform (such as an AWS EC2 instance that has only ever communicated to the corporate network that is now making a new outbound connection to China). 
  • With the vulnerability state included in the Fusion platform as a context label, you save time when investigating and responding to anomalous network activity originating from a cloud asset. You don’t have to pivot to use another tool to provide more context or involve another part of the security team to learn about a system’s vulnerability status.

3. Simplified monitoring of your most vulnerable cloud assets. The Wiz integration enables you to create custom policies and workflows using the Netography Query Language to save your investigation and response teams’ precious time.

  • Creating dashboards focused on activity to and from the most vulnerable assets (e.g., vulnerable to an active exploit targeting vulnerabilities with a CVSS rating of “critical”) to know if they become the source of malicious activity.
  • Creating a custom escalation workflow for malicious network activity, such as potential network scanning or data exfiltration when the source is a highly vulnerable asset.
  • Building custom detections that include the vulnerability state of the asset.

Take a Self-Guided Tour

See how Netography Fusion works