Skip to main content
Blog

Frictionless Detection, Immediate Insights: The Netography Experience

By December 16, 2024No Comments

Frictionless Detection, Immediate Insights: The Netography Experience

by Mal Fitzgerald

As a sales engineer at Netography, I get the opportunity to show organizations what the Netography Fusion® platform can do for them. Within the first few minutes of a demo, security teams literally see what they’ve been missing. I’m referring to security hygiene issues they didn’t realize they had that exposes their organization to risk. When we spend a little more time with the Fusion platform, they can see indications of lateral movement or data exfiltration that strongly suggest behavior tied to a ransomware campaign or other malicious activity worthy of investigation.

The speed and simplicity of seeing your data in the Fusion platform create these a-ha moments by enabling something we call “frictionless detection”. Here’s how it works.

Frictionless deployment, flow logs, and ease of implementation

Fusion’s 100% SaaS architecture means you can deploy the platform in your multi-cloud or hybrid environments without the burden of sensors, agents, taps, or probes. 

In the cloud, Netography requires no virtual sensors for you to spin up, manage, pay for, point traffic to, and validate. The frictionless nature of our deployment is in sharp contrast to legacy vendors’ approach that brings their appliance-based models to the cloud. For example, if you were to go down the path of deploying NDR in the cloud, you would find that the cost and complexity of additional infrastructure, bandwidth, and management adds up quickly. The planning required can add weeks or months to the timeline, and you would still lack visibility into lateral movement, traffic going between clouds and back to on-prem networks, and areas of the network where access prevents deployment. 

To see Fusion in action in your cloud network, simply turn on flow monitoring for the VPCs or subnets in your environment. Next, point those flow logs at your cloud storage (Amazon S3, Azure Blob, etc.), allow permission to the Fusion platform to retrieve that data, and you’re done. 

For on-prem environments, the process is equally frictionless: point flow logs from your data sources (i.e., routers, switches, and firewalls) to your Netography portal destination. 

So, what does Fusion enable you to see? Netography customers go from network blindness in their multi-cloud or hybrid architectures to full visibility into their valuable network telemetry in less than an afternoon. 

Frictionless detection

The ease of implementation immediately leads to frictionless detections. The visibility delivered from this network telemetry allows your analysts to look for malicious activity and signs of compromise both east-west as well as north-south in your ever-expanding multi-cloud or hybrid deployments.

The first a-ha moments happen when Fusion exposes issues with security hygiene. 

Your analysts gain visibility into externally available resources across your entire environment that accept inbound connections from protocols that are prone to manipulation. These include:

  • RDP or VNC connections used to gain remote desktop access and can bypass internal controls.
  • SSH, which typically requires a rule to allow access. 
  • Telnet, which is insecure and usually restricted.
  • HTTP, which is typically only used outbound.

In the other direction, your analysts can also see outbound connections from your network that create cause for concern, including: 

  • RDP or VNC connections over which data exfiltration can occur.
  • Outbound printing, i.e., print jobs being sent past the network.
  • Devices connecting to other VPNs or to Tors, thereby trying to bypass all of the security protocols your team has put in place.

When your teams see this anomalous traffic during a POV or trial, they immediately suspect your sensitive data is at risk, block this activity, and investigate.

Beyond the initial findings

Digging deeper, the anomalous activities your teams observe in Fusion could indicate trust boundary violations or communication patterns that align with stages of active ransomware campaigns or other threat actor activity and are worthy of investigation. 

We work with customers to enrich flow data with operational context, providing details on the specific devices, users, applications, and data impacted for a more nuanced understanding of what’s normal and what’s not. Customers have a complete picture of what is happening to detect suspicious behavior and initiate response workflows in real-time. 

Additionally, Netography customers have access to hundreds of customizable detection models that alert them to security threats in their environment. This includes a growing number of detections with auto-thresholding capabilities specifically to improve detection and response to ransomware.  

Fusion is uniquely architected to create these a-ha moments. You can start to experience them immediately thanks to its frictionless detection. When there’s nothing to deploy to gain real-time visibility everywhere you need it and accelerate response, you have a powerful and practical way to protect your multi-cloud or hybrid environment

Tired of blah and want a little more a-ha? Sign up for a free trial. Or contact us for a demo.