How Netography Fusion^® Works

How It Works

Ingest

The 100% SaaS Netography Fusion platform aggregates and normalizes metadata collected from your multi-cloud and on-prem network, including all five major cloud providers (Amazon Web Services, Microsoft Azure, Google Cloud, IBM Cloud, and Oracle Cloud) and the physical and virtual devices you have already deployed (including all forms of flow data: NetFlow, sFlow, and IPFIX).

For those organizations that require an added layer of security before sending their flow data to Fusion, they have the option of deploying NetoFlow Connector software that supports buffering, filtering, downsampling, and an HTTPS connection.

There are no additional components to install. Fusion ingests metadata from your existing tech stack, eliminating the additional cost and complexity of other approaches.

Enrich

Fusion automatically enriches the metadata with additional context labels and tags, including source autonomous system information, GEO location information, bit rates, packet rates calculations, destination autonomous number and DNS lookups, and next hop information. It also incorporates context labels from Active Directory, asset management, CMDB, EDR, NDR, XDR, and vulnerability management systems, including last user, asset owner, MAC address, asset classification, agent version, group, vulnerability count, and CVSS rating and score.

Detect

Fusion detects anomalous and malicious activity with Netography Detection Models (NDMs). You have complete flexibility to customize Fusion’s preconfigured detection models as well as create your own models. Netography’s Detection Engineering team continuously create new NDMs as well as update existing models to detect new threats and variants of existing threats. For greater response effectiveness, multiple teams can utilize a single NDM to launch diverse response workflows, ensuring all teams have access to the same critical alerts.

Investigate

With Fusion’s tagging and context labeling, your teams can quickly visualize activity by application, location, compliance groups, or any other scheme. They can accelerate response time by quickly pivoting between dashboards to identify and investigate anomalous or malicious activity. They can also utilize the “look back” feature to see up activity for up to a year prior, to understand the scope and duration of the activity.

Respond

The Fusion platform enables you to implement a range of response workflows quickly, including within the Fusion platform directly, or via built-in integrations with a range of technology partners, including EDR, NDR, and XDR systems, and SIEM/SOAR platforms. Well-documented RESTful APIs give you the ability to automate workflows with your tech stack as well, and Fusion also supports Terraform to enable you to automate the ability to provide visibility and control for scaling infrastructure.

Netography Query Language^®

Netography Query Language® (NQL) is a powerful tool that enables analysts or operators to search enriched flow records by creating and saving custom algorithms. 

You can create custom searches to rapidly analyze, investigate, and respond to anomalous or malicious traffic or incidents. You can also use these custom searches to create automated alerts and remediation workflows to meet your unique requirements.

With NQL you can isolate and analyze specific traffic, geo activity, threat actors, configurations, and more in seconds. It delivers the industry’s most granular and flexible flow record search capability, enabling you to create custom searches and alerts quickly and apply them to new or built-in dashboards.