Speed Up Forensic Analysis and Close Visibility Gaps
Map the scope and impact of any incident with comprehensive observability
When a security incident occurs and your security operations and incident response (IR) teams try to reconstruct the event timeline or map the scope of the event, they often cannot because of the lack of historical data. They have only partial visibility of network activity because your monitoring technology has not kept up with the evolution of your multi-cloud and on-prem network.
The Netography Fusion® platform gives your SecOps, NetOps, CloudOps, and IR teams a singular view of all network activity. It enables your analysts and investigators to conduct detailed forensic analysis of East/West and North/South activity between and within cloud platforms and cloud to on-prem after a security event such as a data breach.
Examples of incident investigation activities the Netography Fusion platform supports:
- Hunting anomalous activity in network traffic to expose the timeline of events
- Mapping the scope and impact of the security incident, including devices and workloads accessed, in hybrid and multi-cloud environments
- Tracing the digital footprint of the threat actor, including compromise location and subsequent East/West movement
- Understanding the techniques used by the threat actor to move across the network
- Analyzing volumetric attacks (e.g., bots or flooding) to provide network evidence backed by traffic records
Accelerate incident investigation with comprehensive observability
Too many organizations lack the ability to quickly and effectively investigate anomalous or malicious network activity in their network. They waste their limited time trying to analyze non-normalized data from a few sources, preventing them from reconstructing the full chain of events in weeks or months.
Your investigation team has access to all network activity across your modern network, including IT, OT, and IoT devices at their fingertips. The Fusion platform aggregates and normalizes your network metadata before enriching it with context from your tech stack, saving you time.
Netography Fusion’s automatic, budget-friendly retention of network traffic data provides a complete picture of past activity on your modern network. You have the flexibility to determine the data retention schedule to meet your policy requirements.
No matter how large your network is, Netography Query Language (NQL) is a powerful search technology that enables you to search billions of enriched metadata records in seconds from a single console.
Reduce workload on investigators with enriched metadata
Trying to map each stage of a breach or other security incident without a detailed understanding of the value of each asset involved is an exercise in futility.
Fusion’s context-enriched metadata provides the critical insight you need to understand the significance of the devices, users, and applications involved. It incorporates context already contained in applications and services in your existing tech stack, including asset management, configuration management database (CMDB), endpoint detection and response (EDR), extended detection and response (XDR), and vulnerability management.
Using context, the Fusion platform transforms the metadata in your network from a table of IP addresses, ports, and protocols into enriched metadata that provides context-rich descriptions of the activities of your users, applications, and devices.
The result is that you don’t have to access additional tools or engage with other teams as you measure the scope of the event to understand the significance of the devices involved.
Frictionless architecture deploys in minutes
Most security operations centers (SOCs) lack visibility of all activity across their hybrid or multi-cloud networks, creating blind spots that emerge only during the incident investigation process.
The Fusion platform enables you to close blind spots before a crisis hits and you realize the critical historical data you need doesn’t exist. Fusion is cloud-native and its 100% SaaS, frictionless deployment model means you can monitor any segment or instance across your cloud and on-prem network at any time (including places you can’t or don’t want to deploy an appliance or agent, such as OT or IoT).
You’ll begin to visualize network activity almost immediately without the burden of sensors, agents, or taps. You get unmatched awareness from orchestrated and normalized metadata collected from your multi-cloud platforms as well as on prem network.
Fusion Capabilities Include:
- Search Billions of Flow Log Entries in Seconds
- Flexible Data Retention Policies
- Comprehensive Network Visibility Across On-Prem and Multi-Cloud Environments
- Forensics-level analytics of application, protocol, or volumetric DDoS attacks
- Powerful Searches with Netography Query Language (NQL)
- User-Customizable Netography Detection Models (NDMs) and Context-Creation Modules (CCMs)
- Context-Rich Metadata Eliminates Need for Additional Research
- SOC 2 Certified