More than a Data Store. An Intelligent Approach to Flow Data Usage
By Matt Wilson, VP Product Management
Managing and mining massive volumes of data for business-relevant intelligence is a problem I’m quite familiar with and help customers sort through on a regular basis for the purpose of network security and visibility. There are various ways to solve this problem. The most traditional approach has been to send all your network traffic flow and log data to your data store or data lake in whatever format it comes in, and then write queries against that for threat detection, behavior detection, visualization, and a number of other activities. But security operations center (SOC), cloud operations, and network teams soon encounter several problems.
Lack of data standardization. Especially in the world of cloud flow data, there is some degree of standardization, but it is not global. So, the type of data, how that data is captured, and level of visibility each cloud provider offers varies. Unless users are intimately aware of those differences, it’s impossible to really know which differences matter and if they’re substantial. Users have to figure it out for themselves, understanding which fields are important and then connecting the dots between how one field is calculated, what it means, and the equivalent field in other flow data sources. Suffice it to say, this is no easy task and can greatly complicate a user’s effort to make sense of their network metadata.
Getting answers can often take hours. Data stores bring in data “as is” and make sense of it on the way out by putting the onus on users to build logic into the query. Depending on how complex that query is and the number of disparate data sources that have to be pulled together, it can take hours to get answers. Customers have told us that with certain platforms they used in the past, they would have to run reports nightly, which doesn’t work when you need to know now what’s happening in your environment.
Visualizations suffer. When users have to bring their own intelligence and all the information processing happens in the front end, how that data is presented leaves a lot to be desired. It’s impossible to get tailored, meaningful views on the fly when the data hasn’t been pre-sorted and normalized on the back end.
Security teams are stretched even further. Each of these challenges is exacerbated by the cybersecurity skills shortage. Most organizations don’t have people sitting on the bench and available to do this type of work, nor should they have to. SOC, cloud operations, and network teams just want to solve problems. Requiring them to be experts in every single platform and every single type of flow data to get the information they need to do their jobs is a waste of their time and talent.
Don’t misunderstand me. Data stores have their purpose, but when it comes to enabling scalable, continuous network security and visibility of the Atomized Network, Netography has created a simpler and more powerful approach tailored to this market need.
Netography Fusion®: A tailor-made experience
We believe that customers should be able to focus on the problems they want to solve, and the Netography Fusion platform should provide the answers. The approach we have chosen to take is to deeply understand our customers’ problem sets and build the back end and front end to solve those problems and do it uniquely. So, we learned about all the variations in all the different flow logs – cloud and on-prem – including the type of data provided, the format, and timeliness, as well as which fields are important, and which are irrelevant.
We built that knowledge into the platform, aggregating and standardizing this data as it comes in, which optimizes query performance, even for the most advanced queries. And we make that data available using the same, simple Netography Query Language (NQL) across every component of a customer’s Atomized Network. NQL is easy to learn, and customers can get the answers they need in minutes for both real-time and historical use cases including threat and behavior detection, threat hunting, as well as compliance and audit responses. The way we’ve designed and optimized the platform also makes our visualization much faster and gives us the flexibility to build intricate and tailored views that are meaningful. Everything a customer needs for the problem they are trying to solve is presented in a single pane of glass and easy to interact with through our extremely responsive UI.
Guided by the customer experience we want to provide, we’ve also designed Netography Fusion so it’s quick to get started. As a SaaS-based universal platform, just send us your data and come to us with the questions you need answered. We offer built-in queries, or you can quickly create your own or work with us to build them. With our intelligent approach to aggregating, normalizing, and storing data in manner tailored to what you need to get done, we’re confident you’ll find that Netography Fusion scales better, performs faster, and presents information in a more useful and intuitive way than a generic approach.