Netography Fusion Enhancements Give SOC, NOC, and AIOps Teams Faster Detection and Response to Anomalies and Threats, Automated Context Label Creation
By Patrick Bedwell, Head of Product Marketing
One of the primary reasons why our customers rely on the Netography Fusion platform is for its ability to accelerate detection and response workflows of security, network, and cloud operations teams.
We engineered Fusion as a 100% cloud-native network defense platform that provides real-time visibility into activity across your Atomized Networks that the other tools in your tech stack miss. Its automated monitoring and detection enables you to eliminate many of the manual processes you perform attempting to collect, normalize, and analyze network activity looking for anomalies and threats, freeing up your teams to perform higher-value activities.
This continuous detection of activity means that you can investigate and remediate anomalies faster and with unmatched awareness, thus reducing the risk of operational disruption.
The latest Fusion platform release improves your teams’ ability to accelerate and simplify their detection and response workflows, putting time back in their day:
- New response integrations enable your Security Operations Center (SOC) and AI Operations (AIOps) teams to automate workflows and shorten Mean Time to Respond (MTTR)
- Network Operations Center (NOC) teams now have the ability to create context labels automatically to provide better visibility of asset activity and improve asset management
To accelerate your SOC teams’ ability to respond faster to potentially malicious activity, we have added integrations with three SIEM vendors: Big Panda, Panther, and Splunk.
These integrations enable you to quickly add high-fidelity alerts on potentially malicious activity to your detection, investigation and incident response workflows directly from the Fusion console. Then, armed with these alerts, your SOC team can significantly reduce the volume of alerts from other sources they have to sift through and analyze, looking for signs of malicious activity across your Atomized Network.
Another integration we delivered this week benefits AI Operations (AIOps) and other IT Operations teams that use Sumo Logic to monitor their applications and infrastructure. Fusion enables you to create real-time alerts for anomalous activity and add them automatically to your workflows. Fusion’s ability to detect anomalies that your other tools miss means you will respond faster and more effectively to anomalies.
Context Creation Models
The other enhancement to call out in this month’s release is the ability customers now have to create context labels automatically with our new Context Creation Models (CCMs). CCMs use the same methodology as our Netography Detection Models (NDMs), with the difference being that instead of generating an alert when the activity matches the specific criteria, the CCMs generate context labels.
By creating labels automatically, you can significantly reduce the time-consuming manual processes you currently use to identify and label assets or groups of assets. For example, you can create a CCM to identify all devices communicating via port 443 with a traffic volume over a specific packets per second (PPS) volume and label them web servers. Then your operations team can spend its time removing any previously unknown rogue web servers rather than sifting through network logs and old asset management tables to attempt to identify rogue web servers.
Start Accelerating Your Response Today
If you’d like more information on integrating Netography Fusion with your monitoring, detection, and response workflows across your mult-cloud and on-prem environments, contact us for more info, a demo, or to get started with a trial.