Netography Fusion Advances Network Security and Visibility with Multiple Updates
By William Toll, Sr. Director, Product Marketing
As we announced earlier, today we announced the release of several new features of our Netography Fusion® platform, focusing on new functionality and a new customer experience. The latest release was a huge endeavor by our engineering, UI/UX, and product teams, and we put together this blog to give you a bit more detail on the capabilities and use cases.
The wide use of tags and labels with a taxonomy built on context continues to enable teams to have better, faster analysis, decisions, and reporting for the hyper-scale multi-cloud world we live in. Netography now supports the ingestion of tags and labels across your Atomized Network – legacy, on-premises, hybrid, multi-cloud, and edge environments. With this new release, you can ingest and keep your labels in-sync from cloud providers (AWS, Microsoft Azure, Google Cloud, IBM Cloud, Oracle Cloud), endpoints via integration with CrowdStrike Falcon and other systems via a CSV template and data in an S3 bucket. With context labels, your Netography Fusion portal and interactions have more context and enable new use cases like policy-driven network security and visibility and faster onboarding of new analysts and responders to your teams.
- Ingest and sync labels and tags across your infrastructure with Netography Fusion.
- Leverage context labels in your NQLs (Netography Query Language) with full search support and the ability to create dashboards with context.
- Leverage context labels in your NDMs (Netography Detection Models) with actions that can run off specific conditions using context labels.
Context Use Cases
Apply Policy-Driven Security:
With Netoraphy Fusion, using the same context labels as found in your organization’s other infrastructure and security applications, we enable organizations to greatly reduce cyber threat risks and policy violations with powerful analysis, and remediation automation capabilities through search, dashboards, alerts, custom detections, and integrations.
Greater Visibility and Views for Analysts:
Teams across your organization with security responsibilities can respond faster to cyber threats with greater confidence. With today’s complex networks and applications that are deployed across global infrastructure and services, your newer analysts and responders may be struggling with context and understanding of network traffic flows for applications and cloud services. With context labels, they can now have the same “application” or “compliance” view as your more experienced team members.
Respond Faster to Forensics and Audit Requests:
With Netography Fusion’s tagging and context labels that sync with your cloud and backend systems, you’ll be able to enforce controls for specific compliance requirements. And your teams can isolate and analyze the network security of applications, office, and data center locations, business units, compliance requirements, or specific deployment environments. Forensics and audit teams appreciate Netography Fusion’s ability to have gap-free visibility and flexible data retention policies to investigate incidents and understand the attack path.
Intersections for NQL
NQL enables security teams to search enriched flow records and create, save and use custom searches. Now Netography Fusion users will be able to combine queries. This will save time and ensure greater accuracy and consistency for analysts and other users. Plus, with Netography Fusion’s comprehensive tagging and context labeling, your teams can visualize networks by application, location, compliance groups or any other scheme. The UX/UI is designed by network and security pros for pros and has several unique, time-saving data points that enable analysts to “pivot” quickly, saving time and fatigue. Your analysts will quickly be able to answer questions like: “Who is talking to whom? Over what port? Is it being blocked or not? Where is that data going?”
New Response Capability
We now offer integration support for TLS Syslog output, allowing for event integration with a larger number of third-party SIEM and ticketing platforms. We strive to support security teams with their existing workflows and security stacks. Many of our customers have teams that respond and remediate right within the Netography Fusion platform with our support for BGP, Flowspec over BPG for scalpel precision, API, and DNS orchestration. Given our flexibility, other teams can respond and remediate with their SIEM or SOAR platform like Splunk or IBM QRadar.
Netography Fusion UX Updates
Our customer experience and solution engineers love to engage with customers and understand their use cases, feature requests, and suggestions for the interface. Some of the more important updates include:
- The Netography Fusion IP Explorer and Attack Surface screens now support historical time periods.
- NQL now supports a history view, enabling users to quickly start a new NQL based on recent NQLs that were not saved in the NQL list.
- Alerts are now listed as “events” There is also now a new events summary page that aggregates events based on the detection model that created the event/alert, as well as a new graphical view of the number of events/alerts over time.
- Flow Sources redesign. Device and cloud provider configuration is merging into a new Flow Sources view. There is now a single page to go to see all details of your flow source configurations or to add new flow sources.
- Integrations are now presented in a more consolidated and consistent way.
We look forward to the feedback on these new features and enhancements from our customers and community, and the teams are working fast on the next series of updates. Want more information? Email us to request a quick demo.