Skip to main content

Netography Integrates with CrowdStrike Making it Easier to Sync Context

By Gus Cunningham, SVP Strategy

As corporate networks, endpoints, multi-cloud, and edge deployments get more complex, analysts, incident responders, threat hunters, forensics teams, and auditors need context for what they see. A dashboard with a sea of IPs will take more time to review and respond to vs. an organized, labeled, and tagged view of all of the networks that make up an organization’s infrastructure. We have integrated our Netography Fusion® platform with CrowdStrike APIs to sync the context that organizations have in the CrowdStrike Falcon platform.

The use of a modern taxonomy-driven metatag and labeling system has become increasingly popular as more and more embrace cloud computing and the continuous scaling up and down infrastructure. With everything being properly tagged and labeled organizations are able to apply controls to scalable environments. Many organizations have a standard taxonomy for all infrastructure that includes labels for application, infrastructure, division, owner, budget owner, security or compliance requirement, etc.

CrowdStrike’s Falcon Endpoint Detection and Response (EDR) platform makes extensive use of tagging. System tagging saves users a lot of time when responding to alerts. Examples of tags include:

  • Organizational and User Information: “name”, “department”
  • Usage Information: “entity”, “ifname”, “classification”
  • Asset Information: “asset classification”, “OS”, “osver”, “kernel”, “servicenowid” “instancetype”

And, for endpoints that do not surface their operating system (OS), CrowdStrike technical implementation docs encourage administrators to set OS labels.

Netography Fusion portal with context label panel

Sample Use Cases for Netography Context Labels Applied Across Networks:

Strengthen Threat Hunting Programs
Analysts and threat hunters can leverage context labels in NQLs (Netography Query Language) with full search support and the ability to create dashboards with context. Those NQLs can easily be converted to NDMs (Netography Detection Models) with actions that can run off specific conditions using context labels. Having greater context for alerts and detections enables teams to lower their MTTD and MTTR metrics.

Apply Policy-Driven Security
Many organizations implement policies and controls to meet specific compliance requirements, for example, PCI or HIPAA compliance requirements for networks. With context labels, it is easier for teams to detect, alert and analyze all of your networks for misconfigurations, configuration drift, and policy violations. With Netoraphy Fusion using the same context labels as found in an organization’s implementation of CrowdStrike we enable organizations to greatly reduce cyber threat risks and policy violations with remediation automation capabilities through alerts, custom detections, and integrations.

Squash Silos Between Teams
Teams from across an organization are overloaded with the number of tools and repetitive data and logs they run and often they do not have the common context labels that spans all of them. From security operations center (SOC) teams to IT to cloud operations, forensics, and risk and compliance, everyone benefits from a single source of truth and taxonomy that enables teams to refer to a common context across networks and environments. With Netography Fusion’s powerful tagging and context labeling, your teams can visualize networks by application, location, compliance groups or any other scheme. Easily configure dashboards by role, by use case, by application, by policy, by location, by threat, and more. You can isolate network data and analytics for quick views or drill down on issues and alerts. 

Respond Faster to Forensics and Audit Requests
With today’s mix of on-premises and multi-cloud deployments, it is getting increasingly difficult for teams to respond to audit requests. Many requests today involve requests to multiple teams for logs and reports to satisfy the request and provide the evidence needed for a report or audit. With Netography Fusion’s tagging and context labels that sync with your CrowdStrike and backend systems, you’ll be able to isolate and analyze the network security of applications, office and data center locations, business units, or specific deployment environments.  Forensics and audit teams appreciate Netography Fusion’s ability to have gap-free visibility and flexible data retention policies to investigate incidents and understand the attack path. 

If you are looking for unified visibility across your Atomized Network, even as encryption and ephemeral multi-cloud environments are increasing your blind spots, learn more about how Netography Fusion can help your organization expand endpoint security, or request a quick demo of Netography today.

Existing customers can learn more about our support for context labels by please visiting our support and documentation site in the Netography Fusion portal