Netography’s Incremental Value to the Network Team
By Matt Wilson, VP Product Management
At Netography, we talk a lot about the value we provide to secure the Atomized Network. We have blogs on the cloud-native security, threat detection in multi-cloud environments, the limitations of deep packet inspection (DPI), and the hidden costs of appliance-based models. However, one topic we haven’t covered a great deal is the incremental value that comprehensive network visibility, delivered through our Netography Fusion platform, provides to the network team. There are three main aspects to this: performance, configuration, and connections. Let’s look at each.
Performance: Network teams run into multiple failure conditions that impact performance. A router goes down or is saturated. A cable is cut or disconnected. These are a couple of obvious problems, and they tend to be straightforward to identify and fix. But what happens when an individual component of a network—like one application—is having a problem, but other things seem to be operating correctly?
Traditional network visibility tools rely on methods like Simple Network Management Protocol (SNMP) to display devices on the network and the traffic passing through it. For example, you can see that a router or port is full, but you can’t drill down to see that this IP is talking over this port and to 15 other IPs, which is suddenly generating a spike in traffic. With Netography Fusion, through a single user interface, network teams can get answers to questions like: “Who is talking to whom? Over what port? Where is that data going?”. We do this by using metadata in the form of flow data that we enrich with context so you can narrow down performance issues to specific IPs involved and ports being used, and map that information against threats and applications. Looking back at performance over time helps to determine if activity is anomalous or cyclical. Instead of spending far too much time piecing together information from multiple point solutions and Internet searches and switching between consoles, you have one concise view. You can quickly resolve issues or, if you determine the traffic spike is part of business is usual, label it to save time when it happens again.
Configuration: Today’s Atomized Networks are complex and fluid environments where applications and data are scattered across multi-cloud, on-premise, and legacy infrastructure, being accessed by mobile and remote workers. Having visibility to ensure that applications are talking to the right other applications as well as not to environments they shouldn’t be using or haven’t in the past, is difficult to achieve. Additionally, as organizations change and add new vendors at a rapid pace, it isn’t unusual to discover months later that some parts of the infrastructure are still talking to previous systems and that those connections haven’t been removed completely.
Network teams are using Netography Fusion to remove the guesswork. They can prove segmentation of applications and environments in minutes, or get a comprehensive list of source IPs to know definitively that every configuration across the network has been updated. They can also validate firewall configurations to make sure that the traffic the security team is expecting to get blocked is actually being blocked. And when it comes to troubleshooting management networks, they can see if outside IPs are touching the management network and fix misconfigurations immediately.
Connections: Unnecessary devices introduce unnecessary risk. However, as the number and types of connected devices continue to grow, getting visibility into all these connections and understanding if they are legitimate or not is an onerous task. Flow data allows you to see conversations across your Atomized Network, but you need additional context to understand if a conversation is good, bad, or indifferent.
Netography Fusion enriches flow data with business and threat intelligence so you can very quickly determine if a connection is legitimate and tag it as such to signal to the rest of the network team you’ve done the research and the connection does not have to be investigated again. If determined that a connection is malicious, you can work with the security team to write a threat model that automates alerting and detection and sets response policies. Everyone can work within the same user interface which reduces communication problems. And if a connection falls into a gray area, you can mark it for further investigation and alerting if it happens again. For instance, a connection from another country may be unusual, but given the uptick in remote work and depending on the country, it could be worth watching rather than immediately shutting down. What about connections that should be there that aren’t? For instance, as organizations reconfigure offices for hybrid workspaces, Netography Fusion helps to detect and resolve network and device connectivity issues quickly to maintain productivity.
No doubt, the Atomized Network creates new challenges for the security team, but also the network team. Netography delivers value to both and, more importantly, makes it easier for these teams to collaborate by providing context-driven, enterprise-wide network visibility through a single, intuitive interface.