Protecting the Atomized Network: What CISOs Need to Know
Matt Wilson
Sr. Director Product Management
We know that the cybersecurity technology landscape can be confusing, particularly when it comes to defending today’s scattered and fluid computing environments. And all the acronyms don’t help: CSPM, CNAPP, EDR, EPP, NDR…It seems the list goes on and on. We often get asked how Netography compares to these traditional approaches. So, here’s a high-level roadmap to help you navigate these offerings and understand when Netography should be your destination.
Let’s get started:
Cloud Security Posture Management (CSPM) / Cloud-Native Application Protection Platform (CNAPP): These tools focus primarily on posture, compliance, and identifying vulnerabilities in your cloud footprint, but do not provide visibility into other components of your network infrastructure. CSPM tools are good at identifying misconfigurations and gaps in cloud architecture. These are important baseline steps to understand risk in the cloud, but they are not built for real-time attack detection. They cannot answer questions like: “Do I have a threat actor within my cloud infrastructure right now?” Or: “Is my web-facing production infrastructure being attacked right now?”
Endpoint Detection and Response (EDR) /Endpoint Protection Platform (EPP): Agent-based endpoint detection is certainly valuable, and in many ways provides unique visibility into local processes. But users find it challenging to install and maintain agents on every cloud workload across their environment. Additionally, not every networked device in an environment is capable of supporting an agent. So, organizations also need a detection approach that is passive and agentless for more comprehensive protection as they expand their cloud footprint.
Network Detection and Response (NDR): Traditional on-premises NDR tools are primarily appliance-based and focus on deep packet inspection of network traffic contained within a defined perimeter. These appliances need to be inserted in the middle of traffic which often isn’t practical or even possible to do in massively distributed networks where there is no middle anymore. NDR vendors have tried to retrofit their tools to broaden their visibility into the cloud in one of two ways, but both have drawbacks:
- Placing agents on cloud workloads is expensive and takes a significant toll on organizations’ computing resources.
- Traffic mirroring is extremely challenging to set up and configure across a large, distributed cloud footprint.
Clearly, NDR tools are not well-suited for cloud infrastructure, but they face an even deeper existential threat: encryption. Traditional NDR tools can’t inspect traffic they can’t decrypt. As Zero-trust initiatives accelerate, NDR tools are being blinded at a rapid pace.
Netography’s Modern Approach for Today’s Modern Networks
In today’s modern enterprise networks, applications and data are scattered across a complex environment consisting of multi-cloud, on-premises, legacy infrastructure, and mobile and remote workers. We call this the Atomized Network, and it’s creating a security void that is getting larger and larger.
So, how does Netography fill the growing void and secure the Atomized Network?
- Netography is a 100% SaaS platform – no hardware, no software, nothing to deploy
- Lives off the land – collects and stores metadata from the network infrastructure, without capturing and inspecting full packets
- Complete network visibility in minutes – real-time attack detection across on-premises, multi-cloud (including, Amazon Web Services, Google Cloud, IBM Cloud, Microsoft Azure, Oracle Cloud) and hybrid environments
- Single SaaS portal – a unified view of data enriched with business and threat intelligence accelerates and simplifies detection, hunting, and analysis
- Rapid response – copy/paste or customized commands simplify protection in any environment
- Easy on-boarding – point and click to send your cloud logs and Netflow to our portal and get started in minutes, no agents, traffic sensors, cloud traffic forwarding mechanisms, or physical appliances
You need a cybersecurity solution that protects your fluid and complex computing environment now, and as it continues to expand.