Skip to main content

The One-Two Punch of Frictionless Network Defense 

By Martin Roesch

At Netography, when we set out to change the way network security is done in order to protect enterprise networks as they exist today, we felt strongly that one of the primary capabilities our new architecture and approach had to enable was frictionless network defense. The environment defenders operate in has changed dramatically, and many security teams have reached the point where they need a better way to quickly see and understand what has happened and what it has happened to in order to take action. 

Frictionless network defense allows customers to quickly gain real-time awareness of behavior on their network and also operationalize alerts to accelerate response. It’s the one-two punch defenders of modern enterprise networks need right now to mitigate risk. Here’s how it works:

  1. Frictionless deployment

There are two aspects to the frictionless nature of our Netography Fusion® cloud-native Network Defense Platform (NDP) in terms of deployment. There are intrinsic aspects inherent in ourlive off the land” approach. Because Netography Fusion leverages metadata from existing network infrastructure, there are no appliances, sensors, or agents that you have to deploy to make the platform operate. There are also extrinsic functions prevalent in the on-prem world that you don’t have to deploy when you have Netography Fusion. The additional, external supporting infrastructure typically required to make legacy network security technologies work, like taps, aggregators, or decryptors, are no longer needed. 

To get started with Netography Fusion, simply point your data sources to our cloud ingest capability, and you can get visibility where and when you need it immediately. As your environment is extended or changes, you can provision in lockstep. There’s no need to deploy anything or call us for additional licensing. 

It’s not uncommon, in less than an hour, for Netography Fusion to find signs that trust boundaries are being circumvented, which could indicate suspicious lateral movement and potential data exfiltration, or to discover policy or governance issues like misconfigurations, random applications running, or even Bitcoin mining that no one knows about. 

  1. Third-party integrations 

We extend the concept of “living off the land” with our approach to response. Our ecosystem of third-party integrations ensures you can operationalize the alerts generated by the Netography Fusion platform by leveraging your existing security infrastructure. When Fusion sees activity that warrants a response, it is able to signal out to your existing security technology stack. Once again, nothing needs to be deployed to make it work. We just have to activate the integrations, and then you can create response policies customized for your environment, and you’re ready to go.

Our integration with Crowdstrike Falcon to automate network security on endpoints is one example of this powerful response mechanism. Security teams can automate network containment actions based on observing a system’s activities and behaviors to stop hostile actors and malware from causing greater damage. Endpoints can be quarantined for a set amount of time with the added ability to remove hosts from the quarantine list manually when the threat has been cleared, or automatically based on parameters you set. 

Creating integrations between Netography and existing security tools that a customer might be using is something that can be done in days or less – not months – with additional pre-built integrations continuously being added to our ecosystem. 

We often say that the center of cybersecurity gravity – especially network security – is shifting to the cloud. Frictionless network defense is a crystal-clear example of how the shift to the cloud benefits organizations and security teams. When there’s nothing to deploy to get real-time network situational awareness and accelerate response across your multi-cloud and on-prem environment, you have a powerful approach to protect your modern enterprise network today and into the future.