Threat Detection with Zero Deployment
Joel Esler
VP of Threat Research
One beautiful part about the Netography Fusion platform is our Threat Research Team’s ability to instantly roll out new threat detection models at any time to detect and provide visibility into threats on customer networks. Zero deployment, no downloading updates or definitions, and native cloud-based threat hunting allow for the industry’s fastest time to visibility and control across today’s complex and fluid computing environments. This includes multi-cloud, on-premise, and legacy infrastructure, which we refer to collectively as the Atomized Network.
Last week we began shipping some of our advanced detection technology to the Netography platform. We seamlessly updated our platform, so customers were instantly able to detect and defend against the three largest botnets on the internet today. Again, all without a single thing to download or deploy.
A deeper dive
Enumerating the participants of a botnet from inside it, Netography instantly provides our customers visibility into their network traffic. If the botnet is being used against a customer, they can remediate infections on their network and even block inbound distributed denial of service (DDoS) attacks from the botnet. If you concentrate on defending against the “how” of the attack, who is using the attack is blocked at every turn, in your Atomized Network.
We’ve all dealt with the headaches of false positives in the security field. Remediating those false positives is not easy. It involves support tickets, going back and forth between the customer and the vendor, SLAs, ticket tracking software, “root cause analysis” papers, etc. I’ve personally been on the front lines of this fight in my past work, even leading teams to write entire pieces of software to handle customer false positives seamlessly and automatically. Our aim is to eliminate the potential for false positives before they ever exist by testing our detection methodologies in real-time before a customer ever has to review alerts. There is no need for the endless cycle of “open ticket, submit evidence, wait for response, answer response, close ticket” and then wait for updates to ship in hope that the problem is fixed. Using our stealth detect technology, the Threat Research Team can test and tune our detection thoroughly before enabling it.
Winning the detection battle
Since its inception, Netography has released more than 82 threat detection models. Last week we rolled out detection and remediation for the Mozi and Mirai botnets. While both botnets have numerous variants and additions to their code, collectively, we’re still referring to them as Mozi and Mirai. Over the coming weeks, we’ll roll out more than 30 new threat detection models for our customers.
Stay tuned for regular updates on our latest threat research and new threat models that allow Netography customers to detect and protect everywhere in minutes with zero deployment.