Netography Fusion delivers a holistic view of all network activity across your multi-cloud or hybrid network, in real-time and at scale. It detects malicious and anomalous activity, such as lateral movement, data harvesting and exfiltration from ransomware without the burden of sensors or agents.
Fusion is the fastest way for you to see all network activity. In less than an hour, your cloudops, netops, and secops teams can start seeing all network activity in to, between, and out of your multi-cloud or hybrid network.
Data Collection
The 100% SaaS Netography Fusion platform begins by collecting VPC flow logs, VNet flow logs, on-prem flow logs, and DNS logs from your multi-cloud or hybrid networks. Fusion’s frictionless architecture eliminates the burden of deploying sensors or agents to collect the data. You simply identify a location of your cloud flow logs and provide credentials for the Fusion platform to ingest the logs, or you can send the logs directly to Fusion from your on-prem network.
The metadata Fusion can ingest includes:
- Cloud flow logs from all five major cloud providers (Amazon Web Services, Microsoft Azure, Google Cloud, IBM Cloud, and Oracle Cloud Infrastructure)
- DNS data from AWS and GCP
- Flow data (NetFlow, sFlow, and IPFIX) from routers, switches, and other physical or virtual devices.
Orchestrate and Enrich
Fusion then orchestrates the cloud flow logs, flow logs, and DNS data into a single dataset, eliminating the need to spend engineering resources to aggregate and normalize the disparate data sources. And, because the metadata represents the “one source of truth” for the network, orchestration ensures that SecOps, CloudOps, and NetOps teams can all take advantage of the same dataset.
It enriches the metadata with context attributes from applications and services in the organization’s tech stack, including asset management, CMDB, EDR, XDR, and vulnerability management systems. The context can include dozens of attributes, including asset risk, environment, last known user, region, risk score, security workgroup, type of entity, and vulnerability count.
Context transforms the metadata in a network from a table of IP addresses, ports, and protocols into context-rich descriptions of the activities of users, applications, data, and devices. Enriched metadata accelerates any operations teams’ ability to detect and respond to anomalous or compromise activity by eliminating the need to consult other tools or teams to understand the significance of any activity.
AI-Driven Analytics
Fusion then uses its advanced analytics engine to detect anomalous and malicious activity using Netography Detection Models (NDMs). Created by the Netography Detection Engineering team, NDMs run continuously and search incoming data. Fusion generates an alert when it detects threshold exceptions. Customers have complete flexibility to customize Fusion’s preconfigured detection models as well as create their own models to meet their requirements.
Investigate
Analysts and investigators can conduct detailed forensic analysis of East/West and North/South activity between and within cloud platforms and cloud to on-prem to see all activity related to a detection. They can quickly pivot between dashboards within Fusion to map the scope and impact of a security incident (including workloads and data sets accessed) or hunt anomalous activity in network traffic to expose the timeline of events. Fusion also enables them to “look back” to see historical activity for up to 12 months, to understand the scope and duration of the activity before detection.
Respond
The Fusion platform also enables customers to implement a range of response workflows quickly from within the Fusion platform directly or via built-in integrations with a range of technology partners, including EDR and XDR systems, and SIEM/SOAR platforms. Customers can also use Fusion’s APIs to automate workflows with their tech stack as well.
