Netography Fusion

What is Netography Fusion?

Netography Fusion identifies activity that should never happen anywhere in a multi-cloud or hybrid network, in real-time and at-scale. Fusion provides security, cloud, and network operations teams with actionable insights on activity their other tools miss without the burden of appliances, agents, probes, or taps. Data Collection The 100% SaaS Netography Fusion platform begins by collecting metadata from multi-cloud or hybrid networks. Metadata provides a real-time description of network activity in any environment, and Fusion’s frictionless architecture eliminates the burden of deploying sensors, taps, or agents to collect the data. Customers simply identify a location of their cloud flow logs and provide credentials for the Fusion platform to ingest the logs, or they send the logs directly to Fusion from their on-prem network. The metadata Fusion can ingest includes: - Cloud flow logs from all five major cloud providers (Amazon Web Services, Microsoft Azure, Google Cloud, IBM Cloud, and Oracle Cloud Infrastructure) - DNS data from AWS and GCP - Flow data (NetFlow, sFlow, and IPFIX) from routers, switches, and other physical or virtual devices. Fusion’s frictionless architecture enables an organization to begin monitoring network activity in any part of their network, and in less than an hour. Orchestrate and Enrich Fusion then orchestrates the cloud flow logs, flow logs, and DNS data into a single dataset, eliminating the need to spend engineering resources to aggregate and normalize the disparate data sources. And, because the metadata represents the “one source of truth” for the network, orchestration ensures that SecOps, CloudOps, and NetOps teams can all take advantage of the same dataset. It enriches the metadata with context attributes from applications and services in the organization’s tech stack, including asset management, CMDB, EDR, XDR, and vulnerability management systems. The context can include dozens of attributes, including asset risk, environment, last known user, region, risk score, security workgroup, type of entity, and vulnerability count. Context transforms the metadata in a network from a table of IP addresses, ports, and protocols into context-rich descriptions of the activities of users, applications, data, and devices. Enriched metadata accelerates any operations teams’ ability to detect and respond to anomalous or compromise activity by eliminating the need to consult other tools or teams to understand the significance of any activity. AI-Driven Analytics Fusion then uses its advanced analytics engine to detect anomalous and malicious activity using Netography Detection Models (NDMs). Created by the Netography Detection Engineering team, NDMs run continuously and search incoming data. Fusion generates an alert when it detects threshold exceptions. Customers have complete flexibility to customize Fusion’s preconfigured detection models as well as create their own models to meet their requirements. Investigate Analysts and investigators can conduct detailed forensic analysis of East/West and North/South activity between and within cloud platforms and cloud to on-prem to see all activity related to a detection. They can quickly pivot between dashboards within Fusion to map the scope and impact of a security incident (including workloads and data sets accessed) or hunt anomalous activity in network traffic to expose the timeline of events. Fusion also enables them to “look back” to see historical activity for up to 12 months, to understand the scope and duration of the activity before detection. Respond The Fusion platform also enables customers to implement a range of response workflows quickly from within the Fusion platform directly or via built-in integrations with a range of technology partners, including EDR and XDR systems, and SIEM/SOAR platforms. Customers can also use Fusion’s APIs to automate workflows with their tech stack as well.