Cloud Security: Unlocking the Power of Network Metadata
By Dan Murphy
Co-founder and CTO
If you’ve read our blog, you’re probably aware that at Netography, we believe package acquisition is dying for a number of reasons. Businesses face headwinds, including encryption and rapid adoption of Zero Trust as well as compliance and privacy issues. Also, in today’s atomized networks, appliances won’t be viable for very long and you can’t run an agent on everything. Traditional on-premises network detection and response (NDR) tools should be modernized to support the cloud, introducing scalability, cost, and manageability challenges.
Some NDR vendors use traffic mirroring, which is extremely difficult to install and configure on a large distributed cloud footprint and still relies on packet capture. Others are beginning to recognize that capturing cloud flow logs is necessary for threat detection and response in the cloud. But they’re in the early stages and these integrations aren’t easy, so their offerings are extremely limited.
When we founded Netography, we knew the headwinds would only get stronger, so we decided to approach atomized network security from a different angle. Using metadata as stream data, not packets, we provide customers with complete network visibility across their entire network infrastructure – on-premises and in the cloud. This includes visibility into threats, misconfigurations, and new services and devices. What does this mean for companies that choose Netography? Here are three takeaways:
- Your options are open. For more than three years, we have been integrating and can extract cloud flow logs from the top five cloud providers: Amazon Web Services, Google Cloud, IBM Cloud, Microsoft Azure and Oracle Cloud. This means our customers’ options are open – they are not locked into a single vendor. If customers change cloud providers or operate in a multi-cloud environment, they won’t lose visibility. In addition to cloud flow logs, we also ingest on-premises flow types, which is important because 67% of IT professionals see hybrid cloud as their permanent destination.
- The data is actionable. No cloud flow log standard exists, so each cloud provider offers a version of flow logs with differences in the type of data provided, format, and timeliness. This creates a huge standardization challenge that requires a deep understanding of the data supported by each cloud provider and creativity to make it usable. We bundle all the different types of cloud streams and standardize them so that they can be used with common functionality defined in a timely manner. Customers can operate in the same workflows they are used to without having to switch between different consoles and tools.
- Improved decision making. Each time you perform threat detection, the more context and information you have to compare and analyze, the more you’ll be able to focus on what’s happening on your network, which is why real time is so important. Netography enriches data at three different times: ingest time, alert time, and query time. Our enrichment is also multidimensional across multiple sources and source types, including from our own threat research team so we can provide context that other vendors cannot. This allows us to magnify the data set, typically 5-10x, for more richness and better decision making,
Netography grew out of developing technology that allows businesses to leverage the cloud as a tremendous enabler without having to fight to defend it. From threat detection to misconfigurations to new services and devices, we bridge the giant visibility gap and eliminate complexity across cloud, multi-cloud and hybrid environments, so security and network operations teams can better protect their growing business networks.