Data sheet
Netography® Network Detection and Response
A SaaS Offering Introduction
Zero Trust Brings Challenges Encrypted data now accounts for 95% of all internet traffic, and it’s moving at a rapid pace. Zero Trust initiatives drive organizations to adopt a new framework and mindset to keep data private and safe. Cloud services are also driving transformative changes in network infrastructure. As organizations pivot to new approaches, legacy solutions that once relied on full packet capture inspection are becoming less informative for SecOps & NetOps teams and offer little to no visibility into the payload. Encryption is also helping adversaries move in undetected. Some 6.6 billion threats were hidden in encrypted traffic in 2020 alone. The cost of scaling an organization also has gone up because of the number of sensors, appliances, and additional hardware you have to place within your network. In the end, this is becoming increasingly unscalable and leaving blind spots in the attack surface. For organizations to stay ahead of today’s advanced threats, a different security approach is needed, and technology needs to meet these needs.
— Detection — Response — Analytics
A New Approach: Netography® Network Detection & Response To cope, organizations need to adopt a new mindset about how they will address security in the age of Zero Trust. Working with full packet capture is timely and expensive, requires expertise, and shows little return on investment. Also, most organizations do not have the ability or the appetite to decrypt traffic, which means they are left to work with metadata. The Netography Network Detection & Response offering works exclusively with metadata from on-premises, cloud and hybrid devices, and systems without breaking encryption. With Netography, metadata can be quickly & securely exported, with no sensors or appliances to deploy or manage. As a result, organizations gain complete visibility into their environment and effectively block global threats in real-time with little effort to deploy.
Key Benefits:
— Finds Threats That Other Technologies Miss (Eg.Endpoint, SIEM/UEBA)
— Decrease Security MTTR
— Complete Network Visibility in On-premises, Cloud & Hybrid Environments
— Save Time & Money
1 Zscaler 2020 State of Encrypted Attacks
Netography® Network Detection and Response Only Netography
Enable SecOps, NetOps, DevOps and Business Leaders to focus on the critical issues:
Detect Threats Immediately Detect and prioritize on your network that were not previously visible. Context-driven, enterprise- wide visibility helps organizations to detect threats including: SPAM, botnets, DDoS, IP reputation, Malware, P2P, Data exfiltration and Ransomware.
Automated, Rapid Response Netography protects against threats through automation. End-users can customize responses and remediation tactics that can protect any environment. Alerts are tailored to your business needs.
Complete Visibility Get a single-pane view of traffic flow and global assets across your entire network; on-premises, hybrid, cloud including: Amazon Web Services, Oracle Cloud, IBM Cloud, Microsoft Azure and Google Cloud . Organizations gain complete visibility with little effort.
Proactive Threat Hunting Malicious actors are getting smarter at hiding attacks and noticeable signs they have compromised your environment. Protecting your organization from cyberthreats requires a modern approach and the right data.
Sophisticated Analytics Dashboards allow you to focus on what matters to you and display in real-time your entire network. You receive a comprehensive view of your security posture and can quickly drill down into incidents or details with a few clicks.
How It Works Ingest
IN�ERA�� E n r i c h � �S �� ����a���� � � � �a � � ����a� ������� � � ������� � �� � � � � IN�OR�
� � � � ����� � � � � S�a�� � a a � � ��O�D ��OW �O�S � � �a������� � � � a �
� � ��a�� � � �
�
� ��S � ������� �
�
� �
Threat Detection Models � ������ �
����� � ��O��/RERO��E ������ ��� �������� ��� ��� ��a��� DNS ����� �� �S1
Netography retains full resolution data for a minimum of 90 days. More extended retention periods are also available.
Netography® Network Detection and Response The Netography® Network Detection and Response is a SaaS offering that ingests metadata, detects, and automatically remediates threats in real-time. Deployment is a simple, copy/paste a small piece of code.
Ingest: Netography ingests all forms of flow, and they can be sent securely and efficiently, including; native sFlow and NetFlow from routers, switches, servers & firewalls. Additionally, Netography can ingest Flow logs from all five major cloud providers - Amazon Web Services, Microsoft Azure, Google Cloud, IBM Cloud, and Oracle Cloud. Clients benefit from multiple methods to send metadata to Netography. With other vendors, this process is typically arduous.
Enrichment Netography then enriches each data stream in real-time with Geo, Org, Bogon, DNS, Flow Tagging, and threat intelligence details. Enrichment is done within the platform and provides immediate value for clients rather than exporting to an outside system to complete this task. Well documented APIs are available for every action within the Fusion Portal with real-time responses.
Threat Detection Models After enrichment of the flow streams, the Netography threat detection models are activated. Netography is focused on protecting clients from every possible attack vector’s threat detection models are included in all licenses and run in the background. Below are some of the most popular.
Threat Detection Models: Z ackflood Z icmpscan Z mssqlreflection Z sunrpcreflection Z alltcpflags Z ipmi Z netbiosreflect Z synfin Z badprotocol Z irctraffic Z nmapfingerprint Z synflood Z bandwidth Z knownbotnet Z noflow Z synscan Z bittorrent Z knownddos Z ntpreflect Z tcpfrag Z chargenreflect Z knownmobilethreat Z octoshape Z tcpnull Z cldapreflect Z knownphisher Z osxmami Z testalgo Z codreflection Z knownproxy Z portscan Z udpfrag Z connscan Z knownspamsrc Z pps Z w32-badlib Z dcplusplus Z knowntorproxy Z ripreflection Z wkpsrcdst Z dnsattack Z knownwebattack Z rstflood Z xmastree Z dnsreflection Z land Z snmpreflection Z 6in4tunnel Z dnstunneling Z largeicmp Z srcdsreflection Z ephemeral-ephemeral Z memcachereflection Z ssdpreflect Z icmpflood Z msrdp Z sshbrute
Integrations Netography offers Real-Time and RESTful API integrations with key complementary technologies. Some integration examples include; SIEM, SOARs, and many leading network & security solutions. Custom integrations can be tailored to meet the needs of your organization. Netography’s powerful integrations can remediate and block based on the client’s technology stack. Netography can enforce and remediate via BGP, Flowspec over BPG for scalpel precision, API, and DNS orchestration. This differentiated approach enables clients to re-use existing integrations across their environment for maximum flexibility. Clients can visualize data through the Netography Fusion Portal or access it via API into an existing visualization or dashboard. Threat hunting is also available via the Fusion Portal or through the API.
Netography® Network Detection and Response Technical Specifications
Deployment SaaS
Cloud Monitoring AWS Yes Azure Yes GCP Yes IBM Cloud Yes Oracle Cloud Yes
Data Enrichment Flow Tagging Yes IP Reputation Yes Geo Yes Data Granularity 1 second Data Retention Full Resolution for 90/180/365 Data Availability All data received Data Filtering Unlimited Filter Terms Data Grouping Multiple Dimensions Threat Hunting Yes Dashboards Fully customizable dashboards ChatOps Yes
Detection Capabilities DDoS Yes Security Yes P2P Yes Malware Yes IPReputation Yes DLP Yes Reconaisance Yes User Definable Yes Percentage Thresholds Yes 0day Yes
Remediation RTBH Yes FLOWSPEC Yes BGP Yes Blocklist Manager Yes Rule Defined Yes Appliance Mitigation No
Netography® Network Detection and Response Technical Specifications
Integrations Email Yes PagerDuty Yes Webhook Yes API Yes NS1 Yes Route53 Yes Slack Yes Twilio Yes
API Full REST Yes WebSocket Yes Query Limit 500/hour Responsiveness Real Time
Flow Ingest Options Direct Yes Flow Proxy Agent Yes Tap Agent Yes IPSec Tunnel Yes
“Netography has helped us gain visibility into internal traffic that we previously had no way of seeing. As a result, we’ve identified threats that we were not previously detected.” —Security Engineer, Financial Services
Netography® Network Detection and Response Engagement Process
The Netography engagement process is simple and straightforward.
Meeting Agenda Action Items
• Determine where to send flow from a • Action Netography: 01 few places Create customer account (1 minute) 1 Hour • Determine how much flow data will be sent • Action Client: to Netography Send flow (10-30 minutes) • Determine sample rate • Optional Action Client: • Something representational of what we would snmp, network classification, flow be servicing in the long run tagging (30 minutes) • Set expectations for POC/POV (who is the • Action Netography: audience, any specific interests or concerns) Create custom dashboards • Quick discussion re: network classification, highlighting top say 5 suspect snmp, flow tagging activities (few hours) • Document what is meaningful to the end user
• Review and clarify any concerns that • Action Netography: 02 were discovered Create rules based on discussion 1 Hour • Determine what kind of action client would like (30-60 minutes) to take. (Block, notify, etc…) • Action Netography: • Discuss feature set requests and new threat Create integrations if required (hours) detection models • Action Netography: • Determine a plan to add other parts of the Adapt or create custom threat network as required detection models (mileage varies) • Determine best solution for sending flow data
• Rinse and repeat for 3-5 weeks and then space 03 out as mutually agreed 1 Hour
Netography® Network Detection and Response Support
Netography provides live technical support; business hours will start at 9 am-5 pm EST/EDT Monday through Friday. Technical support can be contacted via email or shared channels in the customer communication platform. Response time is within 24 business hours of the support request.
Please contact your Netography account representative for more information about services and support. About Netography
Netography provides organizations with unparalleled network detection and response capabilities to defend against global threats not found by existing technologies. With the cloud’s power & flexibility, Netography helps companies gain visibility into on-premises, cloud & hybrid network environments to eliminate blind spots. Netography customers benefit from an added security layer that does not rely on signatures to detect & remediate threats, without deploying expensive hardware or software. For more information, visit Netography.com, follow us on Twitter @ netography, LinkedIn at https://www.linkedin.com/company/netography/, or request additional information at [email protected].
Get Started Today. www.netography.com/trial
To learn more, visit netography.com or contact your local Netography account representative.
How to buy: To view buying options and speak with a Netography Sales Representative, visit netography.com/contact
Netography, Inc. | 548 Market St, #50425 San Francisco, CA 94104 | (650) 822.8835 | [email protected]
Netography® Network Detection and Response