Netography® Network Detection and ResponseA SaaS Offering

Data sheet

Netography® Network Detection and Response

Zero Trust Brings Challenges Encrypted data now accounts for 95% of all internet traffic, and it’s moving at a rapid pace. Zero Trust initiatives drive organizations to adopt a new framework and mindset to keep data private and safe. Cloud services are also driving transformative changes in network infrastructure. As organizations pivot to new approaches, legacy solutions that once relied on full packet capture inspection are becoming less informative for SecOps & NetOps teams and offer little to no visibility into the payload. Encryption is also helping adversaries move in undetected. Some 6.6 billion threats were hidden in encrypted traffic in 2020 alone1. The cost of scaling an organization also has gone up because of the number of sensors, appliances, and additional hardware you have to place within your network. In the end, this is becoming increasingly unscalable and leaving blind spots in the attack surface. For organizations to stay ahead of today’s advanced threats, a different security approach is needed, and technology needs to meet these needs.

A New Approach: Netography® Network Detection & Response To cope, organizations need to adopt a new mindset about how they will address security in the age of Zero Trust. Working with full packet capture is timely and expensive, requires expertise, and shows little return on investment. Also, most organizations do not have the ability or the appetite to decrypt traffic, which means they are left to work with metadata. The Netography Network Detection & Response offering works exclusively with metadata from on-premises, cloud and hybrid devices, and systems without breaking encryption. With Netography, metadata can be quickly & securely exported, with no sensors or appliances to deploy or manage. As a result, organizations gain complete visibility into their environment and effectively block global threats in real-time with little effort to deploy.

Introduction

— Detection — Response — Analytics

Key Benefits: — Finds Threats That Other Technologies Miss (Eg.Endpoint, SIEM/UEBA)

— Decrease Security MTTR

— Complete Network Visibility in On-premises, Cloud & Hybrid Environments

— Save Time & Money

1 Zscaler 2020 State of Encrypted Attacks

Netography® Network Detection and Response

Enable SecOps, NetOps, DevOps and Business Leaders to focus on the critical issues:

Detect Threats Immediately Detect and prioritize on your network that were not previously visible. Context-driven, enterprise-wide visibility helps organizations to detect threats including: SPAM, botnets, DDoS, IP reputation, Malware, P2P, Data exfiltration and Ransomware.

Automated, Rapid ResponseNetography protects against threats through automation. End-users can customize responses and remediation tactics that can protect any environment. Alerts are tailored to your business needs.

Complete VisibilityGet a single-pane view of traffic flow and global assets across your entire network; on-premises, hybrid, cloud including: Amazon Web Services, Oracle Cloud, IBM Cloud, Microsoft Azure and Google Cloud . Organizations gain complete visibility with little effort.

Proactive Threat HuntingMalicious actors are getting smarter at hiding attacks and noticeable signs they have compromised your environment. Protecting your organization from cyberthreats requires a modern approach and the right data.

Sophisticated AnalyticsDashboards allow you to focus on what matters to you and display in real-time your entire network. You receive a comprehensive view of your security posture and can quickly drill down into incidents or details with a few clicks.

Only Netography

How It Works

AWS

Azure

Google

IBM

Oracle

Netflow

sFlowCLOUD FLOW LOGS

Ingest

INTERACTVisualizeThreat Hunting

INFORMSlackPagerDutyEmailWebhookTwilio

BLOCK/REROUTEBGPFlowspecAPI

DNSRoute 53NS1

Enrich

GEO

- O

rgan

izat

ion

- Bogon -

DNS Flow Tagging - Threat IntelligenceThreat Detection Models

Netography retains full resolution data for a minimum of 90 days. More extended retention periods are also available.

Netography® Network Detection and Response

Netography® Network Detection and Response is a SaaS offering that ingests metadata, detects, and automatically remediates threats in real-time. Deployment is a simple, copy/paste a small piece of code.

Ingest: Netography ingests all forms of flow, and they can be sent securely and efficiently, including; native sFlow and NetFlow from routers, switches, servers & firewalls. Additionally, Netography can ingest Flow logs from all five major cloud providers - Amazon Web Services, Microsoft Azure, Google Cloud, IBM Cloud, and Oracle Cloud. Clients benefit from multiple methods to send metadata to Netography. With other vendors, this process is typically arduous.

Enrichment Netography enriches each data stream in real-time with Geo, Org, Bogon, DNS, Flow Tagging, and threat intelligence details. Enrichment is done within the platform and provides immediate value for clients rather than exporting to an outside system to complete this task. Well documented APIs are available for every action within the Fusion Portal with real-time responses.

Threat Detection ModelsAfter enrichment of the flow streams, the Netography threat detection models are activated. Netography is focused on protecting clients from every possible attack vector’s threat detection models are included in all licenses and run in the background. Below are some of the most popular.

IntegrationsNetography offers Real-Time and RESTful API integrations with key complementary technologies. Integration examples include: SIEM, SOARs, and many leading network & security solutions. Custom integrations can be tailored to meet the needs of your organization. Netography’s powerful integrations can remediate and block based on the client’s technology stack. Netography can enforce and remediate via BGP, Flowspec over BPG for scalpel precision, API, and DNS orchestration. This differentiated approach enables clients to re-use existing integrations across their environment for maximum flexibility. Clients can visualize data through the Netography Fusion Portal or access it via API into an existing visualization or dashboard. Threat hunting is also available via the Fusion Portal or through the API.

Threat Detection Models: Z ackflood Z alltcpflags Z badprotocol Z bandwidth Z bittorrent Z chargenreflect Z cldapreflect Z codreflection Z connscan Z dcplusplus Z dnsattack Z dnsreflection Z dnstunneling Z ephemeral-ephemeral Z icmpflood

Z icmpscan Z ipmi Z irctraffic Z knownbotnet Z knownddos Z knownmobilethreat Z knownphisher Z knownproxy Z knownspamsrc Z knowntorproxy Z knownwebattack Z land Z largeicmp Z memcachereflection Z msrdp

Z mssqlreflection Z netbiosreflect Z nmapfingerprint Z noflow Z ntpreflect Z octoshape Z osxmami Z portscan Z pps Z ripreflection Z rstflood Z snmpreflection Z srcdsreflection Z ssdpreflect Z sshbrute

Z sunrpcreflection Z synfin Z synflood Z synscan Z tcpfrag Z tcpnull Z testalgo Z udpfrag Z w32-badlib Z wkpsrcdst Z xmastree Z 6in4tunnel

Netography® Network Detection and Response

Technical SpecificationsDeployment SaaS

Cloud MonitoringAWSAzureGCPIBM CloudOracle Cloud

YesYesYesYesYes

Data EnrichmentFlow TaggingIP ReputationGeoData GranularityData RetentionData AvailabilityData FilteringData GroupingThreat HuntingDashboardsChatOps

YesYesYes1 secondFull Resolution for 90/180/365All data receivedUnlimited Filter TermsMultiple DimensionsYesFully customizable dashboardsYes

Detection CapabilitiesDDoSSecurityP2PMalwareIPReputationDLPReconaisanceUser DefinablePercentage Thresholds0day

YesYesYesYesYesYesYesYesYesYes

RemediationRTBHFLOWSPECBGPBlocklist ManagerRule DefinedAppliance Mitigation

YesYesYesYesYesNo

Netography® Network Detection and Response

APIFull RESTWebSocketQuery LimitResponsiveness

YesYes500/hourReal Time

Flow Ingest OptionsDirectFlow Proxy AgentTap AgentIPSec Tunnel

YesYesYesYes

IntegrationsEmailPagerDutyWebhookAPINS1Route53SlackTwilio

YesYesYesYesYesYesYesYes

Technical Specifications

“Netography has helped us gain visibility into internal traffic that we previously had no way of seeing. As a result, we’ve identified threats that we were not previously detected.” —Security Engineer, Financial Services

Netography® Network Detection and Response

Engagement ProcessThe Netography engagement process is simple and straightforward.

Meeting

01

02

03

1 Hour

1 Hour

1 Hour

Agenda Action Items• Determine where to send flow from a

few places• Determine how much flow data will be sent

to Netography• Determine sample rate• Something representational of what we would

be servicing in the long run• Set expectations for POC/POV (who is the

audience, any specific interests or concerns)• Quick discussion re: network classification,

snmp, flow tagging• Document what is meaningful to the end user

• Review and clarify any concerns that were discovered

• Determine what kind of action client would like to take. (Block, notify, etc…)

• Discuss feature set requests and new threat detection models

• Determine a plan to add other parts of the network as required

• Determine best solution for sending flow data

• Rinse and repeat for 3-5 weeks and then space out as mutually agreed

• Action Netography: Create customer account (1 minute)

• Action Client: Send flow (10-30 minutes)

• Optional Action Client: snmp, network classification, flow tagging (30 minutes)

• Action Netography: Create custom dashboards highlighting top say 5 suspect activities (few hours)

• Action Netography: Create rules based on discussion (30-60 minutes)

• Action Netography: Create integrations if required (hours)

• Action Netography: Adapt or create custom threat detection models (mileage varies)

Netography® Network Detection and Response

SupportNetography provides live technical support; business hours will start at 9 am-5 pm EST/EDT Monday through Friday. Technical support can be contacted via email or shared channels in the customer communication platform. Response time is within 24 business hours of the support request.

Please contact your Netography account representative for more information about services and support.

About Netography Netography provides organizations with unparalleled network detection and response capabilities to defend against global threats not found by existing technologies. With the cloud’s power & flexibility, Netography helps companies gain visibility into on-premises, cloud & hybrid network environments to eliminate blind spots. Netography customers benefit from an added security layer that does not rely on signatures to detect & remediate threats, without deploying expensive hardware or software. For more information, visit Netography.com, follow us on Twitter @netography, LinkedIn at https://www.linkedin.com/company/netography/, or request additional information at info@netography.com.

Get Started Today.

www.netography.com/trial

To learn more, visit netography.com or contact your local Netography account representative.

How to buy: To view buying options and speak with a Netography Sales Representative, visit netography.com/contact

Netography, Inc. | 548 Market St, #50425 San Francisco, CA 94104 | (650) 822.8835 | info@netography.com