Netography Fusion® automates the detection of anomalous lateral movement, data harvesting, and exfiltration activity in real-time for unmatched network observability and security.
Netography, the leader in holistic network observability and security, announced new ransomware detection capabilities that enable organizations to respond to malicious activity in real-time before it disrupts operations or threatens business continuity. These AI-powered enhancements enable Fusion customers to close the network observability and security gaps caused by limitations in their existing platform-native and cloud-native tools, including the inability to detect malicious activity and the lack of a holistic view of all network activity.
The scope of the ransomware problem continues to grow, with 2024 ransomware payments anticipated to exceed $1 billion globally. Cybercriminals have made cloud resources, including SaaS applications, cloud storage, and cloud management infrastructure, their biggest targets of attacks.
This latest Netography release leverages the power of AI to make it easier and faster for operations teams to detect and respond to anomalous or malicious activity in their cloud resources that could indicate a ransomware attack. The Fusion platform’s new auto-thresholding capability automatically creates, monitors, and adjusts detection thresholds across any network environment based on observing operational network activity without requiring operator intervention.
In addition to the auto-thresholding feature, this release includes an expanded library of detection models that will identify a range of ransomware-related activity, including:
- Pre-compromise reconnaissance (external-to-internal activity) such as brute force attacks and external use of internal services.
- Post-initial-compromise lateral movement (internal-to-internal activity) such as network scanning, brute force attacks, and ransomware staging over SMB.
- Post-compromise data exposure and exfiltration (internal-to-external activity) such as communication with known C&C/C2 infrastructure, anomalous data transfer over SSH and DNS, and data exfiltration to Amazon S3 buckets and private cloud storage services.
“Among the reasons that ransomware attacks continue to succeed is because organizations lack unified observability capabilities across modern enterprise networks,” said Martin Roesch, CEO of Netography. “They are unable to see how their users, applications, data, and devices are interoperating within and between their hybrid multi-cloud environments. The Fusion platform now gives them that unified network observability and security awareness, enabling them to detect and respond to activity associated with ransomware as the attack begins.”
Also Read: SentinelOne Wins CRN 2024 Best Cloud Security Award
Netography has also expanded the data sources the Fusion platform can analyze to provide additional network observability and security:
- DNS Data as a New Traffic Source – Customers can now ingest their DNS logs (recursive request and response logs) from Google Cloud DNS or AWS Route 53, significantly increasing Fusion’s capabilities in network forensics, threat detection, and overall network visibility. By adding DNS log data to Netography’s network metadata, Fusion customers can detect when their assets are communicating with malicious domains as well as when threat actors are using DNS for data exfiltration or malware C&C.
- AWS Transit Gateway Data as a New Traffic Source – Fusion enables AWS customers to ingest VPC flow logs from their Transit Gateways into the Fusion platform, improving observability into AWS network activity, including the monitoring of data egress activity through the transit gateways.
- Azure VNet Flow Logs as a New Data Source – Microsoft Azure customers who have migrated to the new logging feature in Azure Network Watcher can ingest their VNet flow logs into the Fusion portal. Fusion also supports Azure Network Security Groups (NSG), making it easy for any organization to transition to VNet flow logs before the retirement of NSG flow logs in 2027.
The Fusion platform also reduces the workload of operations teams by automatically discovering new VPCs or VNet instances (or changes in the behavior in existing instances), applying policies, and monitoring the activity of those instances:
- Virtual Private Cloud (VPC) and Virtual Network (VNet) Auto-Detection and Auto-Onboarding – Fusion can now automatically detect, apply policies, and monitor newly discovered VPC and VNets, eliminating blind spots in security monitoring.
“At Netography, we are the experts in collecting and transforming flow and DNS data already produced by our customers’ networks into high-value, high-fidelity security insights. This is why organizations rely on our Netography Fusion platform to deliver comprehensive network observability and security of their multi-cloud and hybrid networks,” said David Meltzer, Chief Product Officer at Netography. “Our addition of AI-driven thresholds, as well as these other enhancements to our Fusion platform, sets Netography apart by bringing customers the most comprehensive real-time view of all activity and security issues across their network.”
The Fusion platform is purpose-built to be the fastest and easiest way to see all network activity across multi-cloud, single-cloud, and hybrid networks. Its frictionless detection architecture eliminates the burden of deploying sensors and agents, enabling CloudOps, SecOps, and NetOps teams to start detecting malicious and anomalous activity in minutes.
Source: Businesswire