Netography announced today new ransomware detection capabilities that enable organizations to respond to malicious activities in real time before they disrupt operations or threaten business continuity. These AI-driven enhancements enable Fusion customers to close network observability and security gaps caused by limitations of their existing platform-native and cloud-native toolsincluding the inability to detect malicious activity and the lack of a holistic view of all network activity.
The scale of the ransomware problem continues to grow, with ransomware payouts in 2024 expected to exceed $1 billion on a global scale. Cybercriminals have done cloud resources, including SaaS applications, cloud storage and cloud management infrastructure, their main attack targets.
This latest version of Netography harnesses the power of AI to make it easier and faster for operations teams to detect and respond to anomalous or malicious activity in their cloud resources that could indicate a ransomware attack. The new AutoThreshold feature in the Fusion platform automatically creates, monitors and adjusts detection thresholds in any network environment based on observation of network operational activity, without requiring intervention from the network. ‘operator.
In addition to the automatic threshold functionality, this release includes an expanded library of detection models that will identify a range of ransomware-related activities, including:
- Pre-compromise acknowledgement (external to internal activity), such as brute force attacks and external use of internal services.
- Initial post-compromise lateral movement (internal-to-internal activity), such as network scanning, brute force attacks, and ransomware transfer over SMB.
- Exposure and exfiltration of data after compromise (internal to external activity), such as communicating with known C&C/C2 infrastructure, transferring anomalous data via SSH and DNS, and exfiltrating data to Amazon S3 buckets and private cloud storage services.
“One of the reasons ransomware attacks continue to be successful is that organizations lack unified observability capabilities across modern enterprise networks,” said Martin Roesch, CEO of Netography. “They are unable to see how their users, applications, data and devices interact within and across their hybrid multicloud environments. The Fusion platform now provides them with unified network observability and security awareness, enabling them to detect and respond to ransomware activity early in the attack.
Netography has also expanded the data sources that the Fusion platform can analyze to provide additional network observability and security:
- DNS data as a new traffic source: Customers can now ingest their DNS logs (recursive query and response logs) from Google Cloud DNS or AWS Route 53, significantly increasing Fusion’s capabilities for network forensics, threat detection and overall visibility of the network. By adding DNS log data to Netography’s network metadata, Fusion customers can detect when their assets are communicating with malicious domains as well as when bad actors are using DNS for data exfiltration or malware C&C.
- AWS Transit Gateway data as a new traffic source: Fusion allows AWS customers to ingest VPC flow logs from their transit gateways into the Fusion platform, improving observability of AWS network activity, including monitoring of data egress activity through transit bridges.
- Azure Virtual network flow logs as a new data source: Microsoft Azure customers who have migrated to the new logging functionality in Azure Network Watcher can ingest their VNet flow logs into the Fusion portal. Fusion also supports Azure Network Security Groups (NSG), making it easier for any organization to transition to Virtual Network Flow Logs before NSG Flow Logs are retired in 2027.
The Fusion platform also reduces the workload of operations teams by automatically discovering new VPCs or virtual network instances (or changes in the behavior of existing instances), applying policies, and monitoring the activity of these instances:
“At Netography, we are the experts in collecting and transforming the flow and DNS data already produced by our customers’ networks into high-value, high-fidelity security information. That’s why organizations rely on our Netography Fusion platform to deliver complete observability and security of their multi-cloud and hybrid networks,” said David Meltzer, Chief Product Officer at Netography. “Our addition of AI-based thresholds, along with these other enhancements to our Fusion platform, sets Netography apart by providing customers with the most comprehensive real-time view of all security activities and issues on their network.
The Fusion platform is purpose-built to visualize all network activity across multi-cloud, single-cloud, and hybrid networks. Its frictionless detection architecture eliminates the burden of deploying sensors and agents, allowing CloudOps, SecOps, and NetOps teams to start detecting malicious and anomalous activity in minutes.
Register for the webinar: Join Netography CEO Marty Roesch and CPO David Meltzer to discuss “Detecting Ransomware Activity Across Multi-Cloud Networks” on Thursday, December 12 at 11:00 AM EST/8:00 AM PST – Register here.
Try Netography Fusion today: Get a holistic view of all network activity for free with Netography Fusion: Register here.