Netography integrates with CrowdStrike, making it easy to sync context


Netography integrates with CrowdStrike, making it easy to sync context

By Gus Cunningham, SVP Strategy

As enterprise networks, endpoints, multicloud and edge deployments become more complex, analysts, incident responders, threat hunters, investigation teams and auditors need context for what that they see. A dashboard with a sea of ​​IP addresses will take longer to review and respond to than an organized, labeled, and tagged view of all the networks that make up an organization’s infrastructure. We have integrated our Netography Fusion® platform with CrowdStrike APIs to synchronize the context of organizations on the CrowdStrike Falcon platform.

Using a modern taxonomy-based metatag and tagging system has become increasingly popular as more and more people adopt cloud computing and continuously scaling infrastructure. With everything properly tagged and tagged, organizations are able to apply controls to scalable environments. Many organizations have a standard taxonomy for all infrastructure that includes labels for application, infrastructure, division, owner, budget owner, security or compliance requirements, etc.

CrowdStrike’s Falcon Endpoint Detection and Response (EDR) platform makes extensive use of tagging. System markup saves users a lot of time when responding to alerts. Here are some examples of tags:

  • Organization and user information: “name”, “department”
  • Usage information: “entity”, “ifname”, “classification”
  • Asset information: “asset classification”, “OS”, “osver”, “kernel”, “servicenowid” “instancetype”

And, for endpoints that don’t reveal their operating system (OS), CrowdStrike’s technical implementation documents encourage administrators to set OS labels.

Netography Fusion portal with context label panel

Examples of use cases for netography context tags applied on networks:

Strengthen threat hunting programs
Analysts and threat hunters can take advantage of context tags in Netography Query Language (NQL) with full search support and the ability to create contextual dashboards. These NQLs can easily be converted into NDMs (Netography Detection Models) with actions that can execute specific conditions using context tags. Having greater context for alerts and detections allows teams to lower their MTTD and MTTR metrics.

Apply policy-based security
Many organizations implement policies and controls to address specific compliance requirements, for example, PCI or HIPAA compliance requirements for networks. Context tags make it easier for teams to detect, alert, and analyze all of your networks for misconfigurations, misconfigurations, and policy violations. With Netoraphy Fusion utilizing the same context tags found in an organization’s CrowdStrike implementation, we enable organizations to significantly reduce cyber threat risk and policy violations through remediation automation capabilities via alerts, custom detections and integrations.

Squash silos between shifts
Teams across the organization are overloaded with the number of tools and repetitive data and logs they run and often they don’t have the common context tags that cover them all. From security operations center (SOC) teams to IT, cloud operations, forensics, risk, and compliance, everyone benefits from a single source of truth and taxonomy that empowers teams refer to a common context across networks and environments. With Netography Fusion’s powerful context tagging and labeling, your teams can visualize networks by application, location, compliance groups, or any other schema. Easily configure dashboards by role, use case, application, policy, location, threat, and more. You can isolate network data and analytics for quick views or drill down into issues and alerts.

Respond to investigation and audit requests faster
With the current mix of on-premises and multi-cloud deployments, it is becoming increasingly difficult for teams to respond to audit requests. Many requests today involve requests to multiple log and reporting teams to satisfy the request and provide the evidence needed for a report or audit. With Netography Fusion markup and context tags that sync with your CrowdStrike and backend systems, you’ll be able to isolate and analyze network security of applications, office and data center locations, specific business units or deployment environments. Investigation and audit teams appreciate Netography Fusion’s ability to have uncompromising visibility and flexible data retention policies to investigate incidents and understand the attack path.

If you are looking for unified visibility into your atomized network, even as encryption and ephemeral multi-cloud environments increase your blind spots, learn more about how Netography Fusion can help your organization strengthen endpoint security or request a demo of Netography today.

Existing customers can learn more about our support for context tags by visiting our support and documentation site in the Netography Fusion portal.

The post Netography integrates with CrowdStrike to aid context synchronization appeared first on Netography.

*** This is a syndicated blog from Netography’s Security Bloggers Network written by Gus Cunningham. Read the original post at:


About Author

Comments are closed.