Netography Leverages Network Flow Software to Identify Anomalies

Netography plans to make available in the second quarter a platform that leverages network flow software on routers and switches to identify anomalous behavior such as scans of an IT environment.

The company, which just raised $2.6 million in seed funding, will provide a cloud service through which organizations will be able to upload network flow data to identify anomalies indicative of cybercriminals looking for vulnerabilities to exploit.

Netography CEO Barrett Lyon said this approach provides a more scalable alternative to deep packet inspection (DPI) platforms that are also more cumbersome and expensive to deploy and manage. Prior to Netography, Lyon founded Prolexic Inc., which was acquired by Akamai Technologies to provide a defense against distributed denial of service (DDoS) attacks. Lyon also founded BitGravity (acquired by Tata Communications), XDN (acquired by Fortinet) and Defense.net (acquired by F5 Networks).

As it turns out, network flow software is useful for a lot more than defending against DDoS attacks, Lyon said. The Netography cloud service allows IT teams to upload any kind of network flow software via a command line interface to identify any unusual behavior. Networking and cybersecurity teams then can use that data to create a black list or funnel that sends traffic to a honeypot for further investigation.

Despite the hype surrounding DPI over the years, Lyon noted that on a practical level, such platforms have never lived up to their promise. The next best thing is to apply analytics to network flow software, which makes it relatively easy to identify anomalous behavior indicative of, for example, a bot trying to access an application or network service, he said, adding that approach doesn’t require organizations to acquire additional hardware or upgrade their existing routers and switches.

The launch of the Netography service comes at a time when cybersecurity and networking teams within organizations are still grappling with who should be responsible for what aspects of cybersecurity in the organization. The Netography service can be employed by anyone within the organization, but typically it’s networking teams that most often are engaged with network flow software.

Regardless of how organizations approach network security, it is clear they need to be more proactive. Detecting the reconnaissance efforts of cybercriminals can buy organizations precious time to remediate vulnerabilities before they are exploited. In fact, Lyon said Netography expects its service to advance adoption of DevSecOps best practices within organizations.

It’s too early to say how deeply involved networking teams will be in setting up DevSecOps. But as the part of the IT organization that has the most visibility into what’s occurring at the network edge and beyond, the networking team has an opportunity to provide DevOps teams with crucial actionable intelligence. That challenge now is making it as simple as possible for those networking teams to gather that intelligence in a way that fits most naturally within the scope of their existing job function.

Featured eBook
Automating Open Source Security: A SANS Product Review of WhiteSource

Automating Open Source Security: A SANS Product Review of WhiteSource

Many sources indicate that 60–80 percent of code in applications today is based on open source components. This open source code often includes vulnerabilities that, if not managed properly, can expose organizations to potential breaches. This paper takes a close look at how WhiteSource can automate the process of open source component vulnerability detection, remediation, ... Read More
WhiteSource
Michael Vizard

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 78 posts and counting.See all posts by mike-vizard