We've got great news for companies that have deployed Microsoft security products in their tech stack - the Netography Fusion® Network Defense Platform now ingests context from Microsoft Defender for Endpoint product and the Microsoft Defender XDR platform.
Fusion customers can now add critical context from the market share leader for endpoint security and their Microsoft-managed identities, email, and apps to enrich the metadata our NDP ingests from across their networks.
These new integrations build on our existing integration with Microsoft Azure to ingest enriched metadata from cloud workloads.
Context from your tech stack is a critical component of the unique value the Fusion platform delivers to SecOps and NetOps teams.
The Fusion platform uses context to transform the metadata in your network from a table of IP addresses, ports, and protocols into enriched metadata that provides context-rich descriptions of the activities of your users, applications, and devices.
Enriched metadata accelerates your ability to detect compromise activity that other security controls in your stack have missed, such as anomalous lateral movement and data exfiltration.
It reduces the time required to respond to any anomalies by delivering detailed, actionable alerts that include the context attributes of the devices involved in the activity.
Integration with these Microsoft products is significant because of their widespread deployment in enterprise networks and the ease with which you'll be able to ingest attributes to enrich your understanding of anomalous activity in your network.
The Microsoft Defender for Endpoint integration ingests context attributes from Defender-managed devices across your enterprise.
There are over 20 device and user context attributes currently collected, including many values created by the Defender endpoint automatically.
Devices managed by Microsoft Defender for Endpoint Emails processed by Microsoft 365 Authentication events, domain controller activities, and cloud application activities monitored by Microsoft Defender for Identity and Microsoft Defender for Cloud Apps.
Taken together, these integrations significantly increase the amount of actionable data Fusion will be able to generate.
By combining the Microsoft-generated context with the enriched metadata from the other sources in your network, your SOC and NOC teams will have the confidence they need to know that a device, user account, or application has been compromised without conducting additional investigation.
Fusion starts with aggregating and normalizing metadata from your multi-cloud and on-prem network, including cloud flow logs from all five major cloud providers.
Fusion then enriches this metadata with context contained in applications and services in your existing tech stack, including asset management, CMDB, EDR, NDR, XDR, and vulnerability management systems.
The context can include dozens of attributes, including asset risk, environment, last known user, region, risk score, security workgroup, type of entity, and vulnerability count.
The result is a unified view of activity across your hybrid multi-cloud and on-prem network, including IT, OT, and IoT environments, without the need to deploy sensors, network taps, agents, or decryption architectures.
The Fusion platform puts all the relevant information your SecOps and NetOps teams need at their fingertips.
Fusion's customizable dashboards and Netography Detection Models your teams can monitor activity by any combination of attributes.
This is a Security Bloggers Network syndicated blog from Netography authored by Patrick Bedwell.
This Cyber News was published on securityboulevard.com. Publication date: Thu, 04 Jan 2024 19:43:04 +0000