Netography is a SaaS-based startup in the network observability and zero-trust spaces. I was briefed by CEO Marty Roesch at the RSA Conference 2024. Here’s what I took away from that conversation.
Netography builds a model of the devices and applications that are communicating on your network, including your campus and data center networks and VPC-to-VPC connections in the public cloud. It builds this model from flow records and DNS logs from your on-prem networks, and from flow records from VPCs in the public cloud.
Netography says it can enhace its model with contextual information about devices and end users. It gets this context from third-party agent software such as Crowdstrike. Netography uses APIs to pull in information to its model from these agents.
The cloud platform analyzes all of this data and builds a model. Customers then use this model to see what’s communicating with what, and whether rules need to be added or changed to segment device communication, and to align that segmentation with the organization’s policies.
Customers must then configure the relevant network devices (switches, routers, firewalls) to implement this segmentation. Note that Netography itself does not make any network changes; engineers or security teams must make the configuration and rule changes on the appropriate devices themselves.
Customers can also use Netography’s query language to test rule and configuration changes against the model to see what traffic flows might be affected before any changes are made. After changes are pushed into production and the model updates, customers can refer to the model to validate that the changes are having the intended effect.
Customers can also write rules in Netography to detect rule or policy violations (for example, a device violating a trust boundary, opening an unexpected port, and so on) and take actions. Actions include sending an alert, triggering an action on router via BGP Flowspec, or communicating with third-party endpoint software to take an action.
Deployment
As mentioned, Netography is delivered via SaaS. It doesn’t require hardware on premises, or agents on endpoints. The agentless approach makes for easier deployment and ongoing management (no need to worry about troubleshooting agent issues, updating fleets of agent software, and so on). The service is also not stymied by encrypted traffic because it’s using flow records.
It does need a small presence on your premises in the form of software, typically deployed in a container, to collect DNS logs and flows from your flow collectors. This on-prem software encrypts the flow records and logs and sends it to the Netography cloud.
Too Simple, Or Just Simple Enough?
For organizations looking to implement a zero trust model and drive network segmentation, there are dizzying number of frameworks and a boatload of products with varying degrees of cost, complexity, and moving parts (host agents, policy engines, policy enforcement points, traffic monitoring, identity services, and on and on). Deploying and integrating all of these components is hard and expensive, which is why most vendors talk about their zero trust solutions as “a journey.”
I think it would be a stretch to say that Netography provides a full zero trust implementation. It’s not built to enforce zero trust policies or stop incidents. It doesn’t control its own fate in regards to endpoints and, to my mind, could use some shoring up around endpoint monitoring and incorporating user identity and roles. And there are limitations to its reliance on flow records, including potential blind spots for network equipment and network segments that aren’t exporting flows.
But I believe it can help move organizations in the right direction. Netography’s approach is to be simple by design, to extract as much value as it can from a carefully chosen set of data and metadata, and do a few things well.
Netography can help you identify where gaps exist in your segmentation policies, and validate the rules and changes you put in place to close those gaps. It also provides ongoing observability and alerting when boundaries are violated or when, inevitably, business or operational changes open new gaps. It does this while being relatively simple to deploy and operate. These are clear wins for organizations looking to “start the journey” of zero trust and segmentation.
