Netography upgraded its security ops platform to better incorporate ‘context.’ Here’s why that matters

The platform, the relaunch of which Netography announced this week, now includes several features that Roesch told Technical.ly were “so game-changing that we thought it warranted” publicly introducing those changes. Those updates include:

• Adding new labels and tags for context on systems facing potential cyberthreats, which help security and cloud teams better analyze and understand network vulnerability
• Better streamlining and centralized visualization of network security information for users and clients
• Closing visibility gaps

Roesch, a technologist and entrepreneur who invented the open-source intrusion detection system Snort and previously served as Columbia-based Sourcefire’s CTO through its $2.7 billion acquisition by Cisco in 2013, said that these upgrades were necessary to best address the changing reality of cyberthreats.

“The original launch of the platform was back in the pandemic, so it wasn’t as splashy as it could’ve been,” he said. “Realistically, we’ve added these capabilities that we didn’t have before that are actually really meaningful. They’re really based around the idea of bringing context to the platform.”

Context and the atomized network

Roesch defines “context” as the attributes of users, applications, data and devices that distinguish them on a network. For instance, if you notice a device on a network and all you can see is an IP address, then its context relates to what services it offers, what operating systems it runs and other such unique attributes. He added that Netography Fusion is unique among security technologies in that it pays attention to context, which also includes user identity information, whether or not a system operates under a compliance regimen (i.e. HIPAA) and similar details.

“You have a configuration that you decide to put into your firewall, your intrusion prevention system, your anti-malware system — it’s based on your knowledge of the environment that you’re protecting, which may or may not be up to date, may be imperfect and may go out of date very quickly,” he said. “So we use this information to configure our defenses.”

Events don't just happen, they happen to something, and most security technology doesn't consider what it's happened to, it just cares that there's been an event there.

It’s a simple concept, but one Roesch doesn’t see used in much security tech. Most of this tech, he said, only responds to the particular “event” that security systems generate to deal with an individual attack.

“Events don’t just happen, they happen to something, and most security technology doesn’t consider what it’s happened to, it just cares that there’s been an event there,” Roesch said, adding: “What we’ve done by bringing context into the equation is we’re loading in organizational information — and doing so in a very frictionless and automated fashion — so that when we’re analyzing what’s happening in an organization, we can tell you how much you should care based on what we know about the organization itself.”

Roesch’s overall view of network security revolves around the concept of the “atomized network,” which he described as the idea of a security system being treated (and thus protected) as one network, instead of multiple constituent components with different operational components. He anticipates that this way of looking at tech infrastructure will only grow, even if few companies use such a model now.

In many situations, “what you get is this kind of Tower of Babel problem where you’ve got all these technologies that have all their own requirements, and their own teams for running them, and you’re trying to make sense of what they’re telling you,” he said. “What we do is treat your atomized network as one composite thing that is defended as one composite thing. So we, kind of, are stopping the madness of trying to do these piecemeal defenses and turning it into one platform.”

This philosophy is encapsulated in the services Netography provides to the security and cloud operations teams of its clients, which include such major data-driven companies as FICO. The data analytics firm’s senior director of core security services and architecture, Shannon Ryan, praised the new context labels in a Netography announcement.

“The addition of context labels enables new use cases, including policies that we can apply to specific applications or our on-premises or multi-cloud infrastructure, enabling us with visibility and alerts for specific compliance control,” Ryan said. “Context labels also make it easier for more team members to analyze incidents and answer audit questionnaires quicker.”

Netography’s evolution and the future of network security

The platform change reflects the amount that the company itself has changed since Roesch became its CEO in 2021. Netography announced a $45 million Series A in November of that year, and Roesch said that the company has been steadily hiring up to its just-over-40 headcount now. Going forward, he plans to keep up that pace and, with more VC investment, grow more rapidly.

In addition, Roesch sees the company evolving to fit the trends in network security software that this platform update also reflected. He described the continued silos within security systems as “a recipe for disaster” that can especially threaten massive, billion-dollar companies that don’t have a good grip on their unwieldy security infrastructure.

“Companies rate going to come up that embrace that abstraction as the moving-forward kind of way to think about things, so that you can architect the right solutions,” he said.