Barrett Lyon, Netography: “network metadata is abundant and badly underutilized in most IT environments”
With the pandemic unexpectedly locking everyone at home and closing offices, most organizations made a sudden and rapid switch to cyberspace. This resulted in companies getting many different applications that were never meant to work together, creating many vulnerabilities.
Not dealing with vulnerabilities can lead to many types of cyberattacks, from different kinds of malware to a data breach. And depending which one a company experiences, results can be detrimental to a business, either financially or in terms of reputation.
However, the cybersecurity sector is constantly evolving, too. While ordinary users make use of such cybersecurity products as VPNs that encrypt your online traffic, businesses need more complex solutions, such as SaaS-based approach tools for securing atomized networks.
To learn about the cybersecurity challenges and their solutions, we interviewed Barrett Lyon, the Co-Founder and Chief Architect of Netography – a security company for atomized networks.
Tell us more about your story. How did Netography originate?
Netography originated the way all of my previous companies have originated – trying to solve the security and operations problems I faced in my day-to-day life. As application development and network architectures evolve, I have always found it important to develop new services to solve these modern problems. Prolexic, which was later sold to Akamai, began to defend networks against Distributed Denial of Service (DDoS) attacks. Later I started BitGravity, a content delivery network (CDN) that could scale to deliver rich media content (acquired by Tata Communications). I then started XDN, ultimately acquired by Fortinet, to give businesses greater control over existing CDNs. I founded Defense.Net (acquired by F5) to build a DDoS defense network for the modern Internet. I’m always standing up and managing infrastructure for things like the Opte Project, which maps out the entire Internet. In doing so, I kept finding myself defending against attacks and rooting out behaviors of intruders that eluded traditional network defenses. The thought was, “how do we do this holistically; how do we make it super simple to use and get to the absolute essence of what you need to see and do to stop attackers as quickly as possible?” Netography originated to solve that problem.
You often state that networks have become atomized. Could you briefly explain what this entails?
With an Atomized Network, there's no one place to see everything. Organizations meant buildings full of workers and data and applications in your data centers. Now, organizations have people and applications all over the place. They have legacy appliances in their physical infrastructure. They have cloud-based applications and monitoring tools in the cloud and different monitoring tools from different clouds. And they have different policy management mechanisms and reporting systems, and none of them work together and were never envisioned to work together. Your people, infrastructure, applications, and data are scattered everywhere. That is the Atomized Network.
What are the main challenges your services help solve?
Netography allows teams to see uniformly across the entire Atomized Network – one place to look, one place to analyze, one place to write policy, one place to hunt threats – within minutes. And because we provide this via a cloud-based, lightweight solution, customers can go from being under attack to stopping the attack in less than an hour from when we ingested their first data record. We see everything across the entire Atomized Network and can affect policy changes across all modern architecture. Our solution responds dynamically to protect against threats through automation, delivering real-time, customized responses and remediation tactics to protect any environment. You can choose which alerts are pertinent to your business needs, delivering precisely the intel and actions desired without overwhelming your team with unnecessary noise.
How do you think the pandemic affected the cybersecurity industry? Did you add any new features to your services as a result?
Over the past two years, companies took what would have otherwise been a five to ten-year digital transformation and moved to the cloud, and just threw a number of applications into the cloud that were never built or made to go there. So you now have a patchwork of infrastructure, services, applications, and data living all over the place, and you’re asking your security teams to hopefully protect it all. Entrenched cybersecurity vendors have not been able to keep up. Where do you plug in a box solution when there's no plug? The way their solutions are architected, they sit on a traditional network and don’t necessarily touch your cloud-based applications. And cloud-based security doesn’t take into account all of your legacy infrastructures. So unless you are built from day one, like we are, to think about the entire Atomized Network holistically, you need a new approach to stop these sophisticated attacks quickly enough.
In your opinion, why are certain companies unaware of the threats hiding in their own networks? What are the most common misconceptions people tend to have regarding network security?
Where we previously could rely on a set of middleware appliances, such as firewalls and intrusion prevention and detection systems, to inspect network traffic and extend visibility across the network, the absence of a defined ‘middle’ in the Atomized Network and reliance on deep packet inspection (DPI) has merely created more blind spots in the network. Do not assume that keeping these tools updated, or layering on without a sense of whether you truly have a holistic view of your network will be enough to protect your organization.
What cyber threats do you think we are going to see more of in the next few years?
It’s hard to predict just how creative criminals can get over a long period. But we’re already seeing them take advantage of the fact that organizations have such dispersed, Atomized Networks, and that the left-hand doesn’t always talk to the right, to find ways to penetrate an organization’s defenses. We’ll see more of that to come.
And then to give a more specific example of something we see happening today, as cryptocurrency increases in value and adoption, cryptomining (using other people’s computing power to mine cryptocurrencies) has become so bad that Google is even offering a threat detection capability for GCP centered around detecting cryptomining on workloads. For security teams, this means that they need to not only be monitoring for the usual signs of compromise, but also for patterns of usage and changes in traffic that indicate your infrastructure is being utilized for crypto mining. These kinds of attacks can potentially put your company at risk of liability for conducting illegal activities on your infrastructure, so they must be treated as just as much a risk as other threats invading the network.
What would you consider the essential security measures organizations should implement to secure their hybrid network?
The good news is that organizations have a ton of useful threat intelligence data already present in their network infrastructure to spot attacks. The challenge is that there's too much data and organizations need impressive and creative means to put this data to work. Network metadata is abundant and badly underutilized in most IT environments. It can provide salient clues as to whether your network is communicating with an adversary, because for an attacker to successfully exfiltrate data from a network, they must also use the network itself to move the data. No matter how stealthy an attacker might be, traces of network metadata will invariably be left behind. Whether these systems live within a corporate data center or in a public cloud environment, the ability to collect and analyze this type of network data and turn it into actionable threat intelligence will be essential. So at a minimum, you must be paying attention to and making your network metadata actionable, if you want to holistically protect your Atomized Network.
And finally, would you like to share what’s next for Netography?
We announced a $45 million Series A round of funding last fall and are rapidly expanding the company with very strong leadership, go-to-market, and technical teams. For the product, Netography Fusion, we're working on bringing more detection capabilities to the table, expanding the scale of visibility that Netography has across a customer’s Atomized Network.