Flowmon Solution: Introduction
Reliable and well secured network is a key aspect for any organization. Even short outage or successful attack to data or network infrastructure can cause huge financial loss, damage the reputation, customer dissatisfaction or even their loss. Network and security administrators are facing a difficult task since they have to manage a complex IT environment and ensure its protection against more and more advanced and frequent attacks and threats.
This requires the use of modern approaches and tools which enable them to manage a network in an effective manner and ensure its security. Therefore, most organizations are already using or considering deployment of a flow-based monitoring technology, preferably in a combination with an analysis of network behavior analysis (NBA).
Network Traffic Monitoring
Flowmon solution delivers the IP flow-based monitoring (NetFlow, IPFIX, sflow) for all organizations and networks (SMBs, enterprises, government, academic organization, ISPs). It provides complete network visibility, network monitoring, security, troubleshooting, IP accounting and billing, capacity planning, user and application monitoring.
Anomaly Detector - Network Behavior Analysis
The Anomaly Detector module uses Network Behavior Analysis (NBA) with automatic flow analysis and it enables to automatically detect operational and security issues (malicious activities, zero-day attacks and advanced persistent threats), which are undetectable by tools in common use (firewall, antivirus, IDS/IPS).
- Modern NBA/NBAD system for anomaly detection
- Tens of algorithms for identification of security and operational incidents
- Monitoring long-term behavior profiles of devices on the network in terms of services, traffic volume and communication partners
- Comprehensive dashboard with immediate indication of incidents and top statistics
- Automatic detailed reporting
- Support for NetFlow v5/v9, IPFIX, NetStream, jFlow including NBAR2, HTTP, MAC addresses etc.
- Deduplication and flow pairing
- Events export to the SIEM systems (syslog, CEF)
- The extension module for Flowmon
- Simple installation to the Flowmon Probe/Collector
Anomalies and undesirable behavior detectionAttacks - port scanning, dictionary attacks, Denial of Service, attacks using Telnet protocol and others,
Anomalies in data traffic - DNS, ICMP, DHCP, multicast, non-standard communication,
Anomalies in device behavior - change of the long-term behavior profile of a device, change in network behavior,
Undesired applications - P2P networks, instant messaging, anonymization services,
Security issues - viruses, spyware, botnets, communication with blacklisted IP addresses,
Email traffic - outgoing spam, configuration issues,
Operational problems - latency, excessive load, reverse
DNS records, broken updates, suspicious destinations,
Potential data leakage - data upload on a public servers, web storages or suspicious destinations.
Benefits of Flowmon Solution
- Operational and configuration issues are detected and identified immediately – before they cause nightshifts, downtime or resentful users and customers.
- Administrators are no more overloaded with operational problems and can concentrate on optimization of infrastructure and provided services.
- Network monitoring processes required by law or internal directives are fulfilled and fully automated.
- Infrastructure is better protected against new security threats (social engineering, inside attacks, data leakage, advanced persistent threats, sophisticated attacks).
- Security incidents are detected in real-time and it is possible to investigate and prove them.
- It is possible to eliminate illegal software and services or abuse of the network by employees.
- Significant reduction of manual labor. Problems are solved fast and efficiently.
- Cost reduction resulting from lower damage caused by security incidents.
- Optimization of network application licenses, SLA and peering optimization, etc.
Form of Virtual Appliance or Software as s Service
Software as a Service (SaaS)
You send NetFlow to our Cloud and access the statistics & receive benefits via browser.
- Optional NetFlow encryption
Virtual Appliance (VA)
Virtual Appliance allows to keep everything under your control.
- Supported VMware ESXi 4.1 and higher
- Minimal storage requirements: 46GB
- Recommended assigned memory: 16GB
- Recommended assigned CPU cores: 4-8
- Recommended IOPS value: 1000 IOPS