Flowmon Solution: Introduction

 

Reliable  and  well  secured  network  is  a  key aspect  for  any organization. Even short outage or successful attack to data or network infrastructure can cause huge financial loss, damage the reputation, customer dissatisfaction or even their loss. Network and security administrators are facing a difficult task since  they  have  to  manage  a  complex  IT  environment  and ensure  its  protection  against  more  and  more  advanced  and frequent attacks and threats.

This requires the use of modern approaches and tools which enable them to manage a network in an effective manner and ensure its security. Therefore, most organizations are already using or considering deployment of a flow-based monitoring technology, preferably in a combination with an analysis of network behavior analysis (NBA).

 

Network Traffic Monitoring

Flowmon solution delivers the IP flow-based monitoring (NetFlow, IPFIX, sflow) for all organizations and networks (SMBs,  enterprises,  government,  academic organization, ISPs). It provides complete network visibility, network monitoring, security, troubleshooting, IP accounting and billing, capacity planning, user and application monitoring.

 

Traffic Monitoring and Volume Statistics

Advanced Reporting

 

 

Anomaly Detector - Network Behavior Analysis

The Anomaly Detector module uses Network Behavior Analysis (NBA) with automatic flow analysis and it enables to automatically detect operational and security issues (malicious activities, zero-day attacks and advanced persistent threats), which are undetectable by tools in common use (firewall, antivirus, IDS/IPS).

 

ADM Traffic Statistics

 ADM Event

 

Main Features

  • Modern NBA/NBAD system for anomaly detection
  • Tens of algorithms for identification of security and operational incidents
  • Monitoring long-term behavior profiles of devices on the network in terms of services, traffic volume and communication partners
  • Comprehensive dashboard with immediate indication of incidents and top statistics
  • Automatic detailed reporting
  • Support for NetFlow v5/v9, IPFIX, NetStream, jFlow including NBAR2, HTTP, MAC addresses etc.
  • Deduplication and flow pairing
  • Events export to the SIEM systems (syslog, CEF)
  • The extension module for Flowmon
  • Simple installation to the Flowmon Probe/Collector

Anomalies and undesirable behavior detection

Attacks - port scanning, dictionary attacks, Denial of Service, attacks using Telnet protocol and others,
Anomalies in data traffic - DNS, ICMP, DHCP, multicast, non-standard communication,
Anomalies in device behavior - change of the long-term behavior profile of a device, change in network behavior,
Undesired applications - P2P networks, instant messaging, anonymization services,
Security issues - viruses, spyware, botnets, communication with blacklisted IP addresses,
Email traffic - outgoing spam, configuration issues,
Operational problems - latency, excessive load, reverse
DNS records, broken updates, suspicious destinations,
Potential data leakage - data upload on a public servers, web storages or suspicious destinations.

 

Benefits of Flowmon Solution


  • Operational and configuration issues are detected and identified immediately – before they cause nightshifts, downtime or resentful users and customers.

  • Administrators are no more overloaded with operational problems and can concentrate on optimization of infrastructure and provided services.

  • Network monitoring processes required by law or internal directives are fulfilled and fully automated.

  • Infrastructure is better protected against new security threats (social engineering, inside attacks, data leakage, advanced persistent threats, sophisticated attacks).

  • Security incidents are detected in real-time and it is possible to investigate and prove them.

  • It is possible to eliminate illegal software and services or abuse of the network by employees.

  • Significant reduction of manual labor. Problems are solved fast and efficiently.

  • Cost reduction resulting from lower damage caused by security incidents.

  • Optimization of network application licenses, SLA and peering optimization, etc.

 


Form of Virtual Appliance or Software as s Service

 

Software as a Service (SaaS)

You send NetFlow to our Cloud and access the statistics & receive benefits via browser.

  • Optional NetFlow encryption

 

Saas

Virtual Appliance (VA)

Virtual Appliance allows to keep everything under your control.

  • Supported VMware ESXi 4.1 and higher
  • Minimal storage requirements: 46GB
  • Recommended assigned memory: 16GB
  • Recommended assigned CPU cores: 4-8
  • Recommended IOPS value: 1000 IOPS

 

virtualization.png