Flowmon Solution: Technology

 

Flowmon solution represents a unique connection of two technologies - Flow-based Monitoring (NetFlow, IPFIX,, jflow, netstream, sflow) and Network Behavior Analysis - NBA (also called Network Behavior Anomaly Detection - NBAD). This solution is available as Virtual Appliance (VA) or Software as a Service (SaaS).

 technology_overview_invert.png

 

Flow-based Monitoring

Flow-based monitoring (usually  based  on  NetFlow, sflow,  or IPFIX  standard) provides detailed information about who communicates with whom, when, how long, how often, using what protocol and how much data was transferred. These statistics enable real-time monitoring of network utilization, monitoring of user activities and services, optimizing network infrastructure, tracking use of the Internet and they are also suitable for security purposes in the form of attacks and threats detection or proving security incidents.

 

flow-architecture.png

NetFlow/IPFIX

NetFlow is a method for flow monitoring invented by Cisco. It's the industry standard for network traffic monitoring and the most widely used measurement solution today. Statistics on IP traffic flows provide information about who communicates with whom, when, how long, how often, using what protocol and service and also how much data was transferred.

flow.png

 

Internet Protocol Flow Information Export (IPFIX) was created by IETF working group from the need for a common, universal standard of export for IP flow information. The IPFIX standard defines how IP flow information is formatted and transferred from an exporter to a collector. Previously many data network operators were relying on the proprietary Cisco NetFlow standard for traffic flow information export. The IPFIX is a much more flexible successor of NetFlow format.

 

Flowmon solution is suitable for deployment into any computer network, as it includes Probes generating flow statistics about network traffic, Collectors for storage, display and analysis of statistics and Anomaly Detector system for an automatic traffic analysis and identification of security and operational incidents.

 

product-schema.png

 

Through the use of industrial standards NetFlow and IPFIX, the system is easily extensible, well scalable and compatible with third party products. Find out more about Flow-based Monitoring technology, NetFlow Probes, NetFlow Collector, or Network Behavior Analysis.


 

Network Behavior Analysis (NBA)

Network security was historically focused on a perimeter to protect against external threats. But nowadays, more than 70% of attacks come from internal network so new approaches are required. Network traffic monitoring is becoming necessary part of each computer network and also anomaly detection systems based on Network Behavior Analysis are still more common.

NBA module - Anomaly Detector - combines various techniques and methods of artificial intelligence for successful detection of security and operational incidents. The traffic processing starts with deduplication and flow pairing (RFC 5103) which significantly improves primary data quality.

Methods of machine learning, heuristic algorithms, behavior profiling and monitoring of it’s changes over time, decision trees for monitoring of attacks and clustering algorithms for outlier detection, i.e. stations whose behavior is unique in that environment, are applied afterwards. A combination of these methods guarantees high reliability and low false positives rate. » Find out more about Network Behavior Analysis

 

ADM Traffic Statistics

 ADM Event