NetFlow / IPFIX / sFlow / jFlow
Network Analytics, Anomaly Detection, and DDoS Protection
Deeper Insight Into Your Traffic
NMSaaS offers a high performance, highly scalable and flexible NetFlow solution. The NMSaaS solution collects flows from single or multiple locations, including up to thousands of locations. We have a great ability to combine your flow data with other data such as SNMP or WMI to give deeper insights into your Network behavior and quickly gain in depth Root Cause Analysis.
NMSaaS supports all versions of NetFlow including V5/V7/V9, Flexible NetFlow, Sflow, Jflow, IPFIX…
NetFlow is used today in almost all enterprise IT organizations, and gives an insight into your traffic that SNMP just doesn’t provide. The most basic use case for NetFlow is to answer the question “Who is talking on my network and what applications and protocols are they using”? This simple question, along with some additional more advanced analytics available in modern NetFlow capable systems, forms the basis for in-depth network monitoring.
Initially NetFlow started out as a technology that focused on near real time performance monitoring (for example, “show me the top 10 talkers in the last 3 hours”) and has now become a much more in-depth tool that can be used for a variety of use cases.
Advanced usage scenarios include:
- Security analytics
- Billing justification and departmental charge back
- Long term trending and capacity planning
- QoS analytics
Network Performance – Isolate & Analyze Key Network Issues
We have the ability to see into 100% of network traffic and 100% of application transactions in real time to produce hundreds of detailed metrics including traffic volumes, device and application performance, web application issues, communication and transaction errors, and other key network and application performance indicators including:
- Top Talkers (by IP, Application, Location and more)
- How much bandwidth is being used by various applications / users?
- Which users are are connecting to which servers?
- What does the long-term traffic usage look like for applications, servers, locations and networks?
- What links are saturated, and why?
This type of information is critical for a long-term clear picture of performance related issues and network health. It is also critical to be able to quickly understand what is creating the congestion in order to isolate and fix it.
Anomaly Detection and Traffic Behavior Analysis
Anomalies fall into three categories:
- Unusual but legitimate traffic. Sometimes an application has to engage in a burst of atypical network activity. This could be flagged once, but the monitoring system should adapt to it and not report it every time it happens.
- Errors and malfunctions. A buggy but not malicious application could generate an uncontrolled series of requests. A device that isn’t responding might get repeated requests. These are problems that need fixing but aren’t threats.
- Threats. Repeated probes and denial-of-service attempts are warnings of a concerted attempt to attack the network. Anomalies in internal or outgoing traffic could indicate a successful malware invasion or a hijacked account.
Our solution also includes a simple yet powerful traffic recording capability. Requirements for recording traffic can be entered via intuitive GUI with the option of restricting entry in terms of time, size of the resulting file or split into multiple files. Data traffic can be recorded based on a number of criteria such as IP addresses, physical (MAC) address, number of port and more. The resulting files in PCAP format are available for download through the user interface.