NetFlow / IPFIX / sFlow / jFlow

Network Analytics, Anomaly Detection, and DDoS Protection

Deeper Insight Into Your Traffic

NMSaaS  offers a high performance, highly scalable and flexible NetFlow solution. The NMSaaS solution collects flows from single or multiple locations, including up to thousands of locations. We have a great ability to combine your flow data with other data such as SNMP or WMI to give deeper insights into your Network behavior and quickly gain in depth Root Cause Analysis.

NMSaaS supports all versions of NetFlow including V5/V7/V9, Flexible NetFlow, Sflow, Jflow, IPFIX…

NetFlow is used today in almost all enterprise IT organizations, and gives an insight into your traffic that SNMP just doesn’t provide.  The most basic use case for NetFlow is to answer the question “Who is talking on my network and what applications and protocols are they using”?  This simple question, along with some additional more advanced analytics available in modern NetFlow capable systems, forms the basis for in-depth network monitoring.

Initially NetFlow started out as a technology that focused on near real time performance monitoring (for example, “show me the top 10 talkers in the last 3 hours”) and has now become a much more in-depth tool that can be used for a variety of use cases.

Advanced usage scenarios include:

  1. Security analytics
  2. Billing justification and departmental charge back
  3. Long term trending and capacity planning
  4. QoS analytics

Network Performance – Isolate & Analyze Key Network Issues

We have the ability to see into 100% of network traffic and 100% of application transactions in real time to produce hundreds of detailed metrics including traffic volumes, device and application performance, web application issues, communication and transaction errors, and other key network and application performance indicators including:

  1. Top Talkers (by IP, Application, Location and more)
  2. How much bandwidth is being used by various applications / users?
  3. Which users are are connecting to which servers?
  4. What does the long-term traffic usage look like for applications, servers, locations and   networks?
  5. What links are saturated, and why?

This type of information is critical for a long-term clear picture of performance related issues and network health.  It is also critical to be able to quickly understand what is creating the congestion in order to isolate and fix it.

 

 

Anomaly Detection and Traffic Behavior Analysis

Keeping a network safe requires a broad array of tools. Detection of anomalies plays the important role of spotting trouble early. Anomalies can happen in incoming, internal, and outgoing traffic. On the incoming side, recognition of attacks in progress provides an early warning. Within the network, malware that has successfully invaded one machine may launch attacks on others. Outgoing traffic could include attempts to contact command-and-control servers. When monitoring detects these events, security software or administrators can take action to stop the threat quickly.

Anomalies fall into three categories:

  • Unusual but legitimate traffic. Sometimes an application has to engage in a burst of atypical network activity. This could be flagged once, but the monitoring system should adapt to it and not report it every time it happens.
  • Errors and malfunctions. A buggy but not malicious application could generate an uncontrolled series of requests. A device that isn’t responding might get repeated requests. These are problems that need fixing but aren’t threats.
  • Threats. Repeated probes and denial-of-service attempts are warnings of a concerted attempt to attack the network. Anomalies in internal or outgoing traffic could indicate a successful malware invasion or a hijacked account.

Today’s cyber threats keep changing, and they use techniques which are hard to detect. A successful defense against them needs to have multiple layers, so that when a threat gets past one defense, another is ready to catch and stop it. Anomaly detection is an essential part of this strategy. 

Start a Free 30 Day Trial
Schedule a Live Demo

Traffic Recording

Our solution also includes a simple yet powerful traffic recording capability. Requirements for recording traffic can be entered via intuitive GUI with the option of restricting entry in terms of time, size of the resulting file or split into multiple files. Data traffic can be recorded based on a number of criteria such as IP addresses, physical (MAC) address, number of port and more. The resulting files in PCAP format are available for download through the user interface.