Do you want to have complete visibility in your computer network and significantly improve its security?
Do you know WHO is doing WHAT andWHEN on your network?
The Flow monitoring solution (i.e. FlowMon) provides the statistics necessary for network monitoring, security, troubleshooting, IP accounting and billing, capacity planning, user and application monitoring, data retention law fulfillment and more.
Monitoring the flows (i.e. NetFlow or sFlow) provides great benefits, such as:
-> Find out the top users and get their statistics
-> Monitor network traffic in real-time
-> Analyze flows for capacity planning
-> Troubleshoot network failures in seconds
-> Diagnose network, services and applications latency
-> Plan and monitor QoS policy
-> Check SLA‘s (Service Level Agreements)
Important part of many Flow Monitoring solutions is Network Behavior Analysis (NBA) or Network Behavior Anomaly Detection (NBAD).
NBA is a modern system for detection of data network anomalies and undesirable behavior, which is based on permanent evaluation of network traffic statistics. It is so called “signature-less” solution for detection of undesired behavior on the network. What does it means?
Conventional IPS (Intrusion Prevention) solutions defend a network’s perimeter by using packet inspection, signature detection and real-time blocking. They generally monitor packets on the network and look for patterns in the packetswhich match their database of signatures representing per-identified known security threats. NBA solutions are complimentary to those systems, providing continuous monitoring of network for unusual behavior or trends.(i.e. SMTP anomaly = email spam).
NBA/NBAD systems are particularly helpful in detecting new zero-delay attacks for which signatures were still not developed. But there are many benefits of NBA solution, such as:
- Anomalies in device behavior (change of the long-term behavior profile of a device)
- Anomalies in data traffic (DNS, multicast, non-standard communication)
- Attacks (port scanning, dictionary attacks, Denial of Service, Telnet protocol)
- Unwanted applications (P2P networks, instant messaging, anonymization services)
- Internal security issues (viruses, spyware, botnets)
- Email traffic (outgoing spam)
- Operational problems (delays, excessive load, the reverse DNS records, broken updates)