Unrivalled network visibility

NetFlow Auditor provides visibility of every network conversation and scales beyond any other product in the industry.

NetFlow Auditor can perform analysis on any combination of data fields simultaneously (e.g. usage, packets, flows, packet size, utilization, etc) and sort data by any field. Effectively measure usage, trending patterns, baselines, averages, peaks and troughs, and standard deviations.

• Packet Size analysis - Provides a detailed view of network traffic by packet sizes. Use this information to optimize VoIP traffic as well as to identify packet size anomalies.
• Count analysis - Count records as part of a result to quickly identify excessive flows or change. Any record combination can be counted, e.g. counting all internal IP's with number of IP or Port conversations enables quick identification of Port Scanners, P2P users, DoS attacks or other multi threaded conversations. Identify long lasting flows or conversations.
• Deviation analysis - Analyze traffic patterns by standard deviation to identify what aspects have changed the most in a specific period, e.g. knowing what application has changed the most in the last 2 hours can lead to early detection of issues. Identify Worms, increasing flows or data floods.
• Bi-directional analysis - Show forward and reverse conversations and In vs. Out conversations to quickly identify which side of the conversation is responsible for traffic usage/flows.
• Baseline analysis - Short term and long term comparative analysis can be performed on any and every element. For example, interface, subnets, protocols, traffic between endpoints, IP, Location, Application or a combination thereof for a particular period compared against a previous period. Comparative analysis of each element across the time line gives the ability to identify which element caused the change and when. Baseline Alerting can then be activated to learn baselines for every hour for every weekday and alert on anomalies outside thresholds or standard deviations away from the norm.
• Percentile analysis - Short term and long term percentile analysis can be calculated. For Billing or Security. A percentile analysis of a threshold event will provide an indication of change. This can be set in conjunction with Baseline analysis.
• Cross section analysis - Stacked graphs enable comparison of any two network traffic parameters. As an example, A stacked bar QoS analysis can graphically show the details of each application running within every class of service.
• Custom Group analysis - IP addresses can be grouped by Location, Customer, Application and Services. Network traffic detail can now be categorized in logical groups for reporting, billing and capacity planning.

Baselining

Short term and long term comparative analysis of any and every element. e.g. interface/IP/Location/Application or a combination thereof for a particular period compared against a previous period:

• this minute versus last 20 minutes;
• this hour versus last 6 hours;
• this day of the month versus other days of the month or this day every month;
• this weekday versus each other weekday or this weekday versus every other same weekday for last 12 months;
• this week versus last 4 weeks;
• this month versus last 12 months;
• this quarter versus last 4 quarters;
• this year versus last year;
• what was my Server Farm usage this quarter compared to last quarter?

Comparative analysis of each element across the time line. Gives the ability to identify which element caused the change and when.

Network Behavior Anomaly Detection

• Anomaly Detection - Ability to create any combination of anomaly detection intelligent baselines. Comes Preset with default alerts. Available as an Add-on.
• Alerting - Ability to create any combination of analysis and automate the output as as an alert once certain criteria are met e.g. bandwidth utilization is over a certain threshold. Alerts can be tuned to reduce or eliminate false positives. Alerts can take the format of SNMP trap to a trap receiver to raise a trouble ticket with the correct team/person.

Reporting and Templates

• Reporting - Ability to create any combination of analysis and automate the output as a report periodically. E.g. end of a week, end of a quarter, end of a month, end of an hour, every 23 days etc… Reports can be written to saved and/ or emailed to one or more recipients. A report can be repeatedly updated or time stamped e.g. A data center manager wants to know the server usage trends in his environment over time and monitors this every week, month and quarter to make decisions on how to position his servers and provision services. Reports can take the format of CSV file to record events that occur for input into other systems. For example, logging when unknown IP’s use key business services will enable the compliance team to identify risk over the long term.
• Templates - Creation and customization of any analysis combination into a template to be used in the drill down menu.