Network Intelligence
you can depend on

Presenting a Network Team in a Box

  • Behavior Anomaly Detection (NBAD/IDS)
  • Endpoint Threat Detection
  • Security and Information Event Management (SIEM)
  • Internet Protocol Address Management (IPAM)
  • Traffic Accounting
  • Usage Billing

Anomaly Detection

Network Behavior Anomaly Detection
The longer it runs, the smarter it becomes

Threat Detection

End Point Threat Detection
Global Intelligence, local knowledge


Enhance Network Security
Analyze every conversation

de facto standard for flow-based
network forensics and visibility


Real-Time Performance Monitoring
Scalable, Flexible and Granular

Bandwidth Monitoring, QoS, 95th Percentile,
Virtualization Analysis

Product Overview

NetFlow Auditor provides a comprehensive and dynamic Network X-Ray that enables enhanced security and intrusion detection and eliminates network blindspots

Add-ons extend base network visibility features to provide a comprehensive Intrusion Detection (IDS) and security and information event management (SIEM) solution as it gathers, analyzes and presents granular information from multiple network and security devices with comprehensive log auditing, review and incident response.

NetFlow Auditor constantly keeps its eyes on your Network and provides total visibility to quickly identify and alert on who is doing what, where, when, with whom and for how long. It learns network behaviors and detects and alerts on anomalies.

Supports both Real-time and Trending analysis of Usage, Packets, Conversations and 95th percentiles for network behavior anomaly detection, security forensics, capacity planning and billing purposes.

Network Super Vision

Bring your Network into Focus

NetFlow Auditor is a game-changing netflow analyzer technology that complements existing network and security management suites enhancing the visibility, security, reliability, resilience, and trustworthiness of your digital infrastructure. It delivers a complete and flexible kit for flow based network anomaly detection, forensics and analysis. Provides alerting and 20:20 vision to Network professionals of varying backgrounds of all point-to-point data conversations. NetFlow Auditor collects, archives and provides network data intelligence to help organizations quickly identify and alert on network anomalies to help resolve performance problems and manage network security and compliance across business services and applications, dramatically reducing the risk of potential business downtime.

Non-intrusive, highly fault tolerant, scalable, granular and flexible with real-time monitoring, long-term trending, reporting and alerting. With unique features but with simple sophistication to compliment your knowledge, NetFlow Auditor will provide the scalability, flexibility and granular depth to meet all your flow-based network management needs.

Our Global Customers

NetFlow Auditor is used by organizations of all sizes such as councils, utilities, banking, universities and all tiers of telcos and managed services:

We look forward to you experiencing why we've made many other customers lives very easy with our smart alerting and actionable intelligence and the scalable benefits only NetFlow Auditor can provide.
Quick, Easy & Flexible
With just a few clicks, you can have absolute network traffic visibility with performance root-cause analytics, anomaly detection and granular network and security forensics. Flexible Templates, Multiviews and unique Visualizations.
Security Forensics
Address security blind spots highlight P2P, DDoS, Botnet, Long Talkers, Streaming and other hidden anomalies. Monitor every interface, host, conversation, route-path, application, location, tcp flag, QoS class and more.
Performance Monitoring
Collects Granular Records of who is doing what, where, when, with whom and for how long with detailed root-cause analysis.
Anomaly Detection
Intelligently learns intensive baseline profiles of your network to quickly detect and isolate security and performance anomalies.
Scalable & Granular
Superior collection technology for volumes of sustained and burst flows per second. Superior archival technology for depth of collection and hierarchical or clustered views from multiple collectors.
Trending & Billing
Compare, quantify and baseline traffic usage by business group, location, AS, QoS and application daily, weekly, monthly, quarterly and annually Calculate 95th percentile or usage based billing and overages.

  • Netflow Auditor Delivers Results

    Total Network Visibility

    • Report on Cisco NetFlow, sFlow, jFlow, IPFIX flows with support for Cisco ASA Cisco ASR and Cisco Nexus Firewalls, Routers and Switches
    • Analyze Cisco WAAS and other compression tools benefit / impact.
    • Understand the impact of voice, viruses, hacking, multicast, DNS, peer-to-peer (P2P) and worms on your network.
    • Security orientated with Advanced Network Behavior Anomaly Detection (NBAD), NBAR, DDoS detection, P2P detection, blacklists and advanced Application Mapping
    • Pro-actively manage and troubleshoot network and application performance issues
    • Accurately plan network changes and new application roll-outs.
    • Justify bandwidth upgrades.
    • Validate WAN Optimization schemes with pre-post deployment assessments.
    • Ensure usage policies are enforced.
    • Archive information for regulatory and compliance requirements.
    • Fully supports IPv6 for analytics and billing.

    Absolute Scalability

    • Monitoring massive core traffic flows
    • Optimizing peering traffic
    • Comprehensive Capacity Planning
    • Enables comparative baselining of any element
    • Monitoring and managing service level agreements
    • Pro-actively manage and troubleshoot network and application performance issues
    • Detailed billing
  • Unrivalled network visibility

    NetFlow Auditor provides visibility of every network conversation and scales beyond any other product in the industry.

    NetFlow Auditor can perform analysis on any combination of data fields simultaneously (e.g. usage, packets, flows, packet size, utilization, etc) and sort data by any field. Effectively measure usage, trending patterns, baselines, averages, peaks and troughs, and standard deviations.

    • Packet Size analysis - Provides a detailed view of network traffic by packet sizes. Use this information to optimize VoIP traffic as well as to identify packet size anomalies.
    • Count analysis - Count records as part of a result to quickly identify excessive flows or change. Any record combination can be counted, e.g. counting all internal IP's with number of IP or Port conversations enables quick identification of Port Scanners, P2P users, DoS attacks or other multi threaded conversations. Identify long lasting flows or conversations.
    • Deviation analysis - Analyze traffic patterns by standard deviation to identify what aspects have changed the most in a specific period, e.g. knowing what application has changed the most in the last 2 hours can lead to early detection of issues. Identify Worms, increasing flows or data floods.
    • Bi-directional analysis - Show forward and reverse conversations and In vs. Out conversations to quickly identify which side of the conversation is responsible for traffic usage/flows.
    • Baseline analysis - Short term and long term comparative analysis can be performed on any and every element. For example, interface, subnets, protocols, traffic between endpoints, IP, Location, Application or a combination thereof for a particular period compared against a previous period. Comparative analysis of each element across the time line gives the ability to identify which element caused the change and when. Baseline Alerting can then be activated to learn baselines for every hour for every weekday and alert on anomalies outside thresholds or standard deviations away from the norm.
    • Percentile analysis - Short term and long term percentile analysis can be calculated. For Billing or Security. A percentile analysis of a threshold event will provide an indication of change. This can be set in conjunction with Baseline analysis.
    • Cross section analysis - Stacked graphs enable comparison of any two network traffic parameters. As an example, A stacked bar QoS analysis can graphically show the details of each application running within every class of service.
    • Custom Group analysis - IP addresses can be grouped by Location, Customer, Application and Services. Network traffic detail can now be categorized in logical groups for reporting, billing and capacity planning.
  • Baselining

    Short term and long term comparative analysis of any and every element. e.g. interface/IP/Location/Application or a combination thereof for a particular period compared against a previous period:

    • this minute versus last 20 minutes;
    • this hour versus last 6 hours;
    • this day of the month versus other days of the month or this day every month;
    • this weekday versus each other weekday or this weekday versus every other same weekday for last 12 months;
    • this week versus last 4 weeks;
    • this month versus last 12 months;
    • this quarter versus last 4 quarters;
    • this year versus last year;
    • what was my Server Farm usage this quarter compared to last quarter?

    Comparative analysis of each element across the time line. Gives the ability to identify which element caused the change and when.

  • Network Behavior Anomaly Detection

    • Anomaly Detection - Ability to create any combination of anomaly detection intelligent baselines. Comes Preset with default alerts. Available as an Add-on.
    • Alerting - Ability to create any combination of analysis and automate the output as as an alert once certain criteria are met e.g. bandwidth utilization is over a certain threshold. Alerts can be tuned to reduce or eliminate false positives. Alerts can take the format of SNMP trap to a trap receiver to raise a trouble ticket with the correct team/person.
  • Reporting and Templates

    • Reporting - Ability to create any combination of analysis and automate the output as a report periodically. E.g. end of a week, end of a quarter, end of a month, end of an hour, every 23 days etc… Reports can be written to saved and/ or emailed to one or more recipients. A report can be repeatedly updated or time stamped e.g. A data center manager wants to know the server usage trends in his environment over time and monitors this every week, month and quarter to make decisions on how to position his servers and provision services. Reports can take the format of CSV file to record events that occur for input into other systems. For example, logging when unknown IP’s use key business services will enable the compliance team to identify risk over the long term.
    • Templates - Creation and customization of any analysis combination into a template to be used in the drill down menu.

© 1998–2015 Netflow Auditor. All rights reserved.

NetFlow Auditor