Security Forensics

Today's IT departments are faced with the complexities of convergence of networks, increased data and netflow volumes, heightened security vulnerabilities and threats, legislation and compliancy issues, rising network costs, network performance demands and stringent budgets. Open and complex networks are become increasingly more difficult to manage and accountability and traceability of usage has become a necessity. The organization's survival and competitiveness is reliant on the IT Dept's success in largely mitigating the risk to the network, its performance and its data through audit.

The ability to perform netflow forensics for security at a granular level enables the organisation to discover breaches of security that occur in real-time or those that occur over a prolonged period (data leaks). Large networks, generate copious amounts of netflow data that needs a high degree of visibility in order to be scrutinized and reported on by a limited number of people. While standard security devices (firewalls, intrusion detection systems, sniffers etc...) may already in place, they lack the ability to record and report on every transaction. Recording every transaction requires ability to scale.Therefore, network netflow data analysis, auditing or forensic reporting has been (until now) expensive and difficult to achieve and manage.

NetFlow Auditor is a market leading and award winning netflow analyzer software solution, which enables management to accurately audit network netflow data augmenting network security and business intelligence. It records netflow data at the micro level and assists in discovery of real-time and ongoing security breaches and alerts administrators where other systems fail.Customers have reported satisfaction in being able to identify, highlight trends, baselines and act on irregular traffic movements and applications and provision services more appropriately. The ability for NetFlow Auditor to capture granular traffic over a long term provides complete network visibility and has enabled customers to identify spurious traffic.

NetFlow Auditor is a 24 x 7 automated end-to-end solution that simplifies network netflow auditing. It starts with unique patent pending scalable collection methodology and storage and offers granular and flexible reporting processes culminating in the delivery of business intelligence and security forensics.

NetFlow Auditor Forensic Toolset

NetFlow Auditor provides visibility of every network conversation and scales beyond any other product in the industry.

NetFlow Auditor can perform analysis on any combination of data fields simultaneously (e.g. usage, packets, flows, packet size, utilization, etc) and sort data by any field. Effectively measure usage, trending patterns, baselines, averages, peaks and troughs, and standard deviations.

 

Count Analysis

Count records as part of a result to quickly identify excessive flows or change. Any record combination can be counted. Enables quick identification of Port Scanners, P2P users, DoS attacks or other spammy conversations. Useed of the long-term to identify long lasting flows or conversations.

Read More
Percentile Analysis

Short term and long term percentile analysis can be calculated. For Billing or Security. A percentile analysis of a threshold event will provide an indication of change. This can be set in conjunction with Baseline analysis.

 

Read More
Top X/Y Analysis

Top X/Y is a unique flexible aggregating and divisioning tool. It can be used to provide simple 'birds-eye' view analytics such as "Top 5 applications and Conversations for each ASN Peer" or more granular identification such as "Show the Top 100 Threat (IPs, Category, Type and IP) for each Affected IP".

Read More
Packet Size Analysis

Provides a detailed view of network traffic by packet sizes. Use this information to optimize VoIP traffic as well as to identify packet size anomalies.

 

Read More
Baseline Analysis

Comparative analysis can be performed on any and every element comparing an elements periodic behavior across the time line.

 

Read More
Deviation Analysis

Analyze traffic patterns by standard deviation to identify what aspects have changed the most in a specific period. Quickly identify outliers, worms, increasing flows, DDoS or data floods.

Read More
Cross section Analysis

Stacked graphs enable comparison of any two network traffic parameters. As an example, A stacked bar QoS analysis can graphically show the details of each application running within every class of service.

Read More
Custom Group Analysis

IP addresses can be grouped by Location, Customer, Application and Services. Network traffic detail can now be categorized in logical groups for reporting, billing and capacity planning.

Read More
Bi-directional Analysis

Show forward and reverse conversations and In vs. Out conversations to quickly identify which side of the conversation is responsible for traffic usage/flows.

 

Read More