NetFlow Auditor provides visibility of every network conversation and scales beyond any other product in the industry.
Today’s IT departments are faced with the complexities of convergence of networks, increased data and NetFlow volumes, heightened security vulnerabilities and threats, legislation and compliance issues, rising network costs, network performance demands, and stringent budgets. Open and complex networks have become increasingly more difficult to manage and accountability and traceability of usage have become a necessity. The organization’s survival and competitiveness are reliant on the IT Dept’s success in largely mitigating the risk to the network, its performance, and its data through continual auditing.
The ability to perform NetFlow forensics for security at a granular level enables the organization to discover breaches of security that occur in real-time or those that occur over a prolonged period (data leaks). Large networks, generate copious amounts of Netflow data that needs a high degree of visibility in order to be scrutinized and reported on by a limited number of people. While standard security devices (firewalls, intrusion detection systems, sniffers, etc…) may already in place, they lack the ability to record and report on every transaction. Recording every transaction requires the ability to scale. Therefore, network NetFlow data analysis, auditing, or forensic reporting at a granular level has been (until now) expensive and difficult to achieve and manage.
Some of the pre-configured Security Forensics and Network Auditing include Dissemination, DDoS Assessment, Botnet Assessment, TCP Flags, P2P Behavior, Packet Size, Spammy Application, Outlier Application, Unknown Application, Long Active, ICMPv4, IPv4 Multicast, Social Networks, Streaming Video.
These tools can be used to create multiple perspectives on Network data. Netflow Auditor provides a number of pre-configured forensics but it is not limited to these and templates provide you the power to extend Netflow Auditor.
NetFlow Auditor can perform analysis on any combination of data fields simultaneously (e.g. usage, packets, flows, packet size, utilization, latency, drops, counts, etc) and sort data by any field. Effectively measure usage, trending patterns, baselines, averages, peaks and troughs, and standard deviations.
Menu bars and right-click drill-downs, baseline alerting, A.I. (Artificial Intelligence) Diagnostics), threat intelligence correlation, business grouping, automated reporting template shortcuts and many other easy to use functions all facilitate in providing rapid analysis to effectively measure usage, trending patterns, baselines, averages, peaks and troughs, and standard deviations so that fast and appropriate action can be taken to reroute the packets that fit an attack profile.
Netflow originally defined by Cisco systems is an IP flow-based traffic accounting protocol used to support various applications such as usage-based billing, traffic analysis, and capacity planning, and network behavior anomaly detection. It is the basis for the IPFIX (IP Flow Information Export) protocol
Netflow Auditor supports Cisco NetFlow versions v5, v7 and v9, IPFIX, sFlow, jFlow, NetStream, VMWare, and Flexible NetFlow.
Netflow Auditor enables complete IPv6 Business Groupings. This means that Netflow IPv6 is fully compliant with all using Netflow Auditor analytics, usage billing, 95th percentile billing, network anomaly detection, report scheduling, alerting, user portals and so much more.