NetFlow Finally Making it’s Way into the Government Sector
 |
POSTED BY Adam Powers on 06.26.2011 0 comments |
Lancope has always done a fair amount of business in the federal and state governments but over the last two years the number and size of new government customers has increased tremendously.
Chris Coleman with Cisco explains on his blog...
"The dynamic nature of the cyber threat landscape and growing level of sophistication and customization of attacks are requiring organizations to monitor their internal networks at a new level. IP flow monitoring (NetFlow) coupled with security focused NetFlow collectors like Lancope’s StealthWatch is helping organizations quickly identify questionable activity and anomalous behavior."
Chris goes on to talk about how sampled technologies such as sFlow just don't cut it for security-based monitoring...
"The value that NetFlow provides is unsampled accounting of all network activity on an IP flow enabled interface. I bring up unsampled because of its importance from a security perspective. While flow sampling is a valid method for network management use cases sampling for the sake of security leaves too much in question. An analogy would be having two different people listen to the same song. One person gets the song played in its entirety, unsampled, and the other only hears the song in 30-second intervals. While neither may be musically inclined the person who had the advantage of listening to the song in its entirety would be able more accurately hum or sing back that song than the person that only heard 30 second snippets of the song."
I certainly agree. Security analysts and forensics investigators need the full story, not 1 in 128 words of the story. While sFlow is a capable network bandwidth monitoring tool, it sometimes struggles in scenarios where you need to record 100% of network activity. Government types almost always want the whole story and in this regard NetFlow delivers.
Tweet
TAGS
Post a Comment
Join the conversation. Post a comment using the form below.