GAIN NETWORK VISIBILITY AND INTERNAL SECURITY USING NETFLOW

Many organizations have yet to fully realize the untapped security potential available within their network infrastructures. By collecting, processing and analyzing NetFlow data, exportable from Cisco routers and switches, organizations can easily extend the value of their network infrastructures.

NetFlow provides network and security benefits beyond that provided by traditional security controls through two additional layers of intelligence:

Visibility into host-based conversations
Traffic pattern analysis

Whereas host conversations provide a broader context than that available through point in time security events, traffic pattern analysis helps to quickly identify suspicious traffic flows, regardless of content. This additional visibility is not available through classic IDS/IPS technology and can only be obtained through NetFlow-based technologies.

NetFlow-enabled NBA vs. classic IDS/IPS technologies

Classic IDS/IPS technology	NetFlow-enabled NBA technology
Database signatures detect known attacks	Real-time monitoring of host behaviors and traffic analysis to identify threats
Per-packet, inline blocking of attacks	Mitigation via network infrastructure or integration with inline devices
Cost prohibitive at speeds above 1G	Unlimited monitoring of high speed networks at no extra cost
Minimal forensics value	Archived audit trail of network IP communications
Little to no network performance tools for identifying DoS, worm outbreaks	Extensive network performance reports including top talkers, interface utilization, exporter tracking, etc.
No identity integration	User-identity aware
Limited visibility per direct network connection	End-to-end network visibility
Commonly deployed technology	Innovative technology deployed by early adopters

NetFlow fills the Gaps Left by Perimeter-Defenses

Vanishing perimeters, perimeter-based security strategies and signature-based technologies have left gaping holes in the security infrastructure. Industry analysts not only recongize the existence of these gaps but also specifically recommend Network Behavior Analyis (NBA) technologies, which analyze NetFlow data, to fill these gaps.

Internal Security

Have you ever asked yourself any of the following questions?

What happens if my perimeter defenses fail to stop an external threat?
What happens when perimeter defenses are bypassed altogether (e.g. walk-in worms)?
How do I know that I haven’t already been comprised? And what can I do about it?

These questions indicate a need for an internal security solution. Further compounding this concern are compelling events in the news that continually highlight the need for better internal security. A NetFlow analyzer, StealthWatch provides end-to-end visibility to secure network cores by detecting malicious, accidental and suspicious activities on the network, including:

Misconfigured systems and devices
File servers ”re-deployed” as web servers
Unauthorized apps (e.g. P2P file sharing)
Troubleshooting network problems

MORE INFORMATION

WATCH FREE WEBINAR: Securing MPLS Networks
(registration required)
View StealthWatch Demo
NetFlow Bandwidth Calculator
StealthWatch Architecture
StealthWatch™ System Brochure
Security Implications of MPLS
Network Visibility Brief
How To Buy
White Paper: Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise
(registration required)

INDUSTRY HONORS

View All Awards