NETFLOW
By collecting, processing and analyzing NetFlow data, exportable from Cisco routers and switches, organizations can easily extend the value of their network infrastructures.
NetFlow provides network and security benefits beyond that provided by traditional security controls through two additional layers of intelligence:
- Visibility into host-based conversations
- Traffic pattern analysis
Whereas host conversations provide a broader context than that available through point in time security events, traffic pattern analysis helps to quickly identify suspicious traffic flows, regardless of content. This additional visibility is not available through classic IDS/IPS technology and can only be obtained through NetFlow-based technologies.
NetFlow-enabled NBA vs. classic IDS/IPS technologies
Classic IDS/IPS technology |
NetFlow-enabled NBA technology |
| Database signatures detect known attacks | Real-time monitoring of host behaviors and traffic analysis to identify threats |
| Per-packet, inline blocking of attacks | Mitigation via network infrastructure or integration with inline devices |
| Cost prohibitive at speeds above 1G | Unlimited monitoring of high speed networks at no extra cost |
| Minimal forensics value | Archived audit trail of network IP communications |
| Little to no network performance tools for identifying DoS, worm outbreaks | Extensive network performance reports including top talkers, interface utilization, exporter tracking, etc. |
| No identity integration | User-identity aware |
| Limited visibility per direct network connection | End-to-end network visibility |
| Commonly deployed technology | Innovative technology deployed by early adopters |
NetFlow fills the Gaps Left by Perimeter-Defenses
Have you ever asked yourself any of the following questions?
-
What happens if my perimeter defenses fail to stop an external threat?
-
What happens when perimeter defenses are bypassed altogether (e.g. walk-in worms)?
-
How do I know that I haven’t already been comprised? And what can I do about it?
These questions indicate a need for an internal security solution. Further compounding this concern are compelling events in the news that continually highlight the need for better internal security. A NetFlow analyzer, StealthWatch provides end-to-end visibility to secure network cores by detecting malicious, accidental and suspicious activities on the network, including:
-
Misconfigured systems and devices
-
File servers ”re-deployed” as web servers
-
Unauthorized apps (e.g. P2P file sharing)
-
Troubleshooting network problems
SealthWatch, the most widely used Network Behavior Analysis (NBA) and Response solution, provides Enterprise-wide visibility into host and network behaviors, adding a broader context around point-in-time security events. Hundreds of customers attest to StealthWatch’s effectiveness of NetFlow analysis in identifying compromised hosts and misconfigured devices, remediating network incidents and promoting network availability.
To learn more about NetFlow analysis StealthWatch in the enterprise, visit Lancope’s Download Center to read the White Paper: “Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise”.
