Lancope

Industry Honors

View All Awards >>

NETFLOW

By collecting, processing and analyzing NetFlow data, exportable from Cisco routers and switches, organizations can easily extend the value of their network infrastructures.

NetFlow provides network and security benefits beyond that provided by traditional security controls through two additional layers of intelligence:

  • Visibility into host-based conversations
  • Traffic pattern analysis

Whereas host conversations provide a broader context than that available through point in time security events, traffic pattern analysis helps to quickly identify suspicious traffic flows, regardless of content. This additional visibility is not available through classic IDS/IPS technology and can only be obtained through NetFlow-based technologies.

NetFlow-enabled NBA vs. classic IDS/IPS technologies

Classic IDS/IPS technology
NetFlow-enabled NBA technology
Database signatures detect known attacks Real-time monitoring of host behaviors and traffic analysis to identify threats
Per-packet, inline blocking of attacks Mitigation via network infrastructure or integration with inline devices
Cost prohibitive at speeds above 1G Unlimited monitoring of high speed networks at no extra cost
Minimal forensics value Archived audit trail of network IP communications
Little to no network performance tools for identifying DoS, worm outbreaks Extensive network performance reports including top talkers, interface utilization, exporter tracking, etc.
No identity integration User-identity aware
Limited visibility per direct network connection End-to-end network visibility
Commonly deployed technology Innovative technology deployed by early adopters

NetFlow fills the Gaps Left by Perimeter-Defenses

Have you ever asked yourself any of the following questions?

  • What happens if my perimeter defenses fail to stop an external threat?

  • What happens when perimeter defenses are bypassed altogether (e.g. walk-in worms)?

  • How do I know that I haven’t already been comprised? And what can I do about it?

These questions indicate a need for an internal security solution. Further compounding this concern are compelling events in the news that continually highlight the need for better internal security. A NetFlow analyzer, StealthWatch provides end-to-end visibility to secure network cores by detecting malicious, accidental and suspicious activities on the network, including:

  • Misconfigured systems and devices

  • File servers ”re-deployed” as web servers

  • Unauthorized apps (e.g. P2P file sharing)

  • Troubleshooting network problems

SealthWatch, the most widely used Network Behavior Analysis (NBA) and Response solution, provides Enterprise-wide visibility into host and network behaviors, adding a broader context around point-in-time security events. Hundreds of customers attest to StealthWatch’s effectiveness of NetFlow analysis in identifying compromised hosts and misconfigured devices, remediating network incidents and promoting network availability.

 

To learn more about NetFlow analysis StealthWatch in the enterprise, visit Lancope’s Download Center to read the White Paper: “Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise”.

 

Calls to Action