Security Benefits of NetFlow

Many organizations have yet to fully realize the untapped security potential available within their network infrastructures. By collecting, processing and analyzing NetFlow data, exportable from Cisco routers and switches, organizations can easily extend the value of their network infrastructures.

NetFlow provides network and security benefits beyond that provided by traditional security controls through two additional layers of intelligence:

  • Visibility into host-based conversations

  • Traffic pattern analysis

Whereas host conversations provide a broader context than that available through point in time security events, traffic pattern analysis helps to quickly identify suspicious traffic flows, regardless of content. This additional visibility is not available through classic IDS/IPS technology and can only be obtained through NetFlow-based technologies.

NetFlow-enabled NBA vs. classic IDS/IPS technologies

Classic IDS/IPS technology
NetFlow-enabled NBA technology
Database signatures detect known attacks Real-time monitoring of host behaviors and traffic analysis to identify threats
Per-packet, inline blocking of attacks Mitigation via network infrastructure or integration with inline devices
Cost prohibitive at speeds above 1G Unlimited monitoring of high speed networks at no extra cost
Minimal forensics value Archived audit trail of network IP communications
Little to no network performance tools for identifying DoS, worm outbreaks Extensive network performance reports including top talkers, interface utilization, exporter tracking, etc.
No identity integration User-identity aware
Limited visibility per direct network connection End-to-end network visibility
Commonly deployed technology Innovative technology deployed by early adopters

NetFlow fills the Gaps Left by Perimeter-Defenses

Vanishing perimeters, perimeter-based security strategies and signature-based technologies have left gaping holes in the security infrastructure. Industry analysts not only recongize the existence of these gaps but also specifically recommend Network Behavior Analyis (NBA) technologies, which analyze NetFlow data, to fill these gaps.

Internal Security

Have you ever asked yourself any of the following questions?

  • What happens if my perimeter defenses fail to stop an external threat?
  • What happens when perimeter defenses are bypassed altogether (e.g. walk-in worms)?
  • How do I know that I haven’t already been comprised? And what can I do about it?

These questions indicate a need for an internal security solution. Further compounding this concern are compelling events in the news that continually highlight the need for better internal security. A NetFlow analyzer, StealthWatch® provides end-to-end visibility to secure network cores by detecting malicious, accidental and suspicious activities on the network, including:

  • Misconfigured systems and device

  • File servers ”re-deployed” as web servers

  • Unauthorized apps (e.g. P2P file sharing)

  • Troubleshooting network problems

 

Security Operations