The topic of network security is probably one of the top 10 issues on the minds of every C level executive. Questions such as: Are we infected? Do we have the right talent on our security team? Have we made the best possible investments? Have we thought through the ideal incident response to manage an identified attack?
Network Security Solutions
Thorough network security solutions reach across and help address all of these concerns. A company's boundary defense mechanisms can't be expected to stop all threats and because of this, the ideal network security solution provides the threat context necessary to quickly mitigate the infection. How can this be done?
The ideal network security effort maintains constant visibility into all corners of the network. This includes every remote location, but how do we gain this insight without deploying crazy amounts of probes? Introducing additional appliances are not only cost prohibitive, but generally require excessive amounts of resources to upgrade and maintain. There has to be as easier way.
NetFlow and IPFIX
NetFlow and IPFIX are technologies readily available on ALL commercially available routers. These flow protocols are essentially exports that carry summarized data about the packets flowing through their connection tables. In fact, most switches and all VMware ESX servers support them. Loaded with the flows from these devices we can derive a form of NetFlow telemetry that enhances network security by providing the end to end visibility that security teams need to forensically investigate suspicious traffic.
If your company already has a NetFlow or IPFIX collector, a flow replicator can be put in place which forwards the flows to more than one destination. The legacy NetFlow solution will still receive the flows as it always has and the new scalable NetFlow system with Flow Analytics will use the same flows to detect threats and provide the forensic investigation tools necessary - if and when a threat is detected.
Leading NetFlow collectors, like Scrutinizer, add protection layers to your existing network security solution by checking dozens of behavior characteristics to determine if any abnormal traffic is occurring anywhere on the network. Host reputation lookups are performed as well to ensure that no internal host is communicating with known malware infected Internet hosts.
Scrutinizer also provides network traffic monitoring insight on the latest innovations from Cisco such as Application Visibility and Control (AVC) exports. With Cisco AVC reporting, new metrics are exported which provide details on latency, packet loss, retransmits and even visibility into layer 7 applications such as Facebook.com, LinkedIn.com, Skype, BitTorrent, WebEx, Salesforce.com, etc. These details can improve the threat context gained when investigating an odd behavior. Optimizing overall end user experience on top of threat detection is expected from the best NetFlow analyzer solutions.
Incident Response Management Seeks Threat Context
One of the goals of incident response management is to improve the overall threat context surrounding the event.
- What was going on before and after the detection took place?
- What other machines are communicating with similar behaviors?
- Incident Response Management is greatly enhanced with a flow solution that provides thorough contextual information on the hosts and traffic patterns you are targeting.
Leader in NetFlow
A Plixer, we pride ourselves on staying focused on flow technologies. Our team of flow experts have developed one of the best NetFlow analyzers on the market and because of this, we have been recognized as an award winning leader in NetFlow, sFlow and IPFIX reporting.