printer friendly version

Netflow Auditor for security forensics

The amount and diversity of traffic traversing modern networks creates complex challenges for network operators, security analysts and system administrators. Uncovering network performance and security issues before they become critical is essential. Often, serious attacks or compliance breaches only become evident too late even though they may have been occurring over an extended period.

One of the most useful methods for analysing network traffic is using NetFlow. Cisco developed NetFlow years ago and it has quickly become the industry standard for generating IP traffic information. Analysis of network traffic is becoming increasingly important, not just for determining utilisation root cause and forecasting bandwidth needs, but also for security analysis. With the introduction of NetFlow Auditor, NetFlow analysis has become useful in the intrusion detection field, through looking for abnormal traffic flows, in incident handling and forensics fields. Flow records can be exported from a diverse range of network equipment providing the opportunity for pervasive continuous monitoring and the ability to see what is happening on the network in real-time.

Analysis of flow records can be used to detect policy violations, to report on the network activities of compromised hosts and to detect some forms of scanning and denial-of-service attacks. In order to keep their networks running efficiently and securely, network operators need to build a deep understanding of traffic characteristics and the kinds of events taking place in their networks.

NetFlow Auditor software enables customers to fully automate the entire network anomaly detection and risk mitigation life cycle. NetFlow Auditor’s granular forensic ability, scalability and unique intelligent baselines deliver a complete and flexible toolkit for flow-based network behavior, forensics monitoring and analysis. It will alert on an event or condition in the network that is identified as a statistical abnormality when compared to typical traffic patterns gleaned from previously collected profiles and baselines.

Share this article:

Further reading: