Our NetFlow Analyzer for the iPhone takes Network traffic monitoring to a whole new dimension. Aside from receiving  email alerts on network threats, you now have the ability to dive into NetFlow Analysis right on your iPhone. From anywhere, get detailed information on your network traffic, and quickly initiate an informed response to network threats.

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

The Cisco ASA Cyber Threat Defense solution is made up of 3 components.  The first is a basic network threat detection tool and is enabled by default on all ASA’s with 8.0(2) or later firmware. Basic threat detection monitors the rate at which packets are dropped by the ASA device. Because it is just monitoring for dropped packets across the whole appliance, the information is typically not enough to provide information about the source or nature of a malicious threat but could be a sign that some sort of nefarious activity is occurring and can be very useful for internet threat defense when exported to a logging tool using NSEL or syslogs. Read more »

Jimmy Wendler

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Good news: Solera IPFIX support is available in our IPFIX reporting solution.  This is no surprise as Flow Analysis (NetFlow and IPFIX) continue to gain popularity in several key areas of many IT security programs:

• Data reconnaissance on the source or perpetrator of the threat (i.e. who did what to whom, when and where)
• Merge with other data sources to gain greater contextual information surrounding the details of the malware
• Host Reputation look ups

For those of you who need to get this setup fast, here are the instructions that we got from the documentation.
Read more »

- Thomas Pore

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Introducing NetFlow and IPFIX

This article covers the benefits and capabilities provided by a new class of network monitoring technology called a NetFlow generator. But before we get too far into NetFlow generation details, let’s do a quick review of NetFlow itself for those that are new to the topic.

NetFlow and IPFIX are network monitoring technologies providing deep visibility into network traffic. NetFlow was originally developed by Cisco and later standardized into IPFIX by RFC 5101. Traditionally, NetFlow was included as a feature of routers, switches, firewalls, and other network devices. It’s even found in virtualization platforms such as VMWare’s vSphere 5.0 and above. Any device that can generate NetFlow packets is called an exporter. As packets travel through the exporter the device records information about the flow of traffic. Data elements such as packet count, source and destination IP, MAC address, and much more are stored in a memory resident data structure within the exporter called a cache. As the flows time out they are placed into a UDP datagram and sent across the network to a NetFlow Collector. The diagram below illustrates the process.

Once enabled NetFlow is used for a variety of network operations and security tasks including:

Read more »

Adam Powers
@adampowers22

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Network forensics can be an intimidating subject. When IT personnel hear the word “forensics” they often recoil with visions of complicated software such as EnCase. Or they may think about expensive packet capture solutions such as Niksun’s NetDetector product line. While these tools can serve a specific purpose, your first line of network forensics defense should always be found in NetFlow and IPFIX…

Read more »

Adam Powers
@adampowers22

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

A twitter feed debating Australia’s  purposed government plans to log internet traffic caught my attention this morning and got me thinking about Identity Aware NetFlow.  Although storing user information is a hot topic for many countries around the world, the fact is that there are quite a few data retention laws that already exist .  Many companies are required to adhere to compliance laws and are scrambling to meet these requirements. This is why Identity Aware NetFlow has become such a valuable asset; it helps these companies meet their requirements with minimal overhead. It does this by using NetFlow/IPFIX technology which is already a part of their router or switches OS. Read more »

Jimmy D the Netflow Detective

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Join the NetFlow Developments group on LinkedIn.

Earlier this year Barracuda Networks enabled IPFIX support on their NG Series firewalls. This export provides great visibility into your network traffic as well as network Threat Detection.

Let’s take a moment to go over the configuration to get these exports going:

Read more »

Scott Robertson
Sr. Solutions Engineer

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Businesses with IT Teams managing tens of thousands of IP addresses often find it more difficult to track down IP addresses and for this reason, they would rather work with a username. Identity Aware NetFlow ties the two together. In this post, lets take an example of tracking down the root cause of a network security issue or detected threat.
Read more »

Michael Patterson
Founder and CEO

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!