Identity-Aware NetFlow: PCI Compliance and Beyond

Posted in Compliance, IPFIX, network security, Network traffic monitoring, Security on September 18th, 2012 by Jimmyd
Identity-Aware NetFlow:  PCI Compliance and Beyond

A twitter feed debating Australia’s  purposed government plans to log internet traffic caught my attention this morning and got me thinking about Identity Aware NetFlow.  Although storing user information is a hot topic for many countries around the world, the fact is that there are quite a few data retention laws that already exist .  Many companies are required to adhere to compliance laws and are scrambling to meet these requirements. This is why Identity Aware NetFlow has become such a valuable asset; it helps these companies meet their requirements with minimal overhead. It does this by using NetFlow/IPFIX technology which is already a part of their router or switches OS.

“Another benefit to Identity Aware NetFlow is the ability to track users in DHCP environments where IP addresses can change frequently.  Usernames don’t typically change that often.  For all of these reasons, Identity-Aware NetFlow improves accountability for not only IT but for Human Resources should reports need to be run depicting an entire history of network use by a username.  It is no surprise that auditing efforts are also improved by NetFlow and IPFIX when compliance becomes a factor.  NetFlow supports the businesses need to be HIPAA and PCI compliant.” - Michael Patterson – Plixer, CEO

I have worked with quite a few companies that are using NetFlow to help them meet their compliance requirements and have come up with a few helpful hints to use when evaluating NetFlow monitoring solutions.

1. Data Retention.

When looking for a NetFlow solutions make sure you add “the ability to adjust data retention” to your requirements check list.  Different compliance regulations require different data retention times-frames.  Make sure that the tools you are evaluating meet this need.

2. 100% Data

The worst thing that can happen during an audit is to find out that you are missing a conversation.  You need make sure that the your tool is storing all the data all the time.  Storing every conversation can be a requirement of your compliance requirements PLUS it enables you to add a security layer by monitoring for things like DDOS attacks, Port Scans and more.

3.  Future Proof.

You need to  make sure it supports NetFlow v9 and IPFIX completely. V9 and IPFIX  support templates and templates give you the flexibility to report on more then the basic conversation data. This is very important, since the compliance requirements can change and new laws can be passed.  Investing in a tool that can easily adjust to future demands is a smarter investment.

4.  Reporting

Final point is to make sure that your NetFlow solution has a strong reporting engine. Think about it, you have to come up with x amount of reports in a short period of time.  Do you want to find out at the last minute that you don’t have the ability to get that information?

In today’s networking world, supporting government compliance laws or even your company’s BYOD polices is part of your day to day routine.  Are you effectively meeting your compliance requirements?

 


Jimmy D the Netflow Detective

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Join the NetFlow Developments group on LinkedIn.

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.
Tags: , ,

One Response to “Identity-Aware NetFlow: PCI Compliance and Beyond”

  1. Matt S Says:

    Great Blog, Jim!

Leave a Reply