A Network Behavior Baseline can help find a few problems as well as report plenty of false positives. Cisco is aware of this as well as the need for improved security methods.  Consequently, they have released several new technologies which include NetFlow v9 and Flexible NetFlow exports.  This blog outlines a few of the recent ones we’ve seen released this year.

Cisco Identity Services Engine
“Marie Hattar, vice president of marketing, Borderless Networks at Cisco told InternetNews.com that ISE enables profiling of network connected devices. She explained that ISE has sensors and is able to create a device profile for devices on the network and what the expected behavior should be.” And went on to say that “In the first phase we have integration of some capabilities including the network analysis module…”  The Cisco Identity Services Engine is a policy component of the Cisco TrustSec solution.

Cisco TrustSec
Cisco TrustSec ™ CTS is an architecture that tells you who and what is connecting to your network and it controls what they can do and where they can go while they are there. In short, by building identify based access policies it protects critical data throughout the network.  Details on which TrustSec groups are communicating with each other is exported in NetFlow v9.

Cisco Smart Logging and Telemetry
Consider also the Smart Logging and Telemetry NetFlow technology available on the Catalyst 3XXX.  This switch will detect threats, stop the threat, catch the packets and export them off to the NetFlow collector.

SonicWALL
SonicWALL firewalls perform deep packet inspection which detect threats, viruses and spyware.  The detections are exported in IPFIX further proving that NetFlow/IPFIX is the new preferred protocol for delivering details about network security threats.

Summary
As we’ve said before: Flow Analytics adds to your security efforts as does a Network Behavior Baseline however, some of the best threat detection methods with NetFlow involve deep packet inspection first.  Cisco and SonicWALL are both using NetFlow/IPFIX as one of the primary methods to transport details on security threats.

 

Jake Bergeron author pic

Jake

Jake Bergeron is currently one of Plixer's Sr. Solutions Engineers - He is currently responsible for providing customers with onsite training and configurations to make sure that Scrutinizer is setup to their need. Previously he was responsible for teaching Plixer's Advanced NetFlow Training / Malware Response Training. When he's not learning more about NetFlow and Malware detection he also enjoys Fishing and Hiking.

Related

Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

Leave a Reply