IT Security : NetFlow, the proposed standard for network traffic analysis (when SNMP & Port Utilization just won’t cut it), has made leaps and bounds in Internet Security during the past few years. In part one of a two part series, I’d like to demonstratehow Flow Analytics uses Network Behavior Analysis (NBA) to create an additional security layer for your network — Even with the most basic NetFlow, v5. It may be better known as the NetFlow Security Layer. Check out some of our pre-configured algorithms (right):
Now, I know what you’re thinking: How can NetFlow’s 7 key-fields help me secure my network? That’s a great question — might you use the Port or Protocol to make a guess as to the application? Rule that out, however, as an Advanced Persistent Threat (APT) loves masquerading as legitimate traffic. Since it mimics normal behavior, an APT would be nearly invisible to behavioral or host baselining as well.
One thing APTs can’t hide from is IP Host Reputation, a.k.a. Internet Threat Feed™. NetFlow Ninja Adam Powers had this to say about Internet Reputation Services:
This technology is nothing new to Plixer, and Scrutinizer is constantly (every hour) updating its database of known compromised internet hosts from partner Emerging Threats, a “Leader in Cyber Security rooted in the EmergingThreats.net Open Source Community.”
Cisco security expert Mike Schiffman also weighs in on IP Host Reputation:
“NetFlow can tell us who’s talking to who, but how can we tell if either who is a bad actor? By checking the reputation of the IP addresses at both ends of the conversation.”
Scrutinizer is the #1 NetFlow Solution out there because it shows you structured data in a relational database something we couldn’t do without saving 100% of the NetFlow data. Structured Data in a Relational Database is a definite tongue twister — put simply — any report, anywhere, all the time.
Part Two: Connecting the dots — what can ‘Structured Relational Data’ do for me?