Monitoring BYOD with Netflow is becoming a huge concern on most people’s networks due to the added network load as well as the new security risks that they may pose. In this blog I hope to shed some light on some of the new features that Cisco has recently come out with to help track behavior on the network.

Cisco Wireless NetFlow:

Since most of the BYOD that are coming onto the network are likely connecting to your wireless it’s a good thing Cisco has adopted to export NetFlow with AVC metrics. This allows us to track a user’s device through MAC address, SSID, access point and even username using Cisco ISECisco WLC NetFlow or Active directory. As well as seeing how many hosts are connecting to each SSID or AP. This makes it beneficial in both the performance and security space.

Application Aware NetFlow:

Getting the username and IPs that a user/host is connecting to is great but application information is even better. As of November ’14 NetFlix was consuming 35% of all internet traffic (source). This is causing a huge push on enterprise networks to monitor their network especially at remote offices where bandwidth can be very expensive. Using the NetFlow from our Cisco WLC as well as the metrics given to us from ISE we can easily drill into this and catch the culprit!

Aside from just catching non-work behavior you could also help thwart some of the office pirates from downloading copyrighted material on the network. Now we can easily catch Bit torrent traffic or any suspicious traffic quickly and easily lowering your MTTK (Mean Time to Know) and helping resolve any network issues you may be having.

Cisco ISE IntegrationAs you can see from the image to the left the suspicious IP as well as the user who was logged in is listed and now allows us to kick them from the wireless right within the GUI of our NetFlow collector using our Cisco ISE integration.

As you can see monitoring BYOD has changed quite a bit from the days of tracking a MAC address across the network and going cube to cube trying to get someone to fess up to them downloading large files. It has now gotten a lot easier due to identity services and making users aware that their traffic is being monitored and seen. If you have any questions or need any assistance in setting up monitoring BYOD on your network feel free to reach out to us!

Jake Bergeron author pic


Jake Bergeron is currently one of Plixer's Sr. Solutions Engineers - He is currently responsible for providing customers with onsite training and configurations to make sure that Scrutinizer is setup to their need. Previously he was responsible for teaching Plixer's Advanced NetFlow Training / Malware Response Training. When he's not learning more about NetFlow and Malware detection he also enjoys Fishing and Hiking.