We had to revisit NetFlow storage for a customer recently and reconfigure our appliance to save almost 100 terabytes worth of NetFlow, IPFIX and sFlow data from a mixture of hardware vendors. The moderately sized financial agency was concerned about PCI compliance (PCI = Payment Card Industry) and wanted to save the raw flows in native format for over a year and have fast access when searching through it. At over 1 billion flows per day, our NetFlow Calculator gave them a good idea on their storage space requirements. We had to make provisions.
The new configuration of our NetFlow server allows us to provide up to 100 terabytes of NetFlow storage with realtime access to all the history in less than 10 seconds. And since the NPPI (Non Public Personal Information) data is never exported in NetFlow, our NetFlow and IPFIX collector was an ideal fit.
From talking with the customer, it was interesting to learn that the NPPI must be protected/encrypted from the GUI (i.e. application or web page) all the way to the tokenization service. The tokenization service substitutes the credit card number with a token which looks like a credit card number, but is theoretically impossible to use for hacking. The PCI Security Standard Council doesn’t want the customer to store the credit card number or other NPPI information.
Special thanks to a Brad Reese post which lead the customer to us. If you need used Cisco hardware, contact Brad.