The other day I took an interesting call from a customer who was concerned because he was suddenly seeing his flows per second count almost double. He had just upgraded his Scrutinizer NetFlow and sFlow traffic analysis application to the latest version and he thought that maybe something had changed to cause this to happen.
I assured him that nothing in the Scrutinizer upgrade would have caused him to see his flow count increase. And after talking with him, I learned that he had also just upgraded the IOS on his routers.
Were we looking at some kind of a “perfect storm” scenario?
Of course not!
I asked if they were running Scrutinizer with Flow Analytics enabled. Flow Analytics includes a series of processes that interrogate every conversation from every host for traffic behavior pattern anomalies.
One look at the Threats Overview Gadget on his MyView tab and we quickly found the probable cause of the increase in flow volume.
Flow Analytics was detecting suspicious traffic behavior on his network in the form of a very high number of Unfinished Flows, Breach Attempts and DNS Hits.
“Wow! What is this all about?” John said.
Now we needed to find out who or what was responsible for the suspicious traffic being reported and determine if it was legitimate or not.
We clicked on the Alarm Tab and could see every alarm and the IP Addresses involved.
John was now able to determine what the cause of the increase in traffic volume was and take the necessary steps to correct the situation.
Don’t you just love a story with a happy ending?
We offer some of the best NetFlow and sFlow traffic analysis and network reporting tools available on the market today.
If you’re interested in learning how our network traffic analysis tools can help show you what is going on on your network, give us a call at (207) 324-8805.
