The most advanced Flow technologies today come in the form of (FnF) Flexible NetFlow Reporting and IPFIX Reporting. Some vendors have renamed these technologies to AppFlow, Cascade Flow, J-Flow and NetStream, however they are usually a near copy of either NetFlow or IPFIX.
List of Next Gen NetFlow / IPFIX Reporting Features
If your company is contemplating the use of traditional or next generation flow exports, the insight you can gain depending on your hardware has never been greater. Without a doubt, flow elements have been added to the technology in nearly all areas of performance and security which aid in end to end visibility. Next Generation NetFlow collection and analysis requires:
- A breakdown of all 7 layers of the OSI model with a focus on application details and end user information
- Integration with other best of breed security systems like an IPS or firewall (e.g. Barracuda, Checkpoint, Cisco ASA, Palo Alto Networks, Juniper SRX, SonicWALL, etc.)
- Reporting on the data in an easy to understand graphical format
- Flexible filtering and sorting with customizable reports on the latest flow exports (e.g. Jitter, latency)
- A breadth of experience and reports which comes from working with numerous hardware vendors and a track record of being an innovator in the industry
- Monitor for Internet threats based on IP host Reputation
- A scalable solution that is able to collect over 100K flows/second
- Support for virtual environments (e.g. VMware) and subnets where traditional flows aren’t available
- In depth forensic reporting and analysis capabilities which help reduce MTTK (Mean Time To Know) and MTTR (Mean Time To Repair)
- Reporting on BYOD Security and BYOD Devices which often requires integration with NAC systems (e.g. Mobile IAM)
- Reporting on usernames which can be done with several firewall exports (e.g. Cisco, Palo Alto Networks, SonicWALL)
- The ability to map out end to end – hop by hop visibility by seeing the network communication path
Most of the above is available on older hardware. This means you can gain access to next generation NetFlow even if you are purchasing refurbished Cisco hardware.
NetFlow Dashboard
Next generation flow reporting tools like Scrutinizer provide customizable dashboards that extend details on anything exported within Netflow. For example, the top interfaces with the most Jitter, Latency, Packet loss or Utilization across thousands of interfaces are shown below.
Choosing a vendor with the experience and contacts with all of the major flow vendors may make a difference in your overall experience with flow collection and analysis.
