In a previous Procera IPFIX blog I talked about the security benefits gained from collecting their IPFIX flow exports, and how using IPFIX flow exports network traffic can be easily disseminated and presented on various levels of reporting detail.
Today I am going to talk about some additional IPFIX configuration steps that will show you how you can not only export standard IPv4 and IPv6 information, but how to configure your own flow records with some cool Procera specific flow elements. These specific Procera IPFIX elements provide network application visibility and performance measurements, as well as number of HTTP related information elements that could provide visibility into traffic details such as the URLs called in each network conversation, the user agent, and the HTTP status.
How do we configure IPFIX to take advantage of these unique IPFIX flow exports?
The templates to build and export the IPFIX records are configured by creating IPFIXObjects in the Objects & Rules Editor in the client. The templates specify the format in which the data will be built, and decide which values will be exported in the IPFIX records.
When creating an IPFIXObject, the elements that will be exported are selected from the list of Available Fields in the configuration of the object. Both standard IPFIX fields and Procera Networks specific fields are available for export.
What does collecting this IPFIX information mean to your Network and Security administration teams?
Efficient traffic management requires usable and relevant information. By collecting application performance aware IPFIX exports, you gain greater insight to not only what traffic is traversing the network, but how efficiently the traffic is traversing the network. The information necessary to make decisions on how to manage network traffic as well as network threat detection and incident response as it relates to security events, are just a few mouse clicks away.
Think of the security benefits gained and time saved in research when in a single report you can filter on all traffic sent and received on a clients workstation, and then be able to drill in on all of the URLs called in those conversations. The ability to drill down to specifics makes incident response using IPFIX an invaluable tool for charting the health of your network.
Network traffic monitoring using flow technologies to monitor communication behaviors, maintaining baselines, and detecting advanced persistent threats is becoming more relevant. When security professionals need to go back in time and view a communication pattern, they can find the flows that contain the conversations that they want to investigate.
Are you ready to add this type of network application visibility and reporting to your monitoring solution? Give us a call and we’ll help you get IPFIX configured on your Procera PacketLogic devices.