NetFlow generation is going to bigger lengths to make sure it scales with the large amounts of bandwidth being generated by today’s networks. High-performance NICs (network interface card) and packet capture cards are also taking this route. This way the end user can use full packets for the payload information, but the NetFlow/IPFIX information for the contextual forensic information.

High Performance IPFIX Collection:

Telesoft, a provider of high-performance NICs, will be giving a demonstration of this technology at Flowcon 2016. Their probe caIPFIX Proben generate IPFIX at a speed of 100Gbps!

This will allow engineers and security architects to capture very large amounts of data. Using the IPFIX generation located on the card, you can now send the lightweight data to a robust NetFlow collector to do the further forensics as well as network anomaly detection. Now with full IPFIX visibility available in dark spots on the network, you will be able to make sure 100% of all network traffic is being collected and is available to forensically investigate if the time arises.

IPFIX Probes in a NetFlow Environment:

If you are looking for a pure plug and play NetFlow generation probe, look no further! We now offer an IPFIX probe that will generate full NetFlow off of your 1G/10G links. Having access to the raw traffic allows us to generate metrics like Jitter and packet loss, as well as helping us identify malware. Even if you have a flow exporter in your environment currently, you may want to take a look as these IPFIX probes will offer all sorts of unique exports that will provide deeper insight (Deep Packet Inspection) into your network traffic.

IPFIX for Security:

As you have probably seen in our previous blogs, having NetFlow in your network security arsenal makes it so you have a huge leg up on the would-be attacker. Simply keeping the data for much longer than you normally can with full packets gives you a nice “phone record” for your network. Whether 1 packet or 1 million packets were sent, you will feel safe knowing you have a full index of everything taking place. We have already seen with IPFIX probes starting to export security-based metrics such as DNS TXT and domain reputation to help aid in the fight against malware. Only the future will be able to tell us what new attack vector we need to start looking for, and if 2015 was any indication I believe 2016 will be a busy year for our Network Security teams around the globe.

If you need more information or have any questions about NetFlow and IPFIX generation either through the use of the a Telesoft NetFlow generation NIC or through IPFIX/NetFlow probes feel free to reach out to us!

Jake

Jake

Jake Bergeron is currently one of Plixer's Sr. Solutions Engineers - He is currently responsible for providing customers with onsite training and configurations to make sure that Scrutinizer is setup to their need. Previously he was responsible for teaching Plixer's Advanced NetFlow Training / Malware Response Training. When he's not learning more about NetFlow and Malware detection he also enjoys Fishing and Hiking.

Related