Security team benefits
-
Catch threats by monitoring DNS traffic
91% of all malware uses DNS to infiltrate networks. Organizations must monitor and analyze DNS traffic to catch data exfiltration and identify command and control (C2) communication. When DNS traffic is monitored from inside the network, incidents can be associated with specific users and devices.
-
Detect abnormal behavior and persistent threats
Many types of malware, data exfiltration, and DDoS attacks abuse the DNS protocol to accomplish their goal. Firewalls and policy rules freely allow DNS traffic. Monitoring and analyzing DNS to identify anomalous protocol behavior is a key step to reducing risk of these attacks.
-
Identify C2 communications
Bad actors have many ways to gain a foothold, but in order to get most ransomware and other malware payloads onto devices, they rely upon communication to a C2 server. By proactively monitoring network traffic to identify C2 communication, organizations can dramatically reduce the risk of end devices becoming infected.
-
See deeper into encrypted traffic
In a cloud-first world, more and more traffic is becoming encrypted, which dramatically limits visibility. When organizations monitor DNS, they gain additional insight. Instead of simply seeing web-based traffic destined for Akamai, AWS, or Google, they see the fully qualified domain name. This way, they can identify the traffic’s real destination.
Network team benefits
-
Gain visibility into every corner of the network
Although most network devices export metadata to some degree, not all deliver the richness of information you want or the application details you need. FlowPro was designed to provide deep packet inspection (DPI) and application fingerprinting to supplement those dark corners and deliver true end-to-end application performance visibility.
-
Monitor performance with Layer 7 precision
Real-time applications like voice and video are highly sensitive to network performance problems. When network performance degrades, user experience and productivity both suffer. FlowPro provides the ability to fingerprint applications, measure their performance, and help the network team quickly identify if problems are server-, application-, or network-related.
-
Achieve faster problem resolution
Rapid root cause analysis of poor user experience requires a combination of end-to-end visibility and easy-to-read reports on important data elements. Fast problem resolution requires you to easily correlate a user’s traffic with jitter, latency, and QoS misconfigurations, as well as network, server, and application response times.
-
Visualize traffic and applications network-wide
Users expect a positive application experience regardless of where they are physically connected or which devices they are using. When deployed alongside existing network infrastructure, FlowPro exports the information Scrutinizer needs to visualize, optimize, and manage network and application performance at a global scale.
Want to see FlowPro in action? Book a demo with one of our expert engineers.
Book a Demo| FlowPro | FlowPro APM | FlowPro Defender | FlowPro APM & Defender | |
|---|---|---|---|---|
| Obtain traffic visibility from all network locations |  | | | |
| Monitor network traffic | | | | |
| Virtual appliance available | | | | |
| Physical appliance (with up to 7 monitor ports) available | | | | |
| Monitors via SPAN, mirror port, or ethernet tap | | | | |
| ERSPAN support | | | | |
| Troubleshoot latency issues | | | ||
| Measure application round trip time | | | ||
| Packet-level performance metrics | | | ||
| Resolve network performance issues | | | ||
| Identify Layer 7 applications | | | ||
| Monitor latency for Layer 7 applications | | | ||
| Monitor latency for clients/servers | | | ||
| Monitor VoIP performance | | | ||
| Detect malware DNS data exfiltration | | | ||
| Detect malware DNS Command and Control | | | ||
| Detect compromised assets using DGAs | | | ||
| Alert on DNS lookup to known malware C2 sites | | | ||
| Alert on DNS lookup to user-defined domains | | | ||
| FQDN reporting | | | ||
| DNS performance visibility | | |
