Threat Intelligence - adaptive solution with the NetFlow support

As we continuously develop and improve our security solution Threat Intelligence, we want to announce a very important news connected with the extension of support of NetFlow protocols.

April 20, 2016
netflow threat intelligence

NetFlow, which comes out of the Cisco technologies, is another factor which moves the Threat Intelligence even closer to the needs of our customers. And within the whole concept of this solution it brings an outstanding market advantage in making the Threat Intelligence a security tool which is able to analyse data in multiple ways.

NetFlow is an open protocol which is primarily intended for monitoring of network flows based on IP flows, which provides detailed views on the traffic in a network in real time. With the help of NetFlow statistics it is possible to reveal external and internal incidents, narrow places in network, dominant sources of traffic, and to plan a future network extension effectively. NetFlow does not need derogations into monitored network except deploying of monitoring probes. NetFlow´s records include statistical data about network traffic, e.g. IP addresses, ports, sequential numbers, numbers of bytes and packets, routing information etc.

The support of NetFlow processing is implemented into Threat Intelligence as another communication channel, while existing logic of data recording (span, mirror, tap, …) is not affected. Thanks to this extension, a customer can choose which data source should be analysed, which gives him a big freedom in deciding which data source for security and network analysis to choose. There is a security behavioral analysis taking place over NetFlow data (in Threat Intelligence it is named NBA - Network Behavioral Analysis), data from other sources are checked also by the IDS module (Intrusion Detection System). It is this combination of detection technologies what helps to effectively reveal all uncommon network aberrations.

NetFlow includes versions v5 and v9, and also IPFIX with extensions defined by other producers of security tools. A great advantage is also the functionality enabling not only to accept NetFlow from multiple sources but also to use existing sources of a customer´s flow statistics.

If you have a question or you need a tailored security solution for you, feel free to contact us