Why use NetFlow?
NetFlow and its variants such as sFlow and IPFIX allows efficient monitoring of communications between devices across the network. Unlike packet capture (PCAP), which involves the collection of traffic via specialised hardware, NetFlow is generally available as standard in most networking equipment today. It can be enables via a few simple configuration commands and allows collection of data at a fraction of the overhead of PCAP.
NetFlow analysis technologies are readily available, though few – like Rebasoft – offer the detailed analysis capabilieis needed for security threat detection, application performance and troubleshooting problems. Rebasoft’s NetFlow technology – in a specially optimised component called “Application Auditor” – delivers a number of key capabilities:
- Masquerade hacks – to see if a hacker is using a compromised system as a “stepping off” point to attack other systems
- Critical device protection – ensures that printers, EPOS and other IoT systems are not compromised
- Malware worm – detects unusual communications between systems that can indicate malwar spreading
- Botnet/reputation – detects connections or attepted connections to “bad” sites which might contain malware or even command an control systems for an existing malware infection
Besides the security use cases, Rebasoft’s collected data can help your network teams with
Saving you money on duplicate systems and reducing downtime