Every router, switch, and firewall in a network can export flow. The first place to deploy flow collection is at the border routers, which is great for detection of large DDoS attacks and analyzing peering relationships. Great additional value is gained by collecting flow from switches and routers inside the network, where lateral movement by bad guys can be detected, port scans can be seen, and data leaks can be caught. FlowTraq learns what is normal so it can detect abnormalities.
When smart hackers gain access to your network, they inventory your assets and attempt to creep deeper with the goal of finding ever-more-valuable data to steal, including customer records, credit cards, and other sensitive personal information. Hackers will compromise as many systems as possible to aid in DDoS attacks, or even Bitcoin mining. Hackers will download malware from outside your network and run new services inside your network. These are the red flags that FlowTraq detects.
The power of visibility cannot be understated. If you only watch the gate, how can you tell if the enemy is climbing over the back wall? NetFlow and sFlow are ubiquitous, and FlowTraq does not limit or restrict device or interface count. Simply set up the export on as many devices as you can, and start catching the bad guys.