Because technology continues to evolve and gets smarter and faster every day, old labels don’t necessarily equate to old technology. For instance, today’s cars are equipped with Bluetooth and blind spot detectors and automatic starters, yet they are still cars — just like your father’s Oldsmobile (or more likely your grandfather’s).
Along those same lines, significant innovations in server hardware and software allow network flow data (e.g., NetFlow, jFlow, sFlow and cFlow) to provide so much more information and value than they did 15 years ago — far beyond network analysis. That level of detail can be the difference in detecting network threats more quickly and keeping your network safe.
Network flow data today can provide so much more value than simply frame packet transfers or information on network bottlenecks. Significant technological advances in flow analysis allow companies to analyze data in a way that makes it much more effective for security threat incident detection than it was even just a few years ago. For instance:
Because of the technological advances mentioned above, today’s network flows are some of the best sources for security incident threat detection. For example, they:
FlowTraq is unique in the way it uses network flow data to address many of your network security-related business problems with one powerful tool.
Whether you have limited resources in terms of network security talent or you have a dedicated 24/7 cyber hunt team, FlowTraq can help by being supplemental eyes and ears, alerting you to network anomalies and unusual or suspicious network activity. With FlowTraq you get security incident detection in real time, at a surprisingly affordable price, so you can respond accordingly.
Our unique technology approaches network security incident detection in a completely different way from other solutions. FlowTraq minimizes the time required for auditable recourse after a security breach, expands the capacity of security analysts to monitor ever-increasing network traffic volumes by focusing them on what needs attention right now, and boosts anomaly detection performance when deployed across multiple processors. We’re able to do this because of three essential ingredients.
FlowTraq’s full-fidelity feature allows for more powerful analysis and forensic capabilities than traditional network flow collectors. High flow traffic volumes can be more demanding on the hardware; fortunately, server hardware is more powerful and affordable than ever and FlowTraq is designed to take advantage of multi-core processors and virtual environments.
A FlowTraq server handling a 24/7 sustained flow rate of 25,000 updates per second can be configured, for instance, on an 8-core CPU and with 8GB of RAM per core, for a total of 64GB. Disk space configuration can be matched to your required retention period. Full-fidelity retention of 25,000 flow updates per second will consume about 1TB per week; therefore, keeping three months of flow data at a saturated 10Gbit network will take about 12TB.
In demanding environments, such as those with a flow load higher than 25,000 updates per second, many FlowTraq users run more than one FlowTraq server in a cluster configuration. This automatically balances the processing load over multiple systems and is completely transparent to the user. For example, a cluster of eight FlowTraq nodes will handle 200,000 flow updates per second of full-fidelity flow data.
While 80 percent of users rely on flow data just for network traffic volume monitoring, FlowTraq uses that same data for security incident detection including data loss, DDoS attacks, network scans, worms, insider threats and more by using a unique and fast software architecture that takes advantage of the resources you already have. The scalable architecture, use of algorithms and a proprietary database all add up to make FlowTraq an unparalleled tool for security incident detection.
FlowTraq can help you get the most from network flow data. Try it for yourself – request a free 14-day trial.