Modern network devices can create 400K flows / sec. (1.6TB/day of NetFlow data from a single device) and NetFlow collectors are incapable of processing that much data at reasonable cost. Not to mention netFlow collectors / analyzers often are isolated from other log management tools, so this problem requires a drastically new approach.
The Solution – Consolidated Flow Information
- Consolidated flow information is sent to SIEM in syslog format
- SIEM may request to provide detailed NetFlow data in Δ t around interesting events
NetFlow Logic creates breakthrough performance, scalable software solutions for real time enterprise security, application and network optimization and monitoring. Integrating these solutions with existing security information and event management (SIEM) and system management investments increases network visibility and security awareness providing key real time operational insights. Not only are our solutions the most cost effective; they improve the ROI of other SIEM and system management tools.
- Traffic Summary
- The number of network policy violations, such as ACL, exceeds a certain threshold
- A host on internal network generates unusual traffic volume
- Events based on host reputation
- A host on internal network generates unusual number of connections
- And so on… just add rules to NetFlow Integrator
LCN Services is a full-service IT consulting company specializing in designing and implementing Application / Service Delivery focused solutions for businesses and organizations across North America. From solution architects to infrastructure engineers to project managers, we bring the optimal mix of technical skills and industry knowledge to every engagement.