Get the latest curated insights from Kemp experts straight to your inbox.
Thanks for signing up!
Flowmon and WhatsUp Gold: Automatic Threat Detection Through Single Pane of Glass
Network Detection & Response (NDR) is a key element that provides an additional level of security across the company wide network through detection of threats that bypass traditional security measures and materialize in the company’s digital environment. Progress Flowmon ADS (Anomaly Detection System) is a typical representative of an NDR system that combines various detection techniques to ensure that malicious activity is recognized and flagged as a security incident.
How To Configure Flowmon and WhatsUp Gold
In the previous “Flowmon and WhatsUp Gold: Discover application experience issues through single pane of glass” blog post we have demonstrated how IT Infrastructure Monitoring (WhatsUp Gold) and Network Performance Monitoring & Diagnostics (Flowmon) work seamlessly together to report on application performance, user experience and infrastructure status. The goal is to support IT professionals with valuable insight into performance degradation issues enabling quick recovery and restoration of requested service levels.
Flowmon 12 - Workflows and UX Improvements
We released Flowmon 12 at the end of February. The new and updated functionality in the latest version has been well received by existing users, and has prompted many new organizations to consider the product. The headline changes in Flowmon 12 are in the blog post Progress Flowmon 12 – Ultimate Enabler of Your Multi-cloud Strategy.
Flowmon and WhatsUp Gold: Discover application experience issues through single pane of glass
Have you ever experienced user complaints and struggled to find the root cause of the performance degradation? I'm sure every IT operations professional has. Is it the application? Is it the underlying infrastructure? Is it the network? What if you have a single pane of glass that will gather all the relevant metrics and telemetry and display it in an intuitive and easy to understand fashion?
How to Optimize Cloud Monitoring Costs Using Flow Logs in Progress Flowmon
This blog post discusses some of the best practices for balancing the costs of cloud traffic monitoring while maintaining a reasonable level of visibility. Progress Flowmon 12 has introduced the processing of native flow logs from Google Cloud and Microsoft Azure, plus it has enhanced support for Amazon Web Services (AWS) flow logs. This opens up interesting options for reducing the costs of your cloud traffic monitoring by leveraging flow logs in parts of your cloud infrastructure where a reduction in visibility is not an issue.
eSecurity Planet Ranks Flowmon in Best Network Monitoring Tools
Modern enterprise and SME networks are complex constructions. They comprise on-premises network equipment and servers, multiple public cloud infrastructure components, operational technology links to monitor physical items, edge networks, and large numbers of endpoint devices that connect from various locations over many different networks.
Progress Flowmon 12 – Ultimate Enabler of Your Multi-cloud Strategy
Flowmon 12 Pushes the Boundaries of Cloud Monitoring. Bring your cloud monitoring strategy to the next level with new support for native flow logs from Google Cloud & Microsoft Azure + enhanced support of AWS (Amazon Web Services).
Enhanced Network Monitoring with Progress Flowmon
Ensuring that networks and the applications they enable are performing as well as they should is a full-time and challenging task for system administrators. We've all encountered scenarios in which end-users complain that an application is slow. Then the network team says it's not their problem, and the development team (or third-party application vendor) also says it's not their problem either.
A Close Look at 3 Use Cases in Flowmon Packet Investigator 11.1
About 3 months ago, I spoke to one of our customers, an employee of an unnamed government entity, about Kemp Flowmon Packet Investigator (FPI). After giving him a short demonstration, he told me a story that happened to him just a couple of days earlier.
How to Monitor your Flowmon Appliances
Learn four methods to keep an eye on the status and operational condition of the Flowmon system.
What are network monitoring tools?
Network monitoring tools gather and analyze network data to provide network administrators with information related to the status of network appliances, link saturation, the most active devices, the structure of network traffic or the sources of network problems and traffic anomalies.
ADS 11.4 – Built with Your Feedback
The new release of Flowmon ADS 11.4 brings you the most frequently requested features.
Flowmon ADS and Check Point Integration: Automated incident detection and response
We have recently published a script for the integration of the Anomaly Detection System (ADS) with a Check Point firewall. This ensures automated threat detection and response where attackers are blocked from accessing the network resources and causing even further harm.
What to Look for in a Network Traffic Visibility Solution
As company infrastructures now sprawl across several different environments, additional tools need to be added to the portfolio. But adhering to the traditional approach of focusing on individual devices, their health, performance, and availability, only aggravates its downsides; i.e. visibility blind spots, tool disparity, and therewith connected “swivel-chair” management. The problem calls for increased network traffic visibility that does not come at the cost of extra work.
User Identity Awareness with LoadMaster ESP and Flowmon
In one of the previous blog posts from the load balancing education series, we discussed the Edge Security Pack functionality to provide an additional layer of security in front of an application workload to ensure that only properly authenticated users can interact with the application.
Global Site Load Balancing Explained
Global Site Load Balancing (GSLB) is an important part of your application infrastructure, but many people don’t understand its benefits. In this post we’ll explain how GSLB works and how LoadMaster GEO can bring big benefits in availability and performance at a fraction of the cost of alternatives.
Publishing & Securing Legacy Applications
In the previous blog post, we discussed load balancing essentials and methods of traffic distribution among the real servers. When you publish an application with Kemp LoadMaster you can add lots of extra capabilities on top of the basic load balancing.
Investigating Network Anomalies – A sample workflow
Network anomalies vary in nature. While some of them are easy to understand at first sight, there are anomalies that require investigation before a resolution can be made. The MITRE ATT&CK framework introduced in Flowmon ADS 11.3 streamlines the analysis process and gives security analyst additional insight by leveraging knowledge of adversaries' techniques explaining network anomalies via the ATT&CK framework point of view.
Understanding Load Balancing Essentials
In this post we’ll review some of the essential ideas in Load Balancing to help you understand how to get the best configuration for your application.
Flowmon Packet Investigator 11.1 - A new user experience
The Flowmon Packet Investigator 11.1 is easier to use and covers a broader scope of root-cause analysis scenarios.
Boost Your Situational Awareness With Flowmon ADS 11.3
The new Flowmon ADS 11.3 enhances your contextual understanding with built-in knowledge of adversary tactics and techniques described in the MITRE ATT&CK framework.
Science of Network Anomalies
Today’s networks have evolved a long way since their early days and have become rather complicated systems that comprise numerous different network devices, protocols, and applications. Consequently, it is practically impossible to have a complete overview of what is happening in the network or whether everything in the network works as it should. Eventually, network problems will arise.
The Flowmon Roadmap for 2021
Your feedback, current trends, and a good chunk of innovation are what shapes the current and future face of our solution. Read on to find out what is coming in 2021.
Flowmon Detects Windows DNS SIGRed Exploitation
The vulnerability called SIGRed (CVE-2020-1350) has been around for 17 years, during which time it was present in Windows Server operating systems from version 2003 through 2019 and received a maximum severity rating of 10. It was finally patched in July 2020.
5 Network Security Trends to Watch in 2021
It is not only the COVID-19 pandemic and the associated rise of remote work that is shaping the everyday routine of network security practitioners. Let's take a look at 5 major trends in network security.
How to Block an External Attack with FortiGate and Flowmon ADS
It’s a question we hear often - how to use Flowmon to block an attack? Flowmon is not an inline appliance to stand in the path of inbound traffic, so we partner with 3rd party vendors who supply equipment like firewalls or unified security gateways.
ADS 11.2 – More than ordinary blacklists
Improve your security posture with community Indicators of Compromise and use reputation data to detect threats in encrypted traffic.
Flowmon 11.1 – A time-saver
High-level information and speedy configuration for the busy network administrator.
How Flowmon Helps to Detect SUNBURST Trojan Attack in Your Network
Flowmon Anomaly Detection System from Kemp now contains Indicators of Compromise (IoC) for the SUNBURST trojan specifically. Users of the Flowmon network detection and response (NDR) tool can check if they are under attack and set up measures to detect SUNBURST.
Bridging Visibility Gaps in Hybrid Cloud Monitoring
When cloud adoption shifts from a new trend to daily reality, it causes headaches to everyone responsible for the performance, availability, and security of business services or apps. How do you monitor owned and rented infrastructure with all of their differences without creating visibility silos and ending-up with a bunch of disparate tools?
Flowmon and Kemp Together. Why it Makes Sense
For more than a decade we have been concentrating our best talents into two areas. Improving technology and making our products available globally. Now, the time has come to massively scale up our business and technological power.
Load Balancing and NetSecOps - What’s the Deal?
Kemp, known for its well-tuned and easy-to-use load balancer LoadMaster, has acquired Flowmon, extending its product portfolio and growing through acquisition. So you may ask, how does the technology fit?
ADS 11.1 - Point-and-click Analysis
Insight and ergonomy for the smart security analyst.
Changes in the Specifications of Our Hardware Appliances
Find out what applies to you.
Integration of PRTG and Flowmon
Get the most out of PRTG and Flowmon by bringing them under one GUI and allowing their complementary functionalities to work together.
Ensuring Availability and Security for Remote Workers
The year 2020 has seen various changes throughout the world but no change has seen more of an impact than the Corona-virus. During this epidemic, workers from all industries have moved from a traditional office-based role to WFH (Working From Home).
Improved FortiGate Integration
The new release of FortiOS 6.4 from 31 March 2020 brings a new and interesting feature of using webhooks for external API calls and enable automation stitches, which are easy to configure in FortiGate UI and allow you to run multiple actions.
Integrating Flowmon and LDAP/AD
How to deploy Flowmon for multiple users easily.
Configuring Flowmon Using Presets
Flowmon Monitoring Center features presets to save labor and help users understand their monitoring needs.
Key Fortinet and Flowmon Integrations: Automated Incident Detection and Response
Flowmon has recently joined Fortinet’s Open Fabric Ecosystem by integrating with FortiGate and FortiSIEM. This cooperation brings automated system for threat detection and response, blocking security risks in their infancy, and giving time to administrators to carry out forensics.
SOC Visibility Triad - Calling for the network-centric approach
Endpoint protection has been a staple since the dawn of cybersecurity, but how many endpoints are really protected? The expansion of digital environments is pushing SOC analysts towards a change of ideology.
Story of a Large Call Center
We hear many applications promise “new heights of success and prosperity for your company.” But what do you do when the application is slowing your business down?
From Packet Recording to Investigation - Advancements in the Flowmon suite
We have recently introduced the Flowmon Packet Investigator (FPI) as a successor to the Flowmon Traffic Recorder. This blog article explains the drive behind the change.
To prevail over contemporary threats you need immediate response and a high-performance detection tool - you need Flowmon ADS 11.0.
Tracking the Performance of Online Meeting Tools
Tools for online collaboration, and online meetings in particular, have begun to replace face to face contact since the global COVID-19 emergency. A prerequisite for smooth and reliable video conferencing is sufficient bandwidth and low network latency. How does this matter when everybody is working from home and IT teams have no control over the environment of individual employees?
Tracking Devices and Users in Your Network
Is the DHCP pool wide enough? How many users are authenticated during the day? On how many devices one user is authenticated? In this article, we will demonstrate how you can check it easily with Flowmon’s improved Active Device functionality.
QoS and DSCP Monitoring with Flowmon
Quality of Service (QoS) and Differentiated Services Code Point (DSCP) are mechanisms to classify and prioritize critical services such as voice or video, ensure sufficient bandwidth for company applications and provide simple best-effort service to web browsing or data transfer.
Meet Flowmon Packet Investigator
Packet capture and analysis in one - for those occasions when extra detail is needed.
Flowmon 11.0 - Insight at Your Fingertips
Fast deployment and user ergonomy. Flowmon understands that time is valuable and that’s why it’s designed to save yours.
DDoS Defender 5.2 - Precise and easy-to-use
Developments in DDoS Defender 5.2 are in the spirit of performance and user experience.
2-factor Authentication to Flowmon
In this blog, we will guide you through the process of how to enable two-factor-authentication (2FA) via TACACS+ on the Flowmon system.
Introducing Flowmon’s 2020 Roadmap
This year brings challenges to tackle and horizons to explore. Find out what Flowmon has in store for 2020.
Flowmon Incident Response
This document is aimed at operators and analysts who use Flowmon to detect and analyse security events. The document introduces a set of so-called best practices, i.e. a summary of the manufacturer's recommendations on how to proceed when analysing security incidents.
IDG survey shows gap between IT experts’ confidence and their ability to repel encrypted threats
96% of IT professionals claim confidence to repel encrypted traffic threats. Still, only one third of businesses cover all attack vectors of this steadily growing nefarious activity.
Boosting Enterprise IT to the Next Level
This is the story of a large-sized company (1000-5000 employees) that understood the importance of IT in the digital era and its business impact. The IT department needed a new impetus to reconsider tools and processes in place.
Journey from Reactive IT to Proactive Control
This is the story of a medium-sized company (250-1000 employees) on its transition from a reactive IT department that acted like a firefighter, to a modern team having full control and visibility in their digital environment.
The Upsurge of Home Office: Best Practices to Keep Your Network Secure and Running
Just like many companies in these trying times, we too have asked many of our employees to work from home to protect their health. As a consequence of this decision, our network traffic characteristics have changed dramatically. This change comes with a variety of associated operational and security challenges.
Validate Indicators of Compromise in Your Network
You may have recently come across indicators of compromise (IoC), such as malicious IP addresses, which you can use to validate whether you have been affected or not. For example, a national cyber security agency can approach you to validate specific IoCs in your environment and report back to them. Flowmon can help you with this. You can simply do a retrospective analysis and proactive real-time monitoring to detect the occurrence of such IoCs.
Network Traffic Monitoring with and without Encrypted Traffic Visibility
Having or not having an encrypted traffic analysis feature in your network monitoring system makes a huge difference.
Emotet Malware: Email Spoofer Awakening
According to IBM X-Force, the Emotet malware has recently been spreading in Germany and Japan, targeting companies in the area more and more aggressively.
5 Reasons Why Hackers Will Have a Bumper Harvest
In the coming years we can expect an even larger and more sophisticated wave of theft, fraud, extortion and deactivation of the various services run by businesses and public organisations. Here are a few reasons cybercrime will flourish in the coming years.
Enhancing Network Visibility & Security in Google Cloud
As networks grow in complexity, a proactive approach, prevention and early detection of anomalies are the only way forward toward delivering reliable, secure, and scalable services to users and customers.
New Flowmon DDoS Defender - Straightforward Performance
The new Flowmon DDoS Defender 5.0 is faster, more precise and better-looking. It combines powerful and highly customizable attack detection with an intuitive user interface, turning DDoS protection into a smooth and satisfying experience.
Monitoring Flowmon System Resources via SNMP
To monitor Flowmon system resources, we can use common monitoring tools based on SNMP.
Flowmon ADS 10.0 Facelift
The new facelift of Flowmon ADS is not just about looking better. It was purposely designed to facilitate faster analysis and easier fine-tuning while aiming for maximum user comfort.
Flowmon DDoS Defender 4.5 Released
The stable version of Flowmon DDoS Defender 4.5 is out and boasts a powerful new feature - mitigation tiering.
Four Things to Consider as You Migrate Services to the Cloud
As businesses migrate services to the cloud, the network team loses control (and visibility) on how these critical productivity apps will impact their local network(s). Please see the following considerations ...
Flowmon 10.3 Released
User experience is the driving force behind Flowmon 10.3.
Cutting SaaS Troubleshooting Time with Network Performance Metrics
With the popularity of SaaS platforms on the rise, network performance metrics become an invaluable tool in the hands of network administrators, who cannot afford to waste time resolving issues that originate outside their network.
Flowmon ADS and Integration with Security Event Management
This blog post explains how to nicely enhance logs received from Flowmon ADS in virtually any SEM/SIEM.
Flowmon Taking Advantage of Amazon VPC Traffic Mirroring
The whole IT industry has experienced a transition into cloud in past years. As a major player in Public Cloud, AWS is also one of the first considered option for Flowmon customers when designing their IT plans.
Flowmon and OpenVAS Integration
Rest API, provided by Flowmon, is a great tool to strengthen the security of organisations and enabling you to integrate FLOWMON with many existing security solutions.
Flowmon 10.2. Release News
The success of IT is measured by time and therefore this spring update comes with performance in mind, moving operations ever closer to real-time. Through our continuous research, we’ve identified the need for a variety of improvements that would help IT experts to achieve their performance metrics faster and easier.
ICS/SCADA Monitoring and Anomaly Detection
Operational Technology and Information Technology are merging. And spoken frankly, they do not understand each other. OT systems have lived for years totally isolated and now they should be connected to enterprise networks or the internet. The lack of security measures in this environment, where availability and integrity will return us back in time, means we will have to deal with the very same issues that experienced IT professionals solved 20 years ago.
What is Hidden in Encrypted Internet Traffic Streams
Full internet encryption is on the horizon and with it the risk that hackers will gain access to your computer network.
Packets and Flow Data: best of breed combination for network forensics
IT experts usually distinguish between two types of systems for network monitoring: flow-based and packet-based. But facing today's challenges brought by bandwidth explosion, new platforms and hyper-connectivity they must change their relationship from simple coexistence to fruitful cooperation. And this is exactly what we have delivered to IT ops by introducing Flowmon 10 and Rolling Memory Buffer feature. Let’s see what benefits it brings for network forensics.
How to use Network Performance Metrics with Flowmon
Using basic network performance metrics, namely Round Trip Time (RTT) and Server Response Time (SRT), is an easy-to-go way how to deal with performance issues in your network. Let’s take a closer look at how every network administrator can use RTT and SRT metrics in Flowmon.
5 predictions for cyber security in 2019
Last year completely refuted doubts about the increasing cyber security risks. Hackers, obtained sensitive data on hundreds of German politicians, including Chancellor Merkel and accessed data relating to tens of millions of Facebook accounts. The year also confirmed that hacking has become a means for political activists and an effective tool for professional criminals who have discovered a lucrative opportunity on the internet. What conclusions can we draw from these events for 2019?
3 Network Performance Monitoring Metrics to Deal with Performance Degradation
In my 20+ years career, I’ve worked with two types of technologies. Those that took extensive marketing efforts to communicate their value and failed to deliver it, as well as technologies that proved themselves quickly during a single day. Network performance monitoring using flow data is the second case. In this post, I share my experience with NPM techniques, how to take them on in a real environment and what are the typical root causes of performance bottlenecks found in network traffic.
Creating custom logs from NetFlow
Did you know you can create logs with any flow information and export it to 3rd party systems like SIEM. Check this post to see how to do it and what we have prepared for you.
DDoS Protection tool without BGP Peering Analysis? Why not?
It is difficult to count how many times I have been involved in discussions about the role of BGP peering analysis in DDoS protection. Usually, people think of how these technologies are connected together, so I have decided to share my point of view in various scenarios.
Revised Flowmon interface: First step to customer-centric UX
Revised user interface as it comes with Flowmon 10.0 is one but important stop on our long term initiative that will end up with completely new concept of the Flowmon solution providing unified view across network, application and security dimensions. Let’s see what it brings.
Flowmon 10.01 - redefined Dashboard improved Reports and much more
As a part of our long term strategy to enhance User Experience, Flowmon 10.1 comes with reworked and fully responsive Dashboard. These improvements offer ultimate flexibility to tailor Flowmon to specific customer needs and help to maximise usability. Read about more new features in this article from our Product Manager, Rostislav Listvan.
Let’s talk PoC
Whenever you want to buy something new, you may entertain doubts about a product you have never tried out before. Although the product appears great on paper, often you want physical proof to persuade you that the product is well-suited to your needs.
Nail These 6 Encrypted Traffic Cases with Flowmon
There is no doubt SSL/TLS offers major benefits, such as confidentiality and integrity. However, it also creates challenges. For instance, visibility gaps and management overheads. Furthermore, malicious threats are evolving and adopting encryption to cover their tracks. In this article, we'll look at how Flowmon can help tackle some of these challenges.
Introducing flow formats and their differences
There are multiple flow formats. What are the differences? Which are supported by Flowmon? Check the post to see the answers.
What made us create Distributed Architecture
Developing hyper-scalable network analytics design, called Flowmon Distributed Architecture, was one of the biggest technology challenges we’ve faced to date. What were the drivers behind this resource demanding development project?
Can Flow Monitoring Work on Encrypted Traffic?
Encrypted traffic is on the rise. It's no longer possible to inspect the content of the communication. What does this mean for network traffic monitoring?
Resource Misuse Detection with Flowmon ADS
An example on how flowmon helps to detect unwanted software running on your network.
New major release of Flowmon Traffic Recorder is now available. Whenever you need to go beyond flow visibility level, Traffic Recorder is here to help with scale from 1G up 100G networks. Version 10.0 comes with fully flexible capture criteria and in-memory rolling buffer for raw packets. Don’t miss a packet and don’t miss this blog post.
Customer experience: Deploying Monitoring as a Service in Amazon AWS and Virtual Environments
Here are some conversations that I am having with increasing regularity after the established need for installing network monitoring and security protection.
Flowmon 10.0 - Where the Revolution Begins
The new major Flowmon release is out. Take a sneak peek into the Flowmon 10.0 revised user interface and the concept of distributed architecture in this article from our CTO, Pavel Minarik.
Where do the Flows Come From?
Flow data is the basis of modern network monitoring, helping administrators to ensure the reliability and security of the given environment. But where does flow data come from? There are several options how to get flow data with each option having pros and cons. Let us go through them.
Integration Baby Steps with Flowmon REST API and Python Requests Library
One of the ways Flowmon integrates with 3rd party solutions is by using REST API. In this article, we provide examples and show how easy it is to use the REST API to get the data from Flowmon.
Flowmon brings visibility to Azure via VTAP
Flowmon introduces native Azure public cloud deployment. Just launch a virtual collector in Azure, start collecting flow data or take advantage or Microsoft Azure VTAP to mirror traffic into monitoring ports of collector.
Debunking 4 Myths about NetFlow data
Flow data (NetFlow/IPFIX, etc.) has been generally known about in the IT community for years, and is used, for example, in use cases such as billing, capacity planning and DDoS protection, primarily in the Telco segment. Enterprises, their IT managers and CIOs have only recently started exploring its tremendous potential. Yet, myths preventing faster adoption of flow technology are still being perpetuated in the networking community. Let's look at the 4 major ones.
Docker in Flowmon
Check this post to see how you can use recently added Docker to install custom packages and applications in Flowmon solution.
Flow Analysis Using Filters - DNS and Workstations
In this step by step guide you will learn how to use filters to analyze network traffic and better understand your network.
Gert-Jan de Boer
Prevent malware spreading with automatic client isolation using Flowmon ADS and Cisco ISE
Today, threats are not only limited to the internet. Organizations face guests and employees who connect their own equipment into the network or take company equipment home with them. A firewall with IPS capabilities, such as a next generation firewall, is a good first measure to protect against modern day threats, but they will only protect what goes in and out at the network perimeter.
Secure monitoring of Flowmon resources
Today we will show you how to configure secure monitoring of Flowmon appliance using SNMPv3 in several easy steps.
Defending Networks With "Best of Both Worlds"
More and more organisations are struggling to keep up with the rapid IT developments and the increasing number of attacks. One thing is for sure, neither are going to get any less. That is why it is important to implement a strategy and solutions that are flexible scalable in order to continuously anticipate changes. In terms of security this can be done by combining the best of both worlds. Packet capture from the legacy world and self-learning flow monitoring from the digital transformation.
Helping you keep your web application users satisfied
There is an app for everything, or so the saying goes. Nowhere is this truer than in the world of business. Organizations increasingly rely on their applications performing to the maximum to guarantee the happiness and satisfaction of their end users. The sheer number of web applications is astounding.
Adaptative DDoS Attacks - Commercial and Operational Savings Tips
DDoS attacks have increased by 16% since the beginning of 2018, achieving record high throughput volumes (1.35Tps) and featuring adaptative mechanisms and new attack vector techniques.
Integrate Flowmon ADS with Hillstone iNGFW for Ultimate Protection
Network Behavior Analysis and firewall solutions nicely complements each other. Let’s check how to integrate Flowmon ADS with Hillstone iNGFW for comprehensive network security.
Flow Analysis Using Filters – Exploring DNS Communication of Servers
In this step by step guide you will learn how to use filters to analyze network traffic and better understand your network.
Get the most out of the profiles in Flowmon Monitoring Center
Today we will learn the concept of profiles in Flowmon Monitoring Center and examples how to get the most out of them.
Success Story: East-West Traffic Visibility Enabled by Flowmon Probes
One of the largest banks in the world is using Flowmon thanks to probe’s wide L2 and tunneling protocols support including Overlay Transport Virtualization.
Crypto-jacking, Crypto-mining and Crypto-currency security
Earlier this year, news was reported about Slovak Telecom secretly injecting a crypto-mining script into a website that users accessed. This was all done, apparently, without the consent of Slovak Telecom - a member of Deutsche Telekom – users. Specifically, the mobile TV Magio Go website was used, running a script that resulted in maximum processor overload due to Monero crypto-mining.
Define Profiles Automatically Using Script
Creating profiles can be time consuming, especially in large and changing network infrastructures. Today we will show you how you can save your time using script to create profiles automatically.
Business Benefits of Network Behavior Analysis
When we talk about the business value of a tool or a system that (at first point) may seem like a “nice to have” or “helpful but not absolutely necessary” technology or system, it is good idea to start this discussion by putting some things in perspective.
Monitor user behaviour to detect Insider Threats
The risk of Insider Threats has grown massively with attackers getting around the increasingly complex perimeter protection of Enterprise organisations. It is one of the most common ways customer data or industrial and trade secrets are leaked. This very complex topic includes countless types and techniques. Let us see how such behaviour could be detected at a network level.
What's new in Flowmon 9.01
Flowmon 9.01 has recently been released as a beta version for users to take a look at before its fully official release. The new version comes with a completely new flow forwarding engine, brings Flowmon closer to the cloud, introduces 1 minute profiles and much more.
Time for database accounts audit
With Flowmon solution you can easily automate the detection of users, applications or administrations accounts in MSSQL databases. New attacks have been spreading on internet since the end of 2017 and with the new year it is the right time for small check if you are not one of the victim.
Flowmon ADS integration with Elasticsearch
ElasticSearch gathers more and more enthusiasm on the IT market. Released versions of ElasticSearch put the project into the group of most important solutions in Open Source community. Growing number of leading market companies decide to learn more about the solution what becomes a real alternative for Big Vendors products.
Success story: Flowmon helps MSP to deal with DDoS attacks
Aspire, award-winning managed services
company specialising in hosted services and data centre solutions started to become the victim of several large volumetric style DDoS
attacks, aimed at both its network and the networks of its customers.
Ixia Threat Armor Integration with Flowmon ADS
An easy way to relieve your security teams and strengthen overall enterprise security.
Detect Web Cryptocurrency Mining With Flowmon
Don't forget to include your network into your GDPR strategy
The General Data Protection Regulation (GDPR) will strengthen and unify data
protection for individuals within the European Union (EU), whilst addressing the export
of personal data outside the EU. This directive is very much about processes - some
of which inherently need to be supported by technologies. There is no single tool
or platform, and incorporating dozens of technologies isn’t the right way to go.
Both financially and technically-wise.
Don’t Go Down The BadRabbit Hole
Yet another ransomware campaign called BadRabbit has recently started to spread. Not to worry though, Flowmon helps to detect the BadRabbit as well as other rising threats and allows you to react immediately.
Worrying About Your WiFi Security Due to KRACK Vulnerability?
Widely used WPA2 standard for WiFi Networks has been broken and it will take months to patch all affected appliances. It is a right time to consider how powerful your security is in order to deal with such a situation. Using Network Behavior Analysis immediately alerts on behavior deviations and reveals even zero-day threats.
HUNTING FREQUENT AND DANGEROUS #2: Protection against Malware, Ransomware and Zero-day exploit
In our previous articles we discovered the most common types of cyberattacks. We also learned how they are designed and how they operate. Such understanding helps us build adequate and effective protection strategies. This time we'll focus on Malware, Ransomware and Zero-day exploits.
Customer Success Story: When Automation Fails
Almost every vendor, Flowmon included, claims its NPMD solution delivers automation, machine learning, context analytics and other modern features. So, it is easy for admins to handle networks today, right? Well, it is not and feedback I get from Level 3+ engineers of 50 thousand people bank proves that sometimes automation is not enough.
Flowmon Studio #13 - What Stuart Smith has learned during 17 years of expertise in APM
Some of you may have seen our Flowmon Studio series. Over the years, we’ve become experts in network visibility and security. It appears that becoming experts in video shooting will take more than our current 12 episodes. Recording of an interview with APM expert with 17 years of experience and our latest member of the Flowmon UK team, Stuart Smith, went wrong. But such a small failure was never going to stop me from sharing Stuart’s priceless thoughts, at least the old way - in written form.
Native Support for DDoS mitigation with F5® DDoS Solutions
Flowmon Networks and F5 Networks have joint forces to protect Service Providers and their enterprises customers against DDoS attacks. The integration of Flowmon’s fast flow-based DDoS detection with F5 Networks’ out-of-band mitigation solution provides timely and effective protection for service providers and their customers.
Fast DDoS Detection and Mitigation in SDN Environment
DDoS attacks are still growing threat to all businesses dependent on the connectivity. There are several approaches to protect against DDoS attacks, where the most cost efficient one is the out-of-path strategy to detect and mitigate the attacks. But how it fits SDN environments?
Gift For Our Customers: Flowmon APM TG For Business Critical Application Monitoring
This brand new module in the area of APM allows a way to monitor the availability of your business critical applications. The module is free for all our customers for a limited period. Check this post to see how you can get it today, for free.
Nowadays anyone can hold you to ransom on the internet
In the past years illegal activities have been moving more and more into the virtual world. Many types of cyber-attacks are now also able to be used in specific “business” activities.
Artificial Intelligence will be the decisive factor in the fight against cyber-threats
It has been almost 50 years since the world's first computer virus was seen. Over the years, it has evolved from the amusement of a handful of enthusiasts into an extensive business that is endangering companies every day around the world. Modern technologies enable these companies to face these threats. One of these is the artificial-intelligence for network analysis through which, the European company Flowmon Networks broke through to the world.
Three Steps to Monitor Cloud Services Usage
Are you using cloud services and don’t know why they are slow or how much data is transferred? The answers are in Flowmon.
Detect ExPetr/Petya wiper
A new malware attack is spreading on the internet and causes big troubles to users and administrators. Find out how Flowmon helps with this recent threat.
DDoS Protection in SDN Based Networking
The efficient out-of-path DDoS detection and mitigation is not always available out of the box in virtual networking such as Contrail. Check this post to see how to generate NetFlow in Juniper Contrail Networking SDN environment and use Flowmon DDoS Defender for traffic rerouting and automated DDoS Mitigation.
Hunting Frequent and Dangerous #1: Protection against Pharming, Phishing and Botnets
In our previous article we discovered the most common types of cyberattacks. We also learned how they are designed and how they operate. Such understanding helps us build adequate and effective protection strategies.
New Generation of Flowmon Solution Arrives
The new generation of Flowmon solution has arrived. Besides improved solution performance, you can look forward to new and interesting features. Come and find out what is new.
Apply monitoring of AMT attack for your datacenters and users
The attack to Intel based hardware is still going on via Intel® Active Management Technology.
More than one month known critical vulnerability CVE-2017-5689 (CVSS score 9.8) is not patched fully yet by new BIOS versions and we are not fully focused on the risk as new threats like WannaCry or SambaCry are coming in last weeks.
Using Behavior Patterns to Detect Rising Threats
We witnessed an unprecedented global outbreak of WannaCry infection last week. Let’s examine how one can detect and minimize the impact of WannaCry as well as other rising threats with the new feature in Flowmon ADS module.
Flowmon Sales Training: The Making of
Some people educate themselves because they are personally interested in the topic. For some, education is compulsory while others are just looking for a better qualification. The best way we can share our experience from selling Flowmon with you is through training and workshops. A video session of a few hours should be better fun to watch though and with this idea in mind we decided to create a whole new type of experience for you. This is how we made it.
Reasons not to worry about GDPR and NIS
Brace Yourselves for the new European legislation on data and network security coming soon! Get ready to invest millions in technologies and hire dozens of new employees. The whole world as we know it will never be the same again.
Network visibility in the SCADA/ICS environment
Security in the SCADA/ICS environment is a much discussed topic today. In the past these systems were strictly separated. But their connection to common computer networks has opened new opportunities for attackers. How the network visibility combined with real-time anomaly detection helps to protect SCADA/ICS environments?
What is your network’s real performance?
If you are unaware of the actual figures, this post will give you the answer. Network Performance Monitoring enables you to avoid network infrastructure downtime, identify bottlenecks and troubleshoot performance issues. So let us take a close look at NPM metrics today.
What's new in Flowmon 8.03
Flowmon 8.03 is here with new interesting features such as NPM metrics visualization, broader L7 visibility, encrypted flow export and much more.
Writing a custom script for Flowmon
Previously, we got familiar with alerting in Flowmon. Today we will learn how to write a script which can be triggered by the alert.
Alerting in Flowmon Monitoring Center
Using alerts can significantly simplify your life. There is no need to sit in front of a monitor and search for operational problems in your network. In this blog post, we will go through the capabilities of automatic alerting in Flowmon Monitoring Center.
5 things that pay off when doing PoC projects
Every customer wants to be sure they are making the right decisions. PoC campaigns are a great way to achieve this and also how to distinguish between empty phrases and real benefits.
Pros and Cons of Agent-less Application Performance Monitoring
Network-based Application Performance Monitoring solution measures delays in network and application for all transactions of all users. If any problem occurs, it immediately reports and alerts the administrator and provides all necessary data to point out the cause of the performance issues. It is often compared to traditional APM solution, so let's see where the limits of such agent-less solution are?
Configuring Palo Alto NGFW Flow Export to get Additional Layer of Security
Today we will take a look on how to configure Palo Alto NGFW NetFlow export to Flowmon solution.
Tuning the Network Behavior Analysis
Today, we are busting a myth about configurating and tuning of the NBA / UEBA solution to be time consuming project. Come and learn how you can tune Flowmon ADS in an hour.
Flowmon ADS integration with Splunk
In most organizations security issues are the responsibility of many teams. Each of them manage
only a selected part of the infrastructure and the global view is missing. Learn how to get overview of the entire environmnet with Flowmon ADS integration with Splunk.
Enterprise network security 101: Make the most out of your investments in SIEM
With the rising number of devices and services in the network organizations face the problem where requirements of ensuring security and smooth operations goes far beyond human capabilities. SIEM would solve the problem you think. But this answer is just not good enough. Let’s see how we can do better.
Getting the Flows to Cloud Securely
Nobody wants to share his communication with the public. And customers of cloud services based on flow data analysis are no exception. They need to be sure that their traffic is not “overheared” when sending data to cloud provider through public network. With Flowmon this is not an issue anymore. Welcome to the flow data encryption.
For six years I’ve been standing in the front line of Flowmon international business development. As an area manager I’ve launched operations on several markets across Europe. Usually with no brand awareness, no partners on the target market and with inexorable KPIs hanging over my head like the Sword of Damocles . In this article I’m sharing my experience and identifying six key must-haves when developing a new market.
How Flowmon can help you grow your career?
Three weeks ago I was giving a presentation to a customer and you wouldn’t believe what question I have received. “So how the deployment of Flowmon can help me and my colleague to grow in career?” Wow!
Frequent & Dangerous: Discover seven cyberattacks you will face sooner or later
“Cybercriminals to compromise company: business loses $56 million.” Do you find this headline familiar? Such front-page news and analysis of large-scale attacks hit us every day. In this article I don’t want to talk about them. I would rather explain the very common techniques that are often used and what lies behind the word ‘compromise’. Have you ever met Hitchcock’s electronic birds or sirens luring you into a trap?
Encrypted flow forwarding and other news in Flowmon 8.02
New version of our flag ship product has been released as a Flowmon 8.02. One of the most important feature is reliable and encrypted flow forwarding option. It also brings reinvented view on Active Devices as well as new active device related widgets for Flowmon Dashboard. In addition, Flowmon 8.02 supports IPFIX items with variable length and Cisco AVC HTTP values.
DNS Monitoring in Flowmon – part 2/2
Today we will have a look on how our advanced behavioral intelligence of Flowmon ADS can detect DNS service related security incidents and how it helped our customer find malware infected hosts in the network.
DNS Monitoring in Flowmon – part 1/2
DNS is one of the most essential network services - often poorly monitored - and any outages may lead to a major business impact. Let’s take a look how Flowmon is able to monitor DNS protocol and how you can benefit from it.
System for sharing and analysis of security events in Czech cyberspace
Our network monitoring abilities grow every year, but our viewing glass
is largely limited to the network we manage.
But what if we have information about what has just happened in other
Just like David and Goliath. How DDoS Defender Succeded
I’m having a goose bumps as I’m holding a fresh case study of a Managed Service Provider from the Netherlands. It was not an easy task to fulfill their technical requirements and, what’s more, the competition was already deployed!
Feeding the Flowmon Solution, The Benefits of Aggregating Network TAPs
Network visibility and monitoring is critical to understanding how our network monitoring tools are performing. In today’s economy performance equates to dollars; having real-time visibility allows for quick troubleshooting and reduced mean time to resolution (MTTR).
Network-based Application Performance Monitoring
Are you interested in how your application behaves to your customers or employees from their point of view? What is their user experience? With network-based Application Performance Monitoring you can measure delays in network and application for all transactions of all users. Check this blog post to see how it works.
Flowmon Mobile Dashboard Into Your Pocket
Meet Flowmon Mobile Dashboard! Try out our new app for iOS and Android platforms. Installing and launching the app to a smartphone or tablet, you are connected to your Flowmon appliance instantly. You can easily browse widgets and swipe among your individual dashboard panels to see, what's happening in your network anytime. Follow just three steps to use the app.
Extended visibility and Flowmon Dashboard
In previous blog posts we described big news in Flowmon 8.0 – new architecture of Flowmon Collectors, DHCP. Today we will have a quick look at another new features in Flowmon 8.0.
Malware in a view of Network Behavior Analysis
More than 75% of companies is infected by malware and they don't know about that. This is not an overstated declaration, this is todays reality. Network Behavior Analysis technology helps to uncover threats in the infrastructure that may sooner or later take your money. Check out this blogpost to know how NBA deals with malware.
DDoS launched via IoT is reality. The importance of early detection grows
In February last year, one of the leading internet service providers in Slovakia suffered from the largest DDoS attack in the history of the country. The total volume of the attack exceeded 400 Gbps. Servers of its customers were down for tens of minutes… and not only the targeted ones. The attack wasn’t identified by automated tools and few hours passed from its start to successful resolution of the situation and restoration of the services.
Continuous packet capture or flow monitoring?
We in Flowmon Networks believe that merging flow and packet level visibility into one versatile solution is the technology that will help us to scale to future performance and capacity needs while preserving detailed information about network traffic.
DHCP Monitoring in Flowmon 8.0
New major version of our flagship product Flowmon was recently released. We are tirelessly following our vision to provide customers with a complete understanding of what is happening in their networks. In order to do that, we enrich flow data (information from network and transport layer) with information from application protocols (application layer). Let’s look at the new L7 protocols we have added to Flowmon 8 and dig little bit deeper into DHCP.
Intracloud DDoS detection and mitigation using SDN
DDoS attacks are today’s common threat. In most cases, the attackers flood customer’s network from the outside. But what if you are a cloud provider and the DDoS attack doesn’t come from the outside? What if both the attacker and target are inside the same cloud? Can you protect your customer then? Check this post created by Konstantin Agouros, Solution Architect Security Technologies at Xantaro and see, how Flowmon DDoS Defender and OpenDayLight protect against DDoS attack in cloud environment.
New Architecture of Data Storage in Flowmon 8.0
We've just proudly released new major version of our flagship product – Flowmon 8.0. The new version comes with a significant change of architecture of flow data storage. Moreover, Flowmon 8.0 extends visibility in L3, L4, L7 and improves central dashboard, reporting capabilities and brings other handy features.
New architecture of flow data storage dramatically increases number of flow sources per one collector appliance, enables new features and consequently brings new concept of profiles.
Flowmon ADS & Cisco APIC-EM Integration
In the end of year 2015 we announced new collaboration with Cisco. By integrating Flowmon Anomaly Detection System (ADS) with Cisco’s Application Policy Infrastructure Controller Enterprise Module (APIC-EM), the companies will provide administrators with agility when provisioning quality of service and executing security policies across the entire network. Check out how Flowmon ADS and Cisco APIC-EM overcome cyber threats and secure network infrastructure.
External Storage Backup & Restore of Flowmon Profiles
A profile in context of Flowmon is a specific view on flow data stored in Flowmon Collector. It is defined by name, type, combination of profile filters and for a continuous type of the profile also size of allocated quota. Exceeding the quota causes an expiration of the oldest data, which is overwritten. A new feature allows to backup the profiles to defined external storage and restore them vice-versa whenever needed.
Dynamic Baselining and Adaptive Threshold in DDoS Defender
Dynamic baselining allows to respond to increasing volumes of traffic based on adaptive thresholds and defined rules. Flowmon Networks has introduced DDoS Defender for DoS/DDoS detection and subsequent mitigation in May 2015. Since version 2.0 released on October 2015, Flowmon DDoS Defender monitors traffic volume characteristics based on adaptive thresholds.
Internet Service Providers to Deliver Security as a Service with Flowmon
Some of significant present cyber threats are the attacks targeting government or finance institutions to cut them off the Internet, penetrations into protected systems or malware earning money for its creators. Most of these attacks come from computers of unsuspecting users that are under control of attackers and are part of botnet. What if an ISP protects end customers and connectivity provider protects ISP against cyber threats including DoS/DDoS?
VoIP traffic monitoring use-case
Are your VoIP bills too damn high? Are you paying more than you should? Maybe you don’t even know it! You might have a similar problem as our customer had. Let’s see what the problem was and how Flowmon solved it in following use-case.
How SEGA Switched to the Next Level of Network Monitoring
Cooperation with innovative businesses that have become iconic in their fields is always challenging to us. Especially when such a firm comes from Japan, famous for its quality requirements. These factors came together in our project for SEGA, a legendary interactive entertainment company.
Measuring TCP Retransmissions in Flowmon
Network Performance Monitoring was extended with monitoring of TCP retransmissions and out of order packets. Using these metrics we are able to identify data transfer issues. This article explains TCP retransmissions and shows how to easily measure them and how it helps network administrators to identify network issues and troubleshoot the network.
Extended Active Devices
How often you need to know, who is sitting behind devices in your network, who communicated in certain time frame or a month ago? Flowmon solution provides reliable user identification based authentication logs combined with flow data. The ability to monitor active devices in your network brings new benefits like user identification and host OS identification.
Flowmon-GÉANT Story: Monitoring Network with 50 Million Users
Big things in life have quite beginnings sometimes. More than ten years ago, a small group of Czech scientists worked for the pan-European association GÉANT. They had no idea that this project would change their lives forever and give a rise to the Flowmon solution which would one day monitor and secure pan-European network which is used by 50 million users.
Flowmon Monitoring Center vs. Flowmon ADS
Why would you need Network Behavior Analysis once you have deployed flow collector and traffic reporting? Well, there are scenarios where automatic anomaly detection goes far beyond capabilities of flow collectors. Are you using Flowmon Monitoring Center and still don’t have Flowmon ADS? Find out in 7 minutes how you can extend your Flowmon deployment with Network Behavior Analysis module.
User identity as part of flow data
How often you need to know who is sitting behind that IP address right now or who was logged there one month ago? Flow monitoring will give you information about IP, MAC address or DNS name but getting the user identity is usually time consuming task of analyzing the auditing logs of Active Directory or network access control system.