Flowmon blog

Blog of new releases and updates

Ransomware: Latest Variants and Trends on the Rise

A ransomware attack is one of the effective strategies cybercriminals use to encrypt users’ data and prevent them from accessing it until a ransom amount is paid. While the rate of ransomware attacks is less than other malware types, including viruses and trojans, it can have severe consequences on businesses and individuals alike. Ransomware attacks have been on the rise since 2018, reaching their highest at 68.5% in 2021.

Slow App? Where's the Problem?

Hands up if you have dealt with an issue like the following. It seems to be an ordinary day, and applications and networks are running normally. During the morning, reports start to come in from users saying that applications have longer than usual response times. Oh no! It's the start of a dreaded "it's running slowly!" problem that lives in the nightmares of system admins everywhere.

Battle the Ransomware Scourge with Deep Network Insight

Ransomware is the gift that keeps on giving. Old as it is (33 years) ransomware is constantly morphing into new exploits. The reason is simple. Ransomware works and too often cybercriminals walk away with bags of money (or piles of Bitcoin, anyway).

Cutting through the noise

Regardless of where you work in IT you’ll be familiar with the problem of alert fatigue and dealing with the endless streams of telemetry, alerts and notifications. While it’s often the background to daily tasks this is never more visible than when dealing with a time sensitive incident such as a critical outage or a security breach. In this post we’re going to look at how Flowmon Anomaly Detection System (ADS) can help you quickly and accurately identify essential details of a security breach that cuts through the noise and allows you to respond to the incident and mitigate the root cause with confidence.

Flowmon and WhatsUp Gold: Automatic Threat Detection Through Single Pane of Glass

Network Detection & Response (NDR) is a key element that provides an additional level of security across the company wide network through detection of threats that bypass traditional security measures and materialize in the company’s digital environment. Progress Flowmon ADS (Anomaly Detection System) is a typical representative of an NDR system that combines various detection techniques to ensure that malicious activity is recognized and flagged as a security incident.

How To Configure Flowmon and WhatsUp Gold

In the previous “Flowmon and WhatsUp Gold: Discover application experience issues through single pane of glass” blog post we have demonstrated how IT Infrastructure Monitoring (WhatsUp Gold) and Network Performance Monitoring & Diagnostics (Flowmon) work seamlessly together to report on application performance, user experience and infrastructure status. The goal is to support IT professionals with valuable insight into performance degradation issues enabling quick recovery and restoration of requested service levels.

Flowmon 12 - Workflows and UX Improvements

We released Flowmon 12 at the end of February. The new and updated functionality in the latest version has been well received by existing users, and has prompted many new organizations to consider the product. The headline changes in Flowmon 12 are in the blog post Progress Flowmon 12 – Ultimate Enabler of Your Multi-cloud Strategy.

Flowmon and WhatsUp Gold: Discover application experience issues through single pane of glass

Have you ever experienced user complaints and struggled to find the root cause of the performance degradation? I'm sure every IT operations professional has. Is it the application? Is it the underlying infrastructure? Is it the network? What if you have a single pane of glass that will gather all the relevant metrics and telemetry and display it in an intuitive and easy to understand fashion?

How to Optimize Cloud Monitoring Costs Using Flow Logs in Progress Flowmon

This blog post discusses some of the best practices for balancing the costs of cloud traffic monitoring while maintaining a reasonable level of visibility. Progress Flowmon 12 has introduced the processing of native flow logs from Google Cloud and Microsoft Azure, plus it has enhanced support for Amazon Web Services (AWS) flow logs. This opens up interesting options for reducing the costs of your cloud traffic monitoring by leveraging flow logs in parts of your cloud infrastructure where a reduction in visibility is not an issue.

eSecurity Planet Ranks Flowmon in Best Network Monitoring Tools

Modern enterprise and SME networks are complex constructions. They comprise on-premises network equipment and servers, multiple public cloud infrastructure components, operational technology links to monitor physical items, edge networks, and large numbers of endpoint devices that connect from various locations over many different networks.

Enhanced Network Monitoring with Progress Flowmon

Ensuring that networks and the applications they enable are performing as well as they should is a full-time and challenging task for system administrators. We've all encountered scenarios in which end-users complain that an application is slow. Then the network team says it's not their problem, and the development team (or third-party application vendor) also says it's not their problem either.

A Close Look at 3 Use Cases in Flowmon Packet Investigator 11.1

About 3 months ago, I spoke to one of our customers, an employee of an unnamed government entity, about Kemp Flowmon Packet Investigator (FPI). After giving him a short demonstration, he told me a story that happened to him just a couple of days earlier.

What are network monitoring tools?

Network monitoring tools gather and analyze network data to provide network administrators with information related to the status of network appliances, link saturation, the most active devices, the structure of network traffic or the sources of network problems and traffic anomalies.

What to Look for in a Network Traffic Visibility Solution

As company infrastructures now sprawl across several different environments, additional tools need to be added to the portfolio. But adhering to the traditional approach of focusing on individual devices, their health, performance, and availability, only aggravates its downsides; i.e. visibility blind spots, tool disparity, and therewith connected “swivel-chair” management. The problem calls for increased network traffic visibility that does not come at the cost of extra work.

User Identity Awareness with LoadMaster ESP and Flowmon

In one of the previous blog posts from the load balancing education series, we discussed the Edge Security Pack functionality to provide an additional layer of security in front of an application workload to ensure that only properly authenticated users can interact with the application.

Global Site Load Balancing Explained

Global Site Load Balancing (GSLB) is an important part of your application infrastructure, but many people don’t understand its benefits. In this post we’ll explain how GSLB works and how LoadMaster GEO can bring big benefits in availability and performance at a fraction of the cost of alternatives.

Publishing & Securing Legacy Applications

In the previous blog post, we discussed load balancing essentials and methods of traffic distribution among the real servers. When you publish an application with Kemp LoadMaster you can add lots of extra capabilities on top of the basic load balancing.

Investigating Network Anomalies – A sample workflow

Network anomalies vary in nature. While some of them are easy to understand at first sight, there are anomalies that require investigation before a resolution can be made. The MITRE ATT&CK framework introduced in Flowmon ADS 11.3 streamlines the analysis process and gives security analyst additional insight by leveraging knowledge of adversaries' techniques explaining network anomalies via the ATT&CK framework point of view.

Understanding Load Balancing Essentials

In this post we’ll review some of the essential ideas in Load Balancing to help you understand how to get the best configuration for your application.

Science of Network Anomalies

Today’s networks have evolved a long way since their early days and have become rather complicated systems that comprise numerous different network devices, protocols, and applications. Consequently, it is practically impossible to have a complete overview of what is happening in the network or whether everything in the network works as it should. Eventually, network problems will arise.

The Flowmon Roadmap for 2021

Your feedback, current trends, and a good chunk of innovation are what shapes the current and future face of our solution. Read on to find out what is coming in 2021.

Flowmon Detects Windows DNS SIGRed Exploitation

The vulnerability called SIGRed (CVE-2020-1350) has been around for 17 years, during which time it was present in Windows Server operating systems from version 2003 through 2019 and received a maximum severity rating of 10. It was finally patched in July 2020.

5 Network Security Trends to Watch in 2021

It is not only the COVID-19 pandemic and the associated rise of remote work that is shaping the everyday routine of network security practitioners. Let's take a look at 5 major trends in network security.

How to Block an External Attack with FortiGate and Flowmon ADS

It’s a question we hear often - how to use Flowmon to block an attack? Flowmon is not an inline appliance to stand in the path of inbound traffic, so we partner with 3rd party vendors who supply equipment like firewalls or unified security gateways.

Flowmon 11.1 – A time-saver

High-level information and speedy configuration for the busy network administrator.

How Flowmon Helps to Detect SUNBURST Trojan Attack in Your Network

Flowmon Anomaly Detection System from Kemp now contains Indicators of Compromise (IoC) for the SUNBURST trojan specifically. Users of the Flowmon network detection and response (NDR) tool can check if they are under attack and set up measures to detect SUNBURST.

Bridging Visibility Gaps in Hybrid Cloud Monitoring

When cloud adoption shifts from a new trend to daily reality, it causes headaches to everyone responsible for the performance, availability, and security of business services or apps. How do you monitor owned and rented infrastructure with all of their differences without creating visibility silos and ending-up with a bunch of disparate tools?

Flowmon and Kemp Together. Why it Makes Sense

For more than a decade we have been concentrating our best talents into two areas. Improving technology and making our products available globally. Now, the time has come to massively scale up our business and technological power.

Load Balancing and NetSecOps - What’s the Deal?

Kemp, known for its well-tuned and easy-to-use load balancer LoadMaster, has acquired Flowmon, extending its product portfolio and growing through acquisition. So you may ask, how does the technology fit?

Integration of PRTG and Flowmon

Get the most out of PRTG and Flowmon by bringing them under one GUI and allowing their complementary functionalities to work together.

Ensuring Availability and Security for Remote Workers

The year 2020 has seen various changes throughout the world but no change has seen more of an impact than the Corona-virus. During this epidemic, workers from all industries have moved from a traditional office-based role to WFH (Working From Home).

Improved FortiGate Integration

The new release of FortiOS 6.4 from 31 March 2020 brings a new and interesting feature of using webhooks for external API calls and enable automation stitches, which are easy to configure in FortiGate UI and allow you to run multiple actions.

Story of a Large Call Center

We hear many applications promise “new heights of success and prosperity for your company.” But what do you do when the application is slowing your business down?

Tracking the Performance of Online Meeting Tools

Tools for online collaboration, and online meetings in particular, have begun to replace face to face contact since the global COVID-19 emergency. A prerequisite for smooth and reliable video conferencing is sufficient bandwidth and low network latency. How does this matter when everybody is working from home and IT teams have no control over the environment of individual employees?

Tracking Devices and Users in Your Network

Is the DHCP pool wide enough? How many users are authenticated during the day? On how many devices one user is authenticated? In this article, we will demonstrate how you can check it easily with Flowmon’s improved Active Device functionality.

QoS and DSCP Monitoring with Flowmon

Quality of Service (QoS) and Differentiated Services Code Point (DSCP) are mechanisms to classify and prioritize critical services such as voice or video, ensure sufficient bandwidth for company applications and provide simple best-effort service to web browsing or data transfer.

2-factor Authentication to Flowmon

In this blog, we will guide you through the process of how to enable two-factor-authentication (2FA) via TACACS+ on the Flowmon system.

Flowmon Incident Response

This document is aimed at operators and analysts who use Flowmon to detect and analyse security events.

Boosting Enterprise IT to the Next Level

This is the story of a large-sized company (1000-5000 employees) that understood the importance of IT in the digital era and its business impact. The IT department needed a new impetus to reconsider tools and processes in place.

Journey from Reactive IT to Proactive Control

This is the story of a medium-sized company (250-1000 employees) on its transition from a reactive IT department that acted like a firefighter, to a modern team having full control and visibility in their digital environment.

The Upsurge of Home Office: Best Practices to Keep Your Network Secure and Running

Just like many companies in these trying times, we too have asked many of our employees to work from home to protect their health. As a consequence of this decision, our network traffic characteristics have changed dramatically. This change comes with a variety of associated operational and security challenges.

Validate Indicators of Compromise in Your Network

You may have recently come across indicators of compromise (IoC), such as malicious IP addresses, which you can use to validate whether you have been affected or not. For example, a national cyber security agency can approach you to validate specific IoCs in your environment and report back to them. Flowmon can help you with this. You can simply do a retrospective analysis and proactive real-time monitoring to detect the occurrence of such IoCs.

Emotet Malware: Email Spoofer Awakening

According to IBM X-Force, the Emotet malware has recently been spreading in Germany and Japan, targeting companies in the area more and more aggressively.

5 Reasons Why Hackers Will Have a Bumper Harvest

In the coming years we can expect an even larger and more sophisticated wave of theft, fraud, extortion and deactivation of the various services run by businesses and public organisations. Here are a few reasons cybercrime will flourish in the coming years.

Enhancing Network Visibility & Security in Google Cloud

As networks grow in complexity, a proactive approach, prevention and early detection of anomalies are the only way forward toward delivering reliable, secure, and scalable services to users and customers.

New Flowmon DDoS Defender - Straightforward Performance

The new Flowmon DDoS Defender 5.0 is faster, more precise and better-looking. It combines powerful and highly customizable attack detection with an intuitive user interface, turning DDoS protection into a smooth and satisfying experience.

Flowmon ADS 10.0 Facelift

The new facelift of Flowmon ADS is not just about looking better. It was purposely designed to facilitate faster analysis and easier fine-tuning while aiming for maximum user comfort.

Four Things to Consider as You Migrate Services to the Cloud

As businesses migrate services to the cloud, the network team loses control (and visibility) on how these critical productivity apps will impact their local network(s). Please see the following considerations ...

Cutting SaaS Troubleshooting Time with Network Performance Metrics

With the popularity of SaaS platforms on the rise, network performance metrics become an invaluable tool in the hands of network administrators, who cannot afford to waste time resolving issues that originate outside their network.

Flowmon Taking Advantage of Amazon VPC Traffic Mirroring

The whole IT industry has experienced a transition into cloud in past years. As a major player in Public Cloud, AWS is also one of the first considered option for Flowmon customers when designing their IT plans.

Flowmon and OpenVAS Integration

Rest API, provided by Flowmon, is a great tool to strengthen the security of organisations and enabling you to integrate FLOWMON with many existing security solutions.

Flowmon 10.2. Release News

The success of IT is measured by time and therefore this spring update comes with performance in mind, moving operations ever closer to real-time. Through our continuous research, we’ve identified the need for a variety of improvements that would help IT experts to achieve their performance metrics faster and easier.

ICS/SCADA Monitoring and Anomaly Detection

Operational Technology and Information Technology are merging. And spoken frankly, they do not understand each other. OT systems have lived for years totally isolated and now they should be connected to enterprise networks or the internet. The lack of security measures in this environment, where availability and integrity will return us back in time, means we will have to deal with the very same issues that experienced IT professionals solved 20 years ago.

Packets and Flow Data: best of breed combination for network forensics

IT experts usually distinguish between two types of systems for network monitoring: flow-based and packet-based. But facing today's challenges brought by bandwidth explosion, new platforms and hyper-connectivity they must change their relationship from simple coexistence to fruitful cooperation. And this is exactly what we have delivered to IT ops by introducing Flowmon 10 and Rolling Memory Buffer feature. Let’s see what benefits it brings for network forensics.

How to use Network Performance Metrics with Flowmon

Using basic network performance metrics, namely Round Trip Time (RTT) and Server Response Time (SRT), is an easy-to-go way how to deal with performance issues in your network. Let’s take a closer look at how every network administrator can use RTT and SRT metrics in Flowmon.

5 predictions for cyber security in 2019

Last year completely refuted doubts about the increasing cyber security risks. Hackers, obtained sensitive data on hundreds of German politicians, including Chancellor Merkel and accessed data relating to tens of millions of Facebook accounts. The year also confirmed that hacking has become a means for political activists and an effective tool for professional criminals who have discovered a lucrative opportunity on the internet. What conclusions can we draw from these events for 2019?

3 Network Performance Monitoring Metrics to Deal with Performance Degradation

In my 20+ years career, I’ve worked with two types of technologies. Those that took extensive marketing efforts to communicate their value and failed to deliver it, as well as technologies that proved themselves quickly during a single day. Network performance monitoring using flow data is the second case. In this post, I share my experience with NPM techniques, how to take them on in a real environment and what are the typical root causes of performance bottlenecks found in network traffic.

Creating custom logs from NetFlow

Did you know you can create logs with any flow information and export it to 3rd party systems like SIEM. Check this post to see how to do it and what we have prepared for you.

DDoS Protection tool without BGP Peering Analysis? Why not?

It is difficult to count how many times I have been involved in discussions about the role of BGP peering analysis in DDoS protection. Usually, people think of how these technologies are connected together, so I have decided to share my point of view in various scenarios.

Revised Flowmon interface: First step to customer-centric UX

Revised user interface as it comes with Flowmon 10.0 is one but important stop on our long term initiative that will end up with completely new concept of the Flowmon solution providing unified view across network, application and security dimensions. Let’s see what it brings.

Flowmon 10.01 - redefined Dashboard improved Reports and much more

As a part of our long term strategy to enhance User Experience, Flowmon 10.1 comes with reworked and fully responsive Dashboard. These improvements offer ultimate flexibility to tailor Flowmon to specific customer needs and help to maximise usability. Read about more new features in this article from our Product Manager, Rostislav Listvan.

Let’s talk PoC

Whenever you want to buy something new, you may entertain doubts about a product you have never tried out before. Although the product appears great on paper, often you want physical proof to persuade you that the product is well-suited to your needs.

Nail These 6 Encrypted Traffic Cases with Flowmon

There is no doubt SSL/TLS offers major benefits, such as confidentiality and integrity. However, it also creates challenges. For instance, visibility gaps and management overheads. Furthermore, malicious threats are evolving and adopting encryption to cover their tracks. In this article, we'll look at how Flowmon can help tackle some of these challenges.

What made us create Distributed Architecture

Developing hyper-scalable network analytics design, called Flowmon Distributed Architecture, was one of the biggest technology challenges we’ve faced to date. What were the drivers behind this resource demanding development project?

Flowmon Traffic Recorder 10.0 – Revolution Continues

New major release of Flowmon Traffic Recorder is now available. Whenever you need to go beyond flow visibility level, Traffic Recorder is here to help with scale from 1G up 100G networks. Version 10.0 comes with fully flexible capture criteria and in-memory rolling buffer for raw packets. Don’t miss a packet and don’t miss this blog post.

Flowmon 10.0 - Where the Revolution Begins

The new major Flowmon release is out. Take a sneak peek into the Flowmon 10.0 revised user interface and the concept of distributed architecture in this article from our CTO, Pavel Minarik.

Where do the Flows Come From?

Flow data is the basis of modern network monitoring, helping administrators to ensure the reliability and security of the given environment. But where does flow data come from? There are several options how to get flow data with each option having pros and cons. Let us go through them.

Flowmon brings visibility to Azure via VTAP

Flowmon introduces native Azure public cloud deployment. Just launch a virtual collector in Azure, start collecting flow data or take advantage or Microsoft Azure VTAP to mirror traffic into monitoring ports of collector.

Debunking 4 Myths about NetFlow data

Flow data (NetFlow/IPFIX, etc.) has been generally known about in the IT community for years, and is used, for example, in use cases such as billing, capacity planning and DDoS protection, primarily in the Telco segment. Enterprises, their IT managers and CIOs have only recently started exploring its tremendous potential. Yet, myths preventing faster adoption of flow technology are still being perpetuated in the networking community. Let's look at the 4 major ones.

Docker in Flowmon

Check this post to see how you can use recently added Docker to install custom packages and applications in Flowmon solution.

Prevent malware spreading with automatic client isolation using Flowmon ADS and Cisco ISE

Today, threats are not only limited to the internet. Organizations face guests and employees who connect their own equipment into the network or take company equipment home with them. A firewall with IPS capabilities, such as a next generation firewall, is a good first measure to protect against modern day threats, but they will only protect what goes in and out at the network perimeter.

Defending Networks With "Best of Both Worlds"

More and more organisations are struggling to keep up with the rapid IT developments and the increasing number of attacks. One thing is for sure, neither are going to get any less. That is why it is important to implement a strategy and solutions that are flexible scalable in order to continuously anticipate changes. In terms of security this can be done by combining the best of both worlds. Packet capture from the legacy world and self-learning flow monitoring from the digital transformation.

Helping you keep your web application users satisfied

There is an app for everything, or so the saying goes. Nowhere is this truer than in the world of business. Organizations increasingly rely on their applications performing to the maximum to guarantee the happiness and satisfaction of their end users. The sheer number of web applications is astounding.

Crypto-jacking, Crypto-mining and Crypto-currency security

Earlier this year, news was reported about Slovak Telecom secretly injecting a crypto-mining script into a website that users accessed. This was all done, apparently, without the consent of Slovak Telecom - a member of Deutsche Telekom – users. Specifically, the mobile TV Magio Go website was used, running a script that resulted in maximum processor overload due to Monero crypto-mining.

Define Profiles Automatically Using Script

Creating profiles can be time consuming, especially in large and changing network infrastructures. Today we will show you how you can save your time using script to create profiles automatically.

Business Benefits of Network Behavior Analysis

When we talk about the business value of a tool or a system that (at first point) may seem like a “nice to have” or “helpful but not absolutely necessary” technology or system, it is good idea to start this discussion by putting some things in perspective.

Monitor user behaviour to detect Insider Threats

The risk of Insider Threats has grown massively with attackers getting around the increasingly complex perimeter protection of Enterprise organisations. It is one of the most common ways customer data or industrial and trade secrets are leaked. This very complex topic includes countless types and techniques. Let us see how such behaviour could be detected at a network level.

What's new in Flowmon 9.01

Flowmon 9.01 has recently been released as a beta version for users to take a look at before its fully official release. The new version comes with a completely new flow forwarding engine, brings Flowmon closer to the cloud, introduces 1 minute profiles and much more.

Time for database accounts audit

With Flowmon solution you can easily automate the detection of users, applications or administrations accounts in MSSQL databases. New attacks have been spreading on internet since the end of 2017 and with the new year it is the right time for small check if you are not one of the victim.

Flowmon ADS integration with Elasticsearch

ElasticSearch gathers more and more enthusiasm on the IT market. Released versions of ElasticSearch put the project into the group of most important solutions in Open Source community. Growing number of leading market companies decide to learn more about the solution what becomes a real alternative for Big Vendors products.

Success story: Flowmon helps MSP to deal with DDoS attacks

Aspire, award-winning managed services company specialising in hosted services and data centre solutions started to become the victim of several large volumetric style DDoS attacks, aimed at both its network and the networks of its customers.

Detect Web Cryptocurrency Mining With Flowmon

Do the browsers that your business use support JavaScript? Well, it is truly hard to imagine that somebody exists on the Internet without this feature. Then computers in your network may be potentially affected by the newest “cryptojacking” threat and mine money for somebody you’ve never met.

Don't forget to include your network into your GDPR strategy

The General Data Protection Regulation (GDPR) will strengthen and unify data protection for individuals within the European Union (EU), whilst addressing the export of personal data outside the EU. This directive is very much about processes - some of which inherently need to be supported by technologies. There is no single tool or platform, and incorporating dozens of technologies isn’t the right way to go. Both financially and technically-wise.

Don’t Go Down The BadRabbit Hole

Yet another ransomware campaign called BadRabbit has recently started to spread. Not to worry though, Flowmon helps to detect the BadRabbit as well as other rising threats and allows you to react immediately.

Worrying About Your WiFi Security Due to KRACK Vulnerability?

Widely used WPA2 standard for WiFi Networks has been broken and it will take months to patch all affected appliances. It is a right time to consider how powerful your security is in order to deal with such a situation. Using Network Behavior Analysis immediately alerts on behavior deviations and reveals even zero-day threats.

Customer Success Story: When Automation Fails

Almost every vendor, Flowmon included, claims its NPMD solution delivers automation, machine learning, context analytics and other modern features. So, it is easy for admins to handle networks today, right? Well, it is not and feedback I get from Level 3+ engineers of 50 thousand people bank proves that sometimes automation is not enough.

Flowmon Studio #13 - What Stuart Smith has learned during 17 years of expertise in APM

Some of you may have seen our Flowmon Studio series. Over the years, we’ve become experts in network visibility and security. It appears that becoming experts in video shooting will take more than our current 12 episodes. Recording of an interview with APM expert with 17 years of experience and our latest member of the Flowmon UK team, Stuart Smith, went wrong. But such a small failure was never going to stop me from sharing Stuart’s priceless thoughts, at least the old way - in written form.

Native Support for DDoS mitigation with F5® DDoS Solutions

Flowmon Networks and F5 Networks have joint forces to protect Service Providers and their enterprises customers against DDoS attacks. The integration of Flowmon’s fast flow-based DDoS detection with F5 Networks’ out-of-band mitigation solution provides timely and effective protection for service providers and their customers.

Fast DDoS Detection and Mitigation in SDN Environment

DDoS attacks are still growing threat to all businesses dependent on the connectivity. There are several approaches to protect against DDoS attacks, where the most cost efficient one is the out-of-path strategy to detect and mitigate the attacks. But how it fits SDN environments?

Nowadays anyone can hold you to ransom on the internet

In the past years illegal activities have been moving more and more into the virtual world. Many types of cyber-attacks are now also able to be used in specific “business” activities.

Artificial Intelligence will be the decisive factor in the fight against cyber-threats

It has been almost 50 years since the world's first computer virus was seen. Over the years, it has evolved from the amusement of a handful of enthusiasts into an extensive business that is endangering companies every day around the world. Modern technologies enable these companies to face these threats. One of these is the artificial-intelligence for network analysis through which, the European company Flowmon Networks broke through to the world.

Detect ExPetr/Petya wiper

A new malware attack is spreading on the internet and causes big troubles to users and administrators. Find out how Flowmon helps with this recent threat.

DDoS Protection in SDN Based Networking

The efficient out-of-path DDoS detection and mitigation is not always available out of the box in virtual networking such as Contrail. Check this post to see how to generate NetFlow in Juniper Contrail Networking SDN environment and use Flowmon DDoS Defender for traffic rerouting and automated DDoS Mitigation.

New Generation of Flowmon Solution Arrives

The new generation of Flowmon solution has arrived. Besides improved solution performance, you can look forward to new and interesting features. Come and find out what is new.

Apply monitoring of AMT attack for your datacenters and users

The attack to Intel based hardware is still going on via Intel® Active Management Technology.   More than one month known critical vulnerability CVE-2017-5689 (CVSS score 9.8) is not patched fully yet by new BIOS versions and we are not fully focused on the risk as new threats like WannaCry or SambaCry are coming in last weeks.

Using Behavior Patterns to Detect Rising Threats

We witnessed an unprecedented global outbreak of WannaCry infection last week. Let’s examine how one can detect and minimize the impact of WannaCry as well as other rising threats with the new feature in Flowmon ADS module.

Flowmon Sales Training: The Making of

Some people educate themselves because they are personally interested in the topic. For some, education is compulsory while others are just looking for a better qualification. The best way we can share our experience from selling Flowmon with you is through training and workshops. A video session of a few hours should be better fun to watch though and with this idea in mind we decided to create a whole new type of experience for you. This is how we made it.

Reasons not to worry about GDPR and NIS

Brace Yourselves for the new European legislation on data and network security coming soon! Get ready to invest millions in technologies and hire dozens of new employees. The whole world as we know it will never be the same again.

Network visibility in the SCADA/ICS environment

Security in the SCADA/ICS environment is a much discussed topic today. In the past these systems were strictly separated. But their connection to common computer networks has opened new opportunities for attackers. How the network visibility combined with real-time anomaly detection helps to protect SCADA/ICS environments?

What is your network’s real performance?

If you are unaware of the actual figures, this post will give you the answer. Network Performance Monitoring enables you to avoid network infrastructure downtime, identify bottlenecks and troubleshoot performance issues. So let us take a close look at NPM metrics today.

What's new in Flowmon 8.03

Flowmon 8.03 is here with new interesting features such as NPM metrics visualization, broader L7 visibility, encrypted flow export and much more.

Writing a custom script for Flowmon

Previously, we got familiar with alerting in Flowmon. Today we will learn how to write a script which can be triggered by the alert.

Alerting in Flowmon Monitoring Center

Using alerts can significantly simplify your life. There is no need to sit in front of a monitor and search for operational problems in your network. In this blog post, we will go through the capabilities of automatic alerting in Flowmon Monitoring Center.

5 things that pay off when doing PoC projects

Every customer wants to be sure they are making the right decisions. PoC campaigns are a great way to achieve this and also how to distinguish between empty phrases and real benefits.

Pros and Cons of Agent-less Application Performance Monitoring

Network-based Application Performance Monitoring solution measures delays in network and application for all transactions of all users. If any problem occurs, it immediately reports and alerts the administrator and provides all necessary data to point out the cause of the performance issues. It is often compared to traditional APM solution, so let's see where the limits of such agent-less solution are?

Tuning the Network Behavior Analysis

Today, we are busting a myth about configurating and tuning of the NBA / UEBA solution to be time consuming project. Come and learn how you can tune Flowmon ADS in an hour.

Flowmon ADS integration with Splunk

In most organizations security issues are the responsibility of many teams. Each of them manage only a selected part of the infrastructure and the global view is missing. Learn how to get overview of the entire environmnet with Flowmon ADS integration with Splunk.

Enterprise network security 101: Make the most out of your investments in SIEM

With the rising number of devices and services in the network organizations face the problem where requirements of ensuring security and smooth operations goes far beyond human capabilities. SIEM would solve the problem you think. But this answer is just not good enough. Let’s see how we can do better.

Getting the Flows to Cloud Securely

Nobody wants to share his communication with the public. And customers of cloud services based on flow data analysis are no exception. They need to be sure that their traffic is not “overheared” when sending data to cloud provider through public network. With Flowmon this is not an issue anymore. Welcome to the flow data encryption.

Lessons learned: Developing Flowmon foreign operations

For six years I’ve been standing in the front line of Flowmon international business development. As an area manager I’ve launched operations on several markets across Europe. Usually with no brand awareness, no partners on the target market and with inexorable KPIs hanging over my head like the Sword of Damocles . In this article I’m sharing my experience and identifying six key must-haves when developing a new market.

How Flowmon can help you grow your career?

Three weeks ago I was giving a presentation to a customer and you wouldn’t believe what question I have received. “So how the deployment of Flowmon can help me and my colleague to grow in career?” Wow!

Frequent & Dangerous: Discover seven cyberattacks you will face sooner or later

“Cybercriminals to compromise company: business loses $56 million.” Do you find this headline familiar? Such front-page news and analysis of large-scale attacks hit us every day. In this article I don’t want to talk about them. I would rather explain the very common techniques that are often used and what lies behind the word ‘compromise’. Have you ever met Hitchcock’s electronic birds or sirens luring you into a trap?

Encrypted flow forwarding and other news in Flowmon 8.02

New version of our flag ship product has been released as a Flowmon 8.02. One of the most important feature is reliable and encrypted flow forwarding option. It also brings reinvented view on Active Devices as well as new active device related widgets for Flowmon Dashboard. In addition, Flowmon 8.02 supports IPFIX items with variable length and Cisco AVC HTTP values.

DNS Monitoring in Flowmon – part 2/2

Today we will have a look on how our advanced behavioral intelligence of Flowmon ADS can detect DNS service related security incidents and how it helped our customer find malware infected hosts in the network.

DNS Monitoring in Flowmon – part 1/2

DNS is one of the most essential network services - often poorly monitored - and any outages may lead to a major business impact. Let’s take a look how Flowmon is able to monitor DNS protocol and how you can benefit from it.

Just like David and Goliath. How DDoS Defender Succeded

I’m having a goose bumps as I’m holding a fresh case study of a Managed Service Provider from the Netherlands. It was not an easy task to fulfill their technical requirements and, what’s more, the competition was already deployed!

Feeding the Flowmon Solution, The Benefits of Aggregating Network TAPs

Network visibility and monitoring is critical to understanding how our network monitoring tools are performing. In today’s economy performance equates to dollars; having real-time visibility allows for quick troubleshooting and reduced mean time to resolution (MTTR).

Network-based Application Performance Monitoring

Are you interested in how your application behaves to your customers or employees from their point of view? What is their user experience? With network-based Application Performance Monitoring you can measure delays in network and application for all transactions of all users. Check this blog post to see how it works.

Flowmon Mobile Dashboard Into Your Pocket

Meet Flowmon Mobile Dashboard! Try out our new app for iOS and Android platforms. Installing and launching the app to a smartphone or tablet, you are connected to your Flowmon appliance instantly. You can easily browse widgets and swipe among your individual dashboard panels to see, what's happening in your network anytime. Follow just three steps to use the app.

Extended visibility and Flowmon Dashboard

In previous blog posts we described big news in Flowmon 8.0 – new architecture of Flowmon Collectors, DHCP. Today we will have a quick look at another new features in Flowmon 8.0.

Malware in a view of Network Behavior Analysis

More than 75% of companies is infected by malware and they don't know about that. This is not an overstated declaration, this is todays reality. Network Behavior Analysis technology helps to uncover threats in the infrastructure that may sooner or later take your money. Check out this blogpost to know how NBA deals with malware.

DDoS launched via IoT is reality. The importance of early detection grows

In February last year, one of the leading internet service providers in Slovakia suffered from the largest DDoS attack in the history of the country. The total volume of the attack exceeded 400 Gbps. Servers of its customers were down for tens of minutes… and not only the targeted ones. The attack wasn’t identified by automated tools and few hours passed from its start to successful resolution of the situation and restoration of the services.

Continuous packet capture or flow monitoring?

We in Flowmon Networks believe that merging flow and packet level visibility into one versatile solution is the technology that will help us to scale to future performance and capacity needs while preserving detailed information about network traffic.

DHCP Monitoring in Flowmon 8.0

New major version of our flagship product Flowmon was recently released. We are tirelessly following our vision to provide customers with a complete understanding of what is happening in their networks. In order to do that, we enrich flow data (information from network and transport layer) with information from application protocols (application layer). Let’s look at the new L7 protocols we have added to Flowmon 8 and dig little bit deeper into DHCP.

Intracloud DDoS detection and mitigation using SDN

DDoS attacks are today’s common threat. In most cases, the attackers flood customer’s network from the outside. But what if you are a cloud provider and the DDoS attack doesn’t come from the outside? What if both the attacker and target are inside the same cloud? Can you protect your customer then? Check this post created by Konstantin Agouros, Solution Architect Security Technologies at Xantaro and see, how Flowmon DDoS Defender and OpenDayLight protect against DDoS attack in cloud environment.

New Architecture of Data Storage in Flowmon 8.0

We've just proudly released new major version of our flagship product – Flowmon 8.0. The new version comes with a significant change of architecture of flow data storage. Moreover, Flowmon 8.0 extends visibility in L3, L4, L7 and improves central dashboard, reporting capabilities and brings other handy features. New architecture of flow data storage dramatically increases number of flow sources per one collector appliance, enables new features and consequently brings new concept of profiles.

Flowmon ADS & Cisco APIC-EM Integration

In the end of year 2015 we announced new collaboration with Cisco. By integrating Flowmon Anomaly Detection System (ADS) with Cisco’s Application Policy Infrastructure Controller Enterprise Module (APIC-EM), the companies will provide administrators with agility when provisioning quality of service and executing security policies across the entire network. Check out how Flowmon ADS and Cisco APIC-EM overcome cyber threats and secure network infrastructure.

External Storage Backup & Restore of Flowmon Profiles

A profile in context of Flowmon is a specific view on flow data stored in Flowmon Collector. It is defined by name, type, combination of profile filters and for a continuous type of the profile also size of allocated quota. Exceeding the quota causes an expiration of the oldest data, which is overwritten. A new feature allows to backup the profiles to defined external storage and restore them vice-versa whenever needed.

Dynamic Baselining and Adaptive Threshold in DDoS Defender

Dynamic baselining allows to respond to increasing volumes of traffic based on adaptive thresholds and defined rules. Flowmon Networks has introduced DDoS Defender for DoS/DDoS detection and subsequent mitigation in May 2015. Since version 2.0 released on October 2015, Flowmon DDoS Defender monitors traffic volume characteristics based on adaptive thresholds.

Internet Service Providers to Deliver Security as a Service with Flowmon

Some of significant present cyber threats are the attacks targeting government or finance institutions to cut them off the Internet, penetrations into protected systems or malware earning money for its creators. Most of these attacks come from computers of unsuspecting users that are under control of attackers and are part of botnet. What if an ISP protects end customers and connectivity provider protects ISP against cyber threats including DoS/DDoS?

VoIP traffic monitoring use-case

Are your VoIP bills too damn high? Are you paying more than you should? Maybe you don’t even know it! You might have a similar problem as our customer had. Let’s see what the problem was and how Flowmon solved it in following use-case.

How SEGA Switched to the Next Level of Network Monitoring

Cooperation with innovative businesses that have become iconic in their fields is always challenging to us. Especially when such a firm comes from Japan, famous for its quality requirements. These factors came together in our project for SEGA, a legendary interactive entertainment company.

Measuring TCP Retransmissions in Flowmon

Network Performance Monitoring was extended with monitoring of TCP retransmissions and out of order packets. Using these metrics we are able to identify data transfer issues. This article explains TCP retransmissions and shows how to easily measure them and how it helps network administrators to identify network issues and troubleshoot the network.

Extended Active Devices

How often you need to know, who is sitting behind devices in your network, who communicated in certain time frame or a month ago? Flowmon solution provides reliable user identification based authentication logs combined with flow data. The ability to monitor active devices in your network brings new benefits like user identification and host OS identification.

Flowmon-GÉANT Story: Monitoring Network with 50 Million Users

Big things in life have quite beginnings sometimes. More than ten years ago, a small group of Czech scientists worked for the pan-European association GÉANT. They had no idea that this project would change their lives forever and give a rise to the Flowmon solution which would one day monitor and secure pan-European network which is used by 50 million users.

Flowmon Monitoring Center vs. Flowmon ADS

Why would you need Network Behavior Analysis once you have deployed flow collector and traffic reporting? Well, there are scenarios where automatic anomaly detection goes far beyond capabilities of flow collectors. Are you using Flowmon Monitoring Center and still don’t have Flowmon ADS? Find out in 7 minutes how you can extend your Flowmon deployment with Network Behavior Analysis module.

User identity as part of flow data

How often you need to know who is sitting behind that IP address right now or who was logged there one month ago? Flow monitoring will give you information about IP, MAC address or DNS name but getting the user identity is usually time consuming task of analyzing the auditing logs of Active Directory or network access control system.

Never miss an update, subscribe to our newsletter

Get the latest curated insights from Kemp experts straight to your inbox.

Loading animation