“The goals of network operations are increasingly aligned with security operations, which share the objective of guaranteeing a well-performing and secure network.” - Market Guide for NPMD (gartner.com).
Customer expectations, company positioning, combined decades of experience, and analyst predictions are the four factors that determine Flowmon’s direction for the future. Read on to find out what a NetSecOps leader has in store for 2020.
Network Monitoring
In a customer-driven market, user experience and time-to-value are two top priorities. This is why Flowmon dedicates a substantial amount of development time to deliver superior user ergonomy.
This long-term effort bore the fruit of configuration templates last year, which are presets for the user to choose from and set up the entire solution (dashboards, widgets, reports, and more) in a matter of a few clicks. The spring release adds rich predefined dashboards tailored to customers’ most common needs, e.g. NetOps, SecOps, Application, and others. Setting up a dashboard only takes one click of the mouse.
Further advancements in out-of-the-box configurability are coming in the summer in the form of predefined alerts where we are pooling our expert knowledge to create alerts for you. They are an expansion to configuration templates and make configuration faster than ever before.
Consolidated reporting
In the spirit of high information value, 2020 brings a completely reworked reporting system, where the reporting capabilities of all of Flowmon’s parts are brought together to present data centrally and holistically. Users can intuitively customize their reports and schedule them in a calendar-like system.
New high-level widgets are also coming this year for an at-a-glance status overview of network health, security, and application performance, followed soon after by topology visualization widgets to set the solution off towards full-fledged asset view.
Tenant management for MSPs
MSPs want to focus on providing consistent service to their customers. We cater to their ability to do that with improvements to tenant management with new access rights that allow creating separate data spaces on a single shared appliance. Tenant and user management is made more intuitive by the introduction of vertical hierarchy and broadens the portfolio of many other multitenancy features such as white-labeling or full separation of monitored data.
Enhanced application visibility
Users can also look forward to extended L7 visibility into virtual networks and application performance monitoring via RADIUS authentication from Gigamon appliances.
Coming in the summer, the solution’s monitoring prowess and ability to deliver end-to-end visibility in the public cloud will be further enhanced by packet deduplication on Flowmon Probes. Probes will also receive a built-in IDS detection capability to complement Flowmon’s signatureless behavior analysis and other AI-based detection perspectives.
Flowmon Packet Investigator
We are thrilled to introduce a new asset to Flowmon’s offering. Flowmon Packet Investigator is a successor and replacement of the Traffic Recorder that retains all of its functionalities and adds automated packet analysis on top.
It processes pcap files (either recorded or imported) and performs automated decision-tree analysis with communications using the most common protocols. It filters results for the quick tracking of problematic communications and provides suggestions for remedial actions.
Security
Modern threats are slippery and cunning and will not stand still to be detected. To speed up interception, Flowmon introduces stream data processing to detect anomalies in real-time.
Detected events are updated as new data is coming in, which has a two-fold benefit - fewer events are displayed, which means less clutter, and incidents do not become spread over several events, making them easier to analyze and interpret. To further facilitate that, the solution will provide an explanation with every detected event to give you better situational awareness.
Expanding Threat Intelligence
There is strength in diversity. Flowmon’s response is incorporating MISP and STIX/TAXII intelligence feeds as well as offering the option to import custom feeds in any CSV-like format in the autumn release of Flowmon ADS 11.1. It will support dynamic blacklist categories as well as detection via JA3 fingerprinting to tackle threats in encrypted traffic.
The categorization of detection methods based on attacker tactics and techniques described in MITRE ATT&CK is also being introduced to keep you informed about what kind of threat you are dealing with.
DDoS protection
Volumetric DDoS attacks remain a prevalent danger to ISPs today and, given the increased complexity of modern networks, protection against them asks for precision above all.
The DDoS Defender comes with enhancements that improve exactly that; namely the ability to include overlapping networks in the definitions of protected segments for better distinction between attacks depending on which network they are targeting, as well as the option to white-label certain attacks to reduce the number of false positives.
The configuration of flow sources is more granular (interfaces and directions) to enable detecting attacks only where it is really needed.
Reinvented workflow
The goal and vision driving our efforts throughout this year is remodeled user experience with a new analytical workflow to be introduced at the beginning of 2021 by Flowmon 12.
Another revolutionary improvement is going to be the adoption of asset-based management, i.e., the transition from views by profiles or channels to networks, subnets, applications, etc. The solution will support new visualizations and provide context to performance and security incidents including severity and the threat they pose to the business.
Expanding to new horizons
The year 2020 is a time of many changes for Flowmon - changes for the better. Are you as excited about the future as we are?