Flowmon

The Kemp Flowmon Roadmap for 2021 – Updated

07/05/21

Your feedback, current trends, and a good chunk of innovation are what shapes the current and future face of our solution. Read on to find out what is coming in 2021.

Updated on 6 August 2021

Network Operations

Complete visibility in hybrid environments

Existing support of cloud-native data sources from AWS will be expanded by flow logs from Microsoft Azure and Google Cloud in the upcoming release of Kemp Flowmon 12 later this year. This will enable the Kemp Flowmon Collector to gather data from all major public cloud infrastructures, reaffirming its position as the #1 go-to solution for hybrid infrastructure monitoring.

If your cloud or hybrid deployment resides in AWS, you will welcome the ability to process a broader spectrum of metadata thanks to the addition of TCP flags in AWS flow logs that provide better data granularity and enable more reliable insights and anomaly detection.

Easier drilldown

Thanks to your feedback, the new dashboard will be more interactive with contextual actions available straight from the top view. Reporting within the Flowmon product suite will be redesigned so that the reports are easier to read and understand.

The UI will also receive several performance tweaks to make it crisper and more responsive.

Outstanding performance and flexibility

As part of the solution’s futureproofing, we are reinventing the whole flow processing backend to be unveiled as part of Kemp Flowmon 13 in 2022. This is the most radical architectural change in the product’s existence bringing 2-7x more performance in flow data processing and analysis (depending on query type) compared to previous versions on the same hardware.

In addition, it will feature improved flexibility thanks to the support of new L7 fields or IPFIX extensions from third party flow sources.

Avoid future performance issues

Flowmon 13 wil also bring predictive insight thanks to the introduction of time series analysis. This feature will give you an informed warning of potential issues weeks before they may occur if the current trend continues, giving you plenty of time to avert any coming problems and shifting your response ability from reactive to truly proactive.

This feature is particularly well suited for use cases like bandwidth monitoring and interpreting performance metrics (round-trip time, server-response time, retransmissions) over the long-term.

Flowmon topology visualization

Figure 1 – Indicative topology visualization of application delivery (visuals may differ upon release)

Service providers, or anyone who has to deploy multiple Flowmon appliances, will welcome the option to perform configuration via code. This is a handy way to automate the deployment of a large number of appliances without any manual labor.

Intuitive asset monitoring

As a teaser for the long-term, Kemp Flowmon 14 will introduce a total change of workflow by implementing network monitoring in terms of assets – subnets, networks, applications – painting a much more intuitive picture of the monitored environment.

In addition, the user interface will allow for relevant detail to be more accessible from the top-level view and more robust filtering options will help separate the information from the noise.

Reimagined FMC UI

Figure 2 – Reimagined UI of Kemp Flowmon 14 (visuals may differ upon release)

The solution’s built-in expertise will be expanded by flow quality analysis to enable the recognition of common problems in incoming flow data, thus helping to avoid the loss of fidelity due to misconfiguration or mismatch between the proprietary data formats from different vendors. This functionality enables the automatic recognition of issues in primary flow data that may affect accuracy.

Get more detail out of packets

Last year we transformed the Traffic Recorder by endowing it with built-in expertise and allowed it to perform automated root-cause analysis of captured packet data.

This year, we have improved upon what is now the Packet Investigator by adding new protocols in the 11.1 release and thus allowing it to cover a broader spectrum of scenarios, including certain industrial IoT cases.

FPI analysis results

Figure 3 – Full analysis tree

It also features a more streamlined presentation of analysis results designed to reduce noise and bring your attention to important findings.

FPI new UI

Figure 4 – The Packet investigator’s new UI

Security Operations

Instant situational awareness

Being alerted to a security event is one thing but understanding what it means in the broader scope of the company assets is another. Kemp Flowmon ADS 11.3 will make your situational assessment much easier thanks to the MITRE ATT&CK matrix introduced in spring 2021.

Flowmon MITRE ATT&CK dashboard

Figure 5 – MITRE ATT&CK dashboard

The MITRE ATT&CK is a framework that describes adversary activities from the initial steps through to impact. The ADS user interface leverages the framework to visualize the situation, allowing you to get an immediate picture and understand the scope of the breach, its severity, and anticipate its possible escalation.

In the spirit of this, the solution has expanded to mapping detected events to MITRE ATT&CK categories and aggregates them by adversary tactics and presents them in the framework’s terminology.

Improved false positive rule processing

Soon after this release comes ADS 11.4 with improvements to the processing of false positive rules, bringing a reworked mechanism to provide the most accurate information in the event detail in cases where the rule has removed one or more targets.

Additionally, you will be able to receive in-app guidance thanks to Pendo integration, which will also help us paint a picture of our users’ usage habits to tailor future features.

Cover more security scenarios

Arriving later this year is ADS 12 with an expanded arsenal of detection methods. Besides refining the existing ones, it will bring several new methods, such as techniques for exposing malware-generating domains using machine learning. The system will also extend its capability by the MODBUS, IEC104 protocols, enabling threat hunting and anomaly detection in ICS/SCADA environments.

Simple NDR capability provisioning

MSPs and large enterprises will welcome the support for the concept of multi-tenancy introduced in Flowmon 11 and validated by the industry. Multi-tenancy in ADS 12 will follow the concept of Flowmon and simplify the provisioning of NDR capabilities for MSP customers to consume.

Lastly, the system will receive a number of tuning enhancements to simplify the configuration of detection methods. For example, input flow filters will allow easier false-positive tuning by whitelisting certain occurrences, such as a high number of DNS queries generated by Office 365 which would otherwise be detected as an anomaly.

Bright future ahead

Last year brought many changes to our product and the company and this year will be no different. We are delighted you are with us, so together we may share the joy of exploring new horizons.