Our development teams continue to improve Progress Flowmon. The latest update takes the core Flowmon product to version 12.2, while our industry-leading Anomaly Detection System (ADS) gets incremented to ADS 12.1.
The threat landscape that organizations faced in 2022 and continue to face in 2023 is large, complex, and continuously changing. Defense requires a multi-layered approach that delivers monitoring, detection, and response at many points within on-premise and cloud-based infrastructure and systems. A Network Detection and Response (NDR) solution is critical to a modern cybersecurity defense strategy.
When we talk about the business value of a tool or a system that at first glance may seem like a “nice to have” or a “helpful but not absolutely necessary” technology, it is a good idea to start any discussion on the merits of the tool by putting some things into perspective.
Back in 2021 we have introduced the integration between MISP, a community threat intelligence sharing platform and Flowmon ADS. The integration turns indicators of compromise shared through MISP to actionable intelligence. Flowmon ADS will automatically pick up on latest indicators of compromise using MISP API and leverage those indicators of compromise to detect adversary activities in the target network. The integration is available in Flowmon ADS 11.2 and newer versions. This way anyone can use community threat intelligence to report on malicious activities in the company environment.
Old network salts likely know all about network flows and the value of network flow monitoring. As former News Editor for Network World and Editor in Chief of Network Computing, network flows are part of my old stomping grounds. In fact, I remember when Cisco invented NetFlow in the late 1990’s to collect traffic data from its routers and switches so it could be analyzed by network pros.
Microsoft has long been a top, perhaps the top, cybercriminal target. Not only is its software ubiquitous, but many hackers just plain don't like the company. And perhaps most important, attacks on Microsoft give hackers one thing they seek most – publicity.
The network is the heart and soul of your IT infrastructure, and its performance defines the user experience. Key to ensuring this performance is spotting security issues that disrupt its workings. This blog discusses two interrelated approaches: network behavior analysis (NBA) and anomaly detection. In fact, NBA is encompassed within a good anomaly detection system (ADS).
A ransomware attack is one of the effective strategies cybercriminals use to encrypt users’ data and prevent them from accessing it until a ransom amount is paid. While the rate of ransomware attacks is less than other malware types, including viruses and trojans, it can have severe consequences on businesses and individuals alike. Ransomware attacks have been on the rise since 2018, reaching their highest at 68.5% in 2021.
IT folks toss the word “network” around, but all the routers, switches, WANs, and end points in the world are nothing without applications.
Hands up if you have dealt with an issue like the following. It seems to be an ordinary day, and applications and networks are running normally. During the morning, reports start to come in from users saying that applications have longer than usual response times. Oh no! It's the start of a dreaded "it's running slowly!" problem that lives in the nightmares of system admins everywhere.
Ransomware is the gift that keeps on giving. Old as it is (33 years) ransomware is constantly morphing into new exploits. The reason is simple. Ransomware works and too often cybercriminals walk away with bags of money (or piles of Bitcoin, anyway).
Regardless of where you work in IT you’ll be familiar with the problem of alert fatigue and dealing with the endless streams of telemetry, alerts and notifications. While it’s often the background to daily tasks this is never more visible than when dealing with a time sensitive incident such as a critical outage or a security breach. In this post we’re going to look at how Flowmon Anomaly Detection System (ADS) can help you quickly and accurately identify essential details of a security breach that cuts through the noise and allows you to respond to the incident and mitigate the root cause with confidence.
Network Detection & Response (NDR) is a key element that provides an additional level of security across the company wide network through detection of threats that bypass traditional security measures and materialize in the company’s digital environment. Progress Flowmon ADS (Anomaly Detection System) is a typical representative of an NDR system that combines various detection techniques to ensure that malicious activity is recognized and flagged as a security incident.
In the previous “Flowmon and WhatsUp Gold: Discover application experience issues through single pane of glass” blog post we have demonstrated how IT Infrastructure Monitoring (WhatsUp Gold) and Network Performance Monitoring & Diagnostics (Flowmon) work seamlessly together to report on application performance, user experience and infrastructure status. The goal is to support IT professionals with valuable insight into performance degradation issues enabling quick recovery and restoration of requested service levels.
We released Flowmon 12 at the end of February. The new and updated functionality in the latest version has been well received by existing users, and has prompted many new organizations to consider the product. The headline changes in Flowmon 12 are in the blog post Progress Flowmon 12 – Ultimate Enabler of Your Multi-cloud Strategy.
Have you ever experienced user complaints and struggled to find the root cause of the performance degradation? I'm sure every IT operations professional has. Is it the application? Is it the underlying infrastructure? Is it the network? What if you have a single pane of glass that will gather all the relevant metrics and telemetry and display it in an intuitive and easy to understand fashion?
This blog post discusses some of the best practices for balancing the costs of cloud traffic monitoring while maintaining a reasonable level of visibility. Progress Flowmon 12 has introduced the processing of native flow logs from Google Cloud and Microsoft Azure, plus it has enhanced support for Amazon Web Services (AWS) flow logs. This opens up interesting options for reducing the costs of your cloud traffic monitoring by leveraging flow logs in parts of your cloud infrastructure where a reduction in visibility is not an issue.
Modern enterprise and SME networks are complex constructions. They comprise on-premises network equipment and servers, multiple public cloud infrastructure components, operational technology links to monitor physical items, edge networks, and large numbers of endpoint devices that connect from various locations over many different networks.
Flowmon 12 Pushes the Boundaries of Cloud Monitoring. Bring your cloud monitoring strategy to the next level with new support for native flow logs from Google Cloud & Microsoft Azure + enhanced support of AWS (Amazon Web Services).
Ensuring that networks and the applications they enable are performing as well as they should is a full-time and challenging task for system administrators. We've all encountered scenarios in which end-users complain that an application is slow. Then the network team says it's not their problem, and the development team (or third-party application vendor) also says it's not their problem either.
About 3 months ago, I spoke to one of our customers, an employee of an unnamed government entity, about Kemp Flowmon Packet Investigator (FPI). After giving him a short demonstration, he told me a story that happened to him just a couple of days earlier.
Learn four methods to keep an eye on the status and operational condition of the Flowmon system.
Network monitoring tools gather and analyze network data to provide network administrators with information related to the status of network appliances, link saturation, the most active devices, the structure of network traffic or the sources of network problems and traffic anomalies.
The new release of Flowmon ADS 11.4 brings you the most frequently requested features.
We have recently published a script for the integration of the Anomaly Detection System (ADS) with a Check Point firewall. This ensures automated threat detection and response where attackers are blocked from accessing the network resources and causing even further harm.
As company infrastructures now sprawl across several different environments, additional tools need to be added to the portfolio. But adhering to the traditional approach of focusing on individual devices, their health, performance, and availability, only aggravates its downsides; i.e. visibility blind spots, tool disparity, and therewith connected “swivel-chair” management. The problem calls for increased network traffic visibility that does not come at the cost of extra work.
In one of the previous blog posts from the load balancing education series, we discussed the Edge Security Pack functionality to provide an additional layer of security in front of an application workload to ensure that only properly authenticated users can interact with the application.
Global Site Load Balancing (GSLB) is an important part of your application infrastructure, but many people don’t understand its benefits. In this post we’ll explain how GSLB works and how LoadMaster GEO can bring big benefits in availability and performance at a fraction of the cost of alternatives.
In the previous blog post, we discussed load balancing essentials and methods of traffic distribution among the real servers. When you publish an application with Kemp LoadMaster you can add lots of extra capabilities on top of the basic load balancing.
Network anomalies vary in nature. While some of them are easy to understand at first sight, there are anomalies that require investigation before a resolution can be made. The MITRE ATT&CK framework introduced in Flowmon ADS 11.3 streamlines the analysis process and gives security analyst additional insight by leveraging knowledge of adversaries' techniques explaining network anomalies via the ATT&CK framework point of view.
In this post we’ll review some of the essential ideas in Load Balancing to help you understand how to get the best configuration for your application.
The Flowmon Packet Investigator 11.1 is easier to use and covers a broader scope of root-cause analysis scenarios.
The new Flowmon ADS 11.3 enhances your contextual understanding with built-in knowledge of adversary tactics and techniques described in the MITRE ATT&CK framework.
Today’s networks have evolved a long way since their early days and have become rather complicated systems that comprise numerous different network devices, protocols, and applications. Consequently, it is practically impossible to have a complete overview of what is happening in the network or whether everything in the network works as it should. Eventually, network problems will arise.
Your feedback, current trends, and a good chunk of innovation are what shapes the current and future face of our solution. Read on to find out what is coming in 2021.
The vulnerability called SIGRed (CVE-2020-1350) has been around for 17 years, during which time it was present in Windows Server operating systems from version 2003 through 2019 and received a maximum severity rating of 10. It was finally patched in July 2020.
It is not only the COVID-19 pandemic and the associated rise of remote work that is shaping the everyday routine of network security practitioners. Let's take a look at 5 major trends in network security.
It’s a question we hear often - how to use Flowmon to block an attack? Flowmon is not an inline appliance to stand in the path of inbound traffic, so we partner with 3rd party vendors who supply equipment like firewalls or unified security gateways.
Improve your security posture with community Indicators of Compromise and use reputation data to detect threats in encrypted traffic.
High-level information and speedy configuration for the busy network administrator.
Flowmon Anomaly Detection System from Kemp now contains Indicators of Compromise (IoC) for the SUNBURST trojan specifically. Users of the Flowmon network detection and response (NDR) tool can check if they are under attack and set up measures to detect SUNBURST.
When cloud adoption shifts from a new trend to daily reality, it causes headaches to everyone responsible for the performance, availability, and security of business services or apps. How do you monitor owned and rented infrastructure with all of their differences without creating visibility silos and ending-up with a bunch of disparate tools?
For more than a decade we have been concentrating our best talents into two areas. Improving technology and making our products available globally. Now, the time has come to massively scale up our business and technological power.
Kemp, known for its well-tuned and easy-to-use load balancer LoadMaster, has acquired Flowmon, extending its product portfolio and growing through acquisition. So you may ask, how does the technology fit?
Insight and ergonomy for the smart security analyst.
Find out what applies to you.
Get the most out of PRTG and Flowmon by bringing them under one GUI and allowing their complementary functionalities to work together.
The year 2020 has seen various changes throughout the world but no change has seen more of an impact than the Corona-virus. During this epidemic, workers from all industries have moved from a traditional office-based role to WFH (Working From Home).
The new release of FortiOS 6.4 from 31 March 2020 brings a new and interesting feature of using webhooks for external API calls and enable automation stitches, which are easy to configure in FortiGate UI and allow you to run multiple actions.
How to deploy Flowmon for multiple users easily.
Flowmon Monitoring Center features presets to save labor and help users understand their monitoring needs.
Flowmon has recently joined Fortinet’s Open Fabric Ecosystem by integrating with FortiGate and FortiSIEM. This cooperation brings automated system for threat detection and response, blocking security risks in their infancy, and giving time to administrators to carry out forensics.
Endpoint protection has been a staple since the dawn of cybersecurity, but how many endpoints are really protected? The expansion of digital environments is pushing SOC analysts towards a change of ideology.
We hear many applications promise “new heights of success and prosperity for your company.” But what do you do when the application is slowing your business down?
We have recently introduced the Flowmon Packet Investigator (FPI) as a successor to the Flowmon Traffic Recorder. This blog article explains the drive behind the change.
To prevail over contemporary threats you need immediate response and a high-performance detection tool - you need Flowmon ADS 11.0.
Tools for online collaboration, and online meetings in particular, have begun to replace face to face contact since the global COVID-19 emergency. A prerequisite for smooth and reliable video conferencing is sufficient bandwidth and low network latency. How does this matter when everybody is working from home and IT teams have no control over the environment of individual employees?
Is the DHCP pool wide enough? How many users are authenticated during the day? On how many devices one user is authenticated? In this article, we will demonstrate how you can check it easily with Flowmon’s improved Active Device functionality.
Quality of Service (QoS) and Differentiated Services Code Point (DSCP) are mechanisms to classify and prioritize critical services such as voice or video, ensure sufficient bandwidth for company applications and provide simple best-effort service to web browsing or data transfer.
Developments in DDoS Defender 5.2 are in the spirit of performance and user experience.
Packet capture and analysis in one - for those occasions when extra detail is needed.
Fast deployment and user ergonomy. Flowmon understands that time is valuable and that’s why it’s designed to save yours.
In this blog, we will guide you through the process of how to enable two-factor-authentication (2FA) via TACACS+ on the Flowmon system.
This year brings challenges to tackle and horizons to explore. Find out what Flowmon has in store for 2020.
This document is aimed at operators and analysts who use Flowmon to detect and analyse security events.
96% of IT professionals claim confidence to repel encrypted traffic threats. Still, only one third of businesses cover all attack vectors of this steadily growing nefarious activity.
This is the story of a large-sized company (1000-5000 employees) that understood the importance of IT in the digital era and its business impact. The IT department needed a new impetus to reconsider tools and processes in place.
This is the story of a medium-sized company (250-1000 employees) on its transition from a reactive IT department that acted like a firefighter, to a modern team having full control and visibility in their digital environment.
Just like many companies in these trying times, we too have asked many of our employees to work from home to protect their health. As a consequence of this decision, our network traffic characteristics have changed dramatically. This change comes with a variety of associated operational and security challenges.
You may have recently come across indicators of compromise (IoC), such as malicious IP addresses, which you can use to validate whether you have been affected or not. For example, a national cyber security agency can approach you to validate specific IoCs in your environment and report back to them. Flowmon can help you with this. You can simply do a retrospective analysis and proactive real-time monitoring to detect the occurrence of such IoCs.
Having or not having an encrypted traffic analysis feature in your network monitoring system makes a huge difference.
According to IBM X-Force, the Emotet malware has recently been spreading in Germany and Japan, targeting companies in the area more and more aggressively.
In the coming years we can expect an even larger and more sophisticated wave of theft, fraud, extortion and deactivation of the various services run by businesses and public organisations. Here are a few reasons cybercrime will flourish in the coming years.
As networks grow in complexity, a proactive approach, prevention and early detection of anomalies are the only way forward toward delivering reliable, secure, and scalable services to users and customers.
The new Flowmon DDoS Defender 5.0 is faster, more precise and better-looking. It combines powerful and highly customizable attack detection with an intuitive user interface, turning DDoS protection into a smooth and satisfying experience.
To monitor Flowmon system resources, we can use common monitoring tools based on SNMP.
The new facelift of Flowmon ADS is not just about looking better. It was purposely designed to facilitate faster analysis and easier fine-tuning while aiming for maximum user comfort.
The stable version of Flowmon DDoS Defender 4.5 is out and boasts a powerful new feature - mitigation tiering.
As businesses migrate services to the cloud, the network team loses control (and visibility) on how these critical productivity apps will impact their local network(s). Please see the following considerations ...
User experience is the driving force behind Flowmon 10.3.
With the popularity of SaaS platforms on the rise, network performance metrics become an invaluable tool in the hands of network administrators, who cannot afford to waste time resolving issues that originate outside their network.
This blog post explains how to nicely enhance logs received from Flowmon ADS in virtually any SEM/SIEM.
The whole IT industry has experienced a transition into cloud in past years. As a major player in Public Cloud, AWS is also one of the first considered option for Flowmon customers when designing their IT plans.
Rest API, provided by Flowmon, is a great tool to strengthen the security of organisations and enabling you to integrate FLOWMON with many existing security solutions.
The success of IT is measured by time and therefore this spring update comes with performance in mind, moving operations ever closer to real-time. Through our continuous research, we’ve identified the need for a variety of improvements that would help IT experts to achieve their performance metrics faster and easier.
Operational Technology and Information Technology are merging. And spoken frankly, they do not understand each other. OT systems have lived for years totally isolated and now they should be connected to enterprise networks or the internet. The lack of security measures in this environment, where availability and integrity will return us back in time, means we will have to deal with the very same issues that experienced IT professionals solved 20 years ago.
Full internet encryption is on the horizon and with it the risk that hackers will gain access to your computer network.
IT experts usually distinguish between two types of systems for network monitoring: flow-based and packet-based. But facing today's challenges brought by bandwidth explosion, new platforms and hyper-connectivity they must change their relationship from simple coexistence to fruitful cooperation. And this is exactly what we have delivered to IT ops by introducing Flowmon 10 and Rolling Memory Buffer feature. Let’s see what benefits it brings for network forensics.
Using basic network performance metrics, namely Round Trip Time (RTT) and Server Response Time (SRT), is an easy-to-go way how to deal with performance issues in your network. Let’s take a closer look at how every network administrator can use RTT and SRT metrics in Flowmon.
Last year completely refuted doubts about the increasing cyber security risks. Hackers, obtained sensitive data on hundreds of German politicians, including Chancellor Merkel and accessed data relating to tens of millions of Facebook accounts. The year also confirmed that hacking has become a means for political activists and an effective tool for professional criminals who have discovered a lucrative opportunity on the internet. What conclusions can we draw from these events for 2019?
In my 20+ years career, I’ve worked with two types of technologies. Those that took extensive marketing efforts to communicate their value and failed to deliver it, as well as technologies that proved themselves quickly during a single day. Network performance monitoring using flow data is the second case. In this post, I share my experience with NPM techniques, how to take them on in a real environment and what are the typical root causes of performance bottlenecks found in network traffic.
Did you know you can create logs with any flow information and export it to 3rd party systems like SIEM. Check this post to see how to do it and what we have prepared for you.
It is difficult to count how many times I have been involved in discussions about the role of BGP peering analysis in DDoS protection. Usually, people think of how these technologies are connected together, so I have decided to share my point of view in various scenarios.
Revised user interface as it comes with Flowmon 10.0 is one but important stop on our long term initiative that will end up with completely new concept of the Flowmon solution providing unified view across network, application and security dimensions. Let’s see what it brings.
As a part of our long term strategy to enhance User Experience, Flowmon 10.1 comes with reworked and fully responsive Dashboard. These improvements offer ultimate flexibility to tailor Flowmon to specific customer needs and help to maximise usability. Read about more new features in this article from our Product Manager, Rostislav Listvan.
Whenever you want to buy something new, you may entertain doubts about a product you have never tried out before. Although the product appears great on paper, often you want physical proof to persuade you that the product is well-suited to your needs.
There is no doubt SSL/TLS offers major benefits, such as confidentiality and integrity. However, it also creates challenges. For instance, visibility gaps and management overheads. Furthermore, malicious threats are evolving and adopting encryption to cover their tracks. In this article, we'll look at how Flowmon can help tackle some of these challenges.
There are multiple flow formats. What are the differences? Which are supported by Flowmon? Check the post to see the answers.
Developing hyper-scalable network analytics design, called Flowmon Distributed Architecture, was one of the biggest technology challenges we’ve faced to date. What were the drivers behind this resource demanding development project?
Encrypted traffic is on the rise. It's no longer possible to inspect the content of the communication. What does this mean for network traffic monitoring?
An example on how flowmon helps to detect unwanted software running on your network.
New major release of Flowmon Traffic Recorder is now available. Whenever you need to go beyond flow visibility level, Traffic Recorder is here to help with scale from 1G up 100G networks. Version 10.0 comes with fully flexible capture criteria and in-memory rolling buffer for raw packets. Don’t miss a packet and don’t miss this blog post.
Here are some conversations that I am having with increasing regularity after the established need for installing network monitoring and security protection.
The new major Flowmon release is out. Take a sneak peek into the Flowmon 10.0 revised user interface and the concept of distributed architecture in this article from our CTO, Pavel Minarik.
Flow data is the basis of modern network monitoring, helping administrators to ensure the reliability and security of the given environment. But where does flow data come from? There are several options how to get flow data with each option having pros and cons. Let us go through them.
One of the ways Flowmon integrates with 3rd party solutions is by using REST API. In this article, we provide examples and show how easy it is to use the REST API to get the data from Flowmon.
Flowmon introduces native Azure public cloud deployment. Just launch a virtual collector in Azure, start collecting flow data or take advantage or Microsoft Azure VTAP to mirror traffic into monitoring ports of collector.
Flow data (NetFlow/IPFIX, etc.) has been generally known about in the IT community for years, and is used, for example, in use cases such as billing, capacity planning and DDoS protection, primarily in the Telco segment. Enterprises, their IT managers and CIOs have only recently started exploring its tremendous potential. Yet, myths preventing faster adoption of flow technology are still being perpetuated in the networking community. Let's look at the 4 major ones.
Check this post to see how you can use recently added Docker to install custom packages and applications in Flowmon solution.
In this step by step guide you will learn how to use filters to analyze network traffic and better understand your network.
Today, threats are not only limited to the internet. Organizations face guests and employees who connect their own equipment into the network or take company equipment home with them. A firewall with IPS capabilities, such as a next generation firewall, is a good first measure to protect against modern day threats, but they will only protect what goes in and out at the network perimeter.
Today we will show you how to configure secure monitoring of Flowmon appliance using SNMPv3 in several easy steps.
More and more organisations are struggling to keep up with the rapid IT developments and the increasing number of attacks. One thing is for sure, neither are going to get any less. That is why it is important to implement a strategy and solutions that are flexible scalable in order to continuously anticipate changes. In terms of security this can be done by combining the best of both worlds. Packet capture from the legacy world and self-learning flow monitoring from the digital transformation.
There is an app for everything, or so the saying goes. Nowhere is this truer than in the world of business. Organizations increasingly rely on their applications performing to the maximum to guarantee the happiness and satisfaction of their end users. The sheer number of web applications is astounding.
DDoS attacks have increased by 16% since the beginning of 2018, achieving record high throughput volumes (1.35Tps) and featuring adaptative mechanisms and new attack vector techniques.
Network Behavior Analysis and firewall solutions nicely complements each other. Let’s check how to integrate Flowmon ADS with Hillstone iNGFW for comprehensive network security.
In this step by step guide you will learn how to use filters to analyze network traffic and better understand your network.
Today we will learn the concept of profiles in Flowmon Monitoring Center and examples how to get the most out of them.
One of the largest banks in the world is using Flowmon thanks to probe’s wide L2 and tunneling protocols support including Overlay Transport Virtualization.
Earlier this year, news was reported about Slovak Telecom secretly injecting a crypto-mining script into a website that users accessed. This was all done, apparently, without the consent of Slovak Telecom - a member of Deutsche Telekom – users. Specifically, the mobile TV Magio Go website was used, running a script that resulted in maximum processor overload due to Monero crypto-mining.
Creating profiles can be time consuming, especially in large and changing network infrastructures. Today we will show you how you can save your time using script to create profiles automatically.
When we talk about the business value of a tool or a system that (at first point) may seem like a “nice to have” or “helpful but not absolutely necessary” technology or system, it is good idea to start this discussion by putting some things in perspective.
The risk of Insider Threats has grown massively with attackers getting around the increasingly complex perimeter protection of Enterprise organisations. It is one of the most common ways customer data or industrial and trade secrets are leaked. This very complex topic includes countless types and techniques. Let us see how such behaviour could be detected at a network level.
Flowmon 9.01 has recently been released as a beta version for users to take a look at before its fully official release. The new version comes with a completely new flow forwarding engine, brings Flowmon closer to the cloud, introduces 1 minute profiles and much more.
With Flowmon solution you can easily automate the detection of users, applications or administrations accounts in MSSQL databases. New attacks have been spreading on internet since the end of 2017 and with the new year it is the right time for small check if you are not one of the victim.
ElasticSearch gathers more and more enthusiasm on the IT market. Released versions of ElasticSearch put the project into the group of most important solutions in Open Source community. Growing number of leading market companies decide to learn more about the solution what becomes a real alternative for Big Vendors products.
Aspire, award-winning managed services company specialising in hosted services and data centre solutions started to become the victim of several large volumetric style DDoS attacks, aimed at both its network and the networks of its customers.
An easy way to relieve your security teams and strengthen overall enterprise security.
Do the browsers that your business use support JavaScript? Well, it is truly hard to imagine that somebody exists on the Internet without this feature. Then computers in your network may be potentially affected by the newest “cryptojacking” threat and mine money for somebody you’ve never met.
The General Data Protection Regulation (GDPR) will strengthen and unify data protection for individuals within the European Union (EU), whilst addressing the export of personal data outside the EU. This directive is very much about processes - some of which inherently need to be supported by technologies. There is no single tool or platform, and incorporating dozens of technologies isn’t the right way to go. Both financially and technically-wise.
Yet another ransomware campaign called BadRabbit has recently started to spread. Not to worry though, Flowmon helps to detect the BadRabbit as well as other rising threats and allows you to react immediately.
Widely used WPA2 standard for WiFi Networks has been broken and it will take months to patch all affected appliances. It is a right time to consider how powerful your security is in order to deal with such a situation. Using Network Behavior Analysis immediately alerts on behavior deviations and reveals even zero-day threats.
In our previous articles we discovered the most common types of cyberattacks. We also learned how they are designed and how they operate. Such understanding helps us build adequate and effective protection strategies. This time we'll focus on Malware, Ransomware and Zero-day exploits.
Almost every vendor, Flowmon included, claims its NPMD solution delivers automation, machine learning, context analytics and other modern features. So, it is easy for admins to handle networks today, right? Well, it is not and feedback I get from Level 3+ engineers of 50 thousand people bank proves that sometimes automation is not enough.
Some of you may have seen our Flowmon Studio series. Over the years, we’ve become experts in network visibility and security. It appears that becoming experts in video shooting will take more than our current 12 episodes. Recording of an interview with APM expert with 17 years of experience and our latest member of the Flowmon UK team, Stuart Smith, went wrong. But such a small failure was never going to stop me from sharing Stuart’s priceless thoughts, at least the old way - in written form.
Flowmon Networks and F5 Networks have joint forces to protect Service Providers and their enterprises customers against DDoS attacks. The integration of Flowmon’s fast flow-based DDoS detection with F5 Networks’ out-of-band mitigation solution provides timely and effective protection for service providers and their customers.
DDoS attacks are still growing threat to all businesses dependent on the connectivity. There are several approaches to protect against DDoS attacks, where the most cost efficient one is the out-of-path strategy to detect and mitigate the attacks. But how it fits SDN environments?
This brand new module in the area of APM allows a way to monitor the availability of your business critical applications. The module is free for all our customers for a limited period. Check this post to see how you can get it today, for free.
In the past years illegal activities have been moving more and more into the virtual world. Many types of cyber-attacks are now also able to be used in specific “business” activities.
It has been almost 50 years since the world's first computer virus was seen. Over the years, it has evolved from the amusement of a handful of enthusiasts into an extensive business that is endangering companies every day around the world. Modern technologies enable these companies to face these threats. One of these is the artificial-intelligence for network analysis through which, the European company Flowmon Networks broke through to the world.
Are you using cloud services and don’t know why they are slow or how much data is transferred? The answers are in Flowmon.
A new malware attack is spreading on the internet and causes big troubles to users and administrators. Find out how Flowmon helps with this recent threat.
The efficient out-of-path DDoS detection and mitigation is not always available out of the box in virtual networking such as Contrail. Check this post to see how to generate NetFlow in Juniper Contrail Networking SDN environment and use Flowmon DDoS Defender for traffic rerouting and automated DDoS Mitigation.
In our previous article we discovered the most common types of cyberattacks. We also learned how they are designed and how they operate. Such understanding helps us build adequate and effective protection strategies.
The new generation of Flowmon solution has arrived. Besides improved solution performance, you can look forward to new and interesting features. Come and find out what is new.
The attack to Intel based hardware is still going on via Intel® Active Management Technology. More than one month known critical vulnerability CVE-2017-5689 (CVSS score 9.8) is not patched fully yet by new BIOS versions and we are not fully focused on the risk as new threats like WannaCry or SambaCry are coming in last weeks.
We witnessed an unprecedented global outbreak of WannaCry infection last week. Let’s examine how one can detect and minimize the impact of WannaCry as well as other rising threats with the new feature in Flowmon ADS module.
Some people educate themselves because they are personally interested in the topic. For some, education is compulsory while others are just looking for a better qualification. The best way we can share our experience from selling Flowmon with you is through training and workshops. A video session of a few hours should be better fun to watch though and with this idea in mind we decided to create a whole new type of experience for you. This is how we made it.
Brace Yourselves for the new European legislation on data and network security coming soon! Get ready to invest millions in technologies and hire dozens of new employees. The whole world as we know it will never be the same again.
Security in the SCADA/ICS environment is a much discussed topic today. In the past these systems were strictly separated. But their connection to common computer networks has opened new opportunities for attackers. How the network visibility combined with real-time anomaly detection helps to protect SCADA/ICS environments?
If you are unaware of the actual figures, this post will give you the answer. Network Performance Monitoring enables you to avoid network infrastructure downtime, identify bottlenecks and troubleshoot performance issues. So let us take a close look at NPM metrics today.
Flowmon 8.03 is here with new interesting features such as NPM metrics visualization, broader L7 visibility, encrypted flow export and much more.
Previously, we got familiar with alerting in Flowmon. Today we will learn how to write a script which can be triggered by the alert.
Using alerts can significantly simplify your life. There is no need to sit in front of a monitor and search for operational problems in your network. In this blog post, we will go through the capabilities of automatic alerting in Flowmon Monitoring Center.
Every customer wants to be sure they are making the right decisions. PoC campaigns are a great way to achieve this and also how to distinguish between empty phrases and real benefits.
Network-based Application Performance Monitoring solution measures delays in network and application for all transactions of all users. If any problem occurs, it immediately reports and alerts the administrator and provides all necessary data to point out the cause of the performance issues. It is often compared to traditional APM solution, so let's see where the limits of such agent-less solution are?
Today we will take a look on how to configure Palo Alto NGFW NetFlow export to Flowmon solution.
Today, we are busting a myth about configurating and tuning of the NBA / UEBA solution to be time consuming project. Come and learn how you can tune Flowmon ADS in an hour.
In most organizations security issues are the responsibility of many teams. Each of them manage only a selected part of the infrastructure and the global view is missing. Learn how to get overview of the entire environmnet with Flowmon ADS integration with Splunk.
With the rising number of devices and services in the network organizations face the problem where requirements of ensuring security and smooth operations goes far beyond human capabilities. SIEM would solve the problem you think. But this answer is just not good enough. Let’s see how we can do better.
Nobody wants to share his communication with the public. And customers of cloud services based on flow data analysis are no exception. They need to be sure that their traffic is not “overheared” when sending data to cloud provider through public network. With Flowmon this is not an issue anymore. Welcome to the flow data encryption.
For six years I’ve been standing in the front line of Flowmon international business development. As an area manager I’ve launched operations on several markets across Europe. Usually with no brand awareness, no partners on the target market and with inexorable KPIs hanging over my head like the Sword of Damocles . In this article I’m sharing my experience and identifying six key must-haves when developing a new market.
Three weeks ago I was giving a presentation to a customer and you wouldn’t believe what question I have received. “So how the deployment of Flowmon can help me and my colleague to grow in career?” Wow!
“Cybercriminals to compromise company: business loses $56 million.” Do you find this headline familiar? Such front-page news and analysis of large-scale attacks hit us every day. In this article I don’t want to talk about them. I would rather explain the very common techniques that are often used and what lies behind the word ‘compromise’. Have you ever met Hitchcock’s electronic birds or sirens luring you into a trap?
New version of our flag ship product has been released as a Flowmon 8.02. One of the most important feature is reliable and encrypted flow forwarding option. It also brings reinvented view on Active Devices as well as new active device related widgets for Flowmon Dashboard. In addition, Flowmon 8.02 supports IPFIX items with variable length and Cisco AVC HTTP values.
Today we will have a look on how our advanced behavioral intelligence of Flowmon ADS can detect DNS service related security incidents and how it helped our customer find malware infected hosts in the network.
DNS is one of the most essential network services - often poorly monitored - and any outages may lead to a major business impact. Let’s take a look how Flowmon is able to monitor DNS protocol and how you can benefit from it.
Our network monitoring abilities grow every year, but our viewing glass is largely limited to the network we manage. But what if we have information about what has just happened in other networks?
I’m having a goose bumps as I’m holding a fresh case study of a Managed Service Provider from the Netherlands. It was not an easy task to fulfill their technical requirements and, what’s more, the competition was already deployed!
Network visibility and monitoring is critical to understanding how our network monitoring tools are performing. In today’s economy performance equates to dollars; having real-time visibility allows for quick troubleshooting and reduced mean time to resolution (MTTR).
Are you interested in how your application behaves to your customers or employees from their point of view? What is their user experience? With network-based Application Performance Monitoring you can measure delays in network and application for all transactions of all users. Check this blog post to see how it works.
Meet Flowmon Mobile Dashboard! Try out our new app for iOS and Android platforms. Installing and launching the app to a smartphone or tablet, you are connected to your Flowmon appliance instantly. You can easily browse widgets and swipe among your individual dashboard panels to see, what's happening in your network anytime. Follow just three steps to use the app.
In previous blog posts we described big news in Flowmon 8.0 – new architecture of Flowmon Collectors, DHCP. Today we will have a quick look at another new features in Flowmon 8.0.
More than 75% of companies is infected by malware and they don't know about that. This is not an overstated declaration, this is todays reality. Network Behavior Analysis technology helps to uncover threats in the infrastructure that may sooner or later take your money. Check out this blogpost to know how NBA deals with malware.
In February last year, one of the leading internet service providers in Slovakia suffered from the largest DDoS attack in the history of the country. The total volume of the attack exceeded 400 Gbps. Servers of its customers were down for tens of minutes… and not only the targeted ones. The attack wasn’t identified by automated tools and few hours passed from its start to successful resolution of the situation and restoration of the services.
We in Flowmon Networks believe that merging flow and packet level visibility into one versatile solution is the technology that will help us to scale to future performance and capacity needs while preserving detailed information about network traffic.
New major version of our flagship product Flowmon was recently released. We are tirelessly following our vision to provide customers with a complete understanding of what is happening in their networks. In order to do that, we enrich flow data (information from network and transport layer) with information from application protocols (application layer). Let’s look at the new L7 protocols we have added to Flowmon 8 and dig little bit deeper into DHCP.
DDoS attacks are today’s common threat. In most cases, the attackers flood customer’s network from the outside. But what if you are a cloud provider and the DDoS attack doesn’t come from the outside? What if both the attacker and target are inside the same cloud? Can you protect your customer then? Check this post created by Konstantin Agouros, Solution Architect Security Technologies at Xantaro and see, how Flowmon DDoS Defender and OpenDayLight protect against DDoS attack in cloud environment.
We've just proudly released new major version of our flagship product – Flowmon 8.0. The new version comes with a significant change of architecture of flow data storage. Moreover, Flowmon 8.0 extends visibility in L3, L4, L7 and improves central dashboard, reporting capabilities and brings other handy features. New architecture of flow data storage dramatically increases number of flow sources per one collector appliance, enables new features and consequently brings new concept of profiles.
In the end of year 2015 we announced new collaboration with Cisco. By integrating Flowmon Anomaly Detection System (ADS) with Cisco’s Application Policy Infrastructure Controller Enterprise Module (APIC-EM), the companies will provide administrators with agility when provisioning quality of service and executing security policies across the entire network. Check out how Flowmon ADS and Cisco APIC-EM overcome cyber threats and secure network infrastructure.
A profile in context of Flowmon is a specific view on flow data stored in Flowmon Collector. It is defined by name, type, combination of profile filters and for a continuous type of the profile also size of allocated quota. Exceeding the quota causes an expiration of the oldest data, which is overwritten. A new feature allows to backup the profiles to defined external storage and restore them vice-versa whenever needed.
Dynamic baselining allows to respond to increasing volumes of traffic based on adaptive thresholds and defined rules. Flowmon Networks has introduced DDoS Defender for DoS/DDoS detection and subsequent mitigation in May 2015. Since version 2.0 released on October 2015, Flowmon DDoS Defender monitors traffic volume characteristics based on adaptive thresholds.
Some of significant present cyber threats are the attacks targeting government or finance institutions to cut them off the Internet, penetrations into protected systems or malware earning money for its creators. Most of these attacks come from computers of unsuspecting users that are under control of attackers and are part of botnet. What if an ISP protects end customers and connectivity provider protects ISP against cyber threats including DoS/DDoS?
Are your VoIP bills too damn high? Are you paying more than you should? Maybe you don’t even know it! You might have a similar problem as our customer had. Let’s see what the problem was and how Flowmon solved it in following use-case.
Cooperation with innovative businesses that have become iconic in their fields is always challenging to us. Especially when such a firm comes from Japan, famous for its quality requirements. These factors came together in our project for SEGA, a legendary interactive entertainment company.
Network Performance Monitoring was extended with monitoring of TCP retransmissions and out of order packets. Using these metrics we are able to identify data transfer issues. This article explains TCP retransmissions and shows how to easily measure them and how it helps network administrators to identify network issues and troubleshoot the network.
How often you need to know, who is sitting behind devices in your network, who communicated in certain time frame or a month ago? Flowmon solution provides reliable user identification based authentication logs combined with flow data. The ability to monitor active devices in your network brings new benefits like user identification and host OS identification.
Big things in life have quite beginnings sometimes. More than ten years ago, a small group of Czech scientists worked for the pan-European association GÉANT. They had no idea that this project would change their lives forever and give a rise to the Flowmon solution which would one day monitor and secure pan-European network which is used by 50 million users.
Why would you need Network Behavior Analysis once you have deployed flow collector and traffic reporting? Well, there are scenarios where automatic anomaly detection goes far beyond capabilities of flow collectors. Are you using Flowmon Monitoring Center and still don’t have Flowmon ADS? Find out in 7 minutes how you can extend your Flowmon deployment with Network Behavior Analysis module.
How often you need to know who is sitting behind that IP address right now or who was logged there one month ago? Flow monitoring will give you information about IP, MAC address or DNS name but getting the user identity is usually time consuming task of analyzing the auditing logs of Active Directory or network access control system.