Flowmon blog

Blog of new releases and updates

Subscribed for Flowmon content

Never miss an update, subscribe to our newsletter

Get the latest curated insights from Kemp experts straight to your inbox.

Thanks for signing up!

A Close Look at 3 Use Cases in Flowmon Packet Investigator 11.1

About 3 months ago, I spoke to one of our customers, an employee of an unnamed government entity, about Kemp Flowmon Packet Investigator (FPI). After giving him a short demonstration, he told me a story that happened to him just a couple of days earlier.

How to Monitor your Flowmon Appliances

Learn four methods to keep an eye on the status and operational condition of the Flowmon system.
Petr Pecha

What are network monitoring tools?

Network monitoring tools gather and analyze network data to provide network administrators with information related to the status of network appliances, link saturation, the most active devices, the structure of network traffic or the sources of network problems and traffic anomalies.
Petr Pecha

ADS 11.4 – Built with Your Feedback

The new release of Flowmon ADS 11.4 brings you the most frequently requested features.

Flowmon ADS and Check Point Integration: Automated incident detection and response

We have recently published a script for the integration of the Anomaly Detection System (ADS) with a Check Point firewall. This ensures automated threat detection and response where attackers are blocked from accessing the network resources and causing even further harm.
Petr Pecha

What to Look for in a Network Traffic Visibility Solution

As company infrastructures now sprawl across several different environments, additional tools need to be added to the portfolio. But adhering to the traditional approach of focusing on individual devices, their health, performance, and availability, only aggravates its downsides; i.e. visibility blind spots, tool disparity, and therewith connected “swivel-chair” management. The problem calls for increased network traffic visibility that does not come at the cost of extra work.
Pavel Minarik

User Identity Awareness with LoadMaster ESP and Flowmon

In one of the previous blog posts from the load balancing education series, we discussed the Edge Security Pack functionality to provide an additional layer of security in front of an application workload to ensure that only properly authenticated users can interact with the application.

Global Site Load Balancing Explained

Global Site Load Balancing (GSLB) is an important part of your application infrastructure, but many people don’t understand its benefits. In this post we’ll explain how GSLB works and how LoadMaster GEO can bring big benefits in availability and performance at a fraction of the cost of alternatives.

Publishing & Securing Legacy Applications

In the previous blog post, we discussed load balancing essentials and methods of traffic distribution among the real servers. When you publish an application with Kemp LoadMaster you can add lots of extra capabilities on top of the basic load balancing.
Pavel Minarik

Investigating Network Anomalies – A sample workflow

Network anomalies vary in nature. While some of them are easy to understand at first sight, there are anomalies that require investigation before a resolution can be made. The MITRE ATT&CK framework introduced in Flowmon ADS 11.3 streamlines the analysis process and gives security analyst additional insight by leveraging knowledge of adversaries' techniques explaining network anomalies via the ATT&CK framework point of view.

Understanding Load Balancing Essentials

In this post we’ll review some of the essential ideas in Load Balancing to help you understand how to get the best configuration for your application.

Flowmon Packet Investigator 11.1 - A new user experience

The Flowmon Packet Investigator 11.1 is easier to use and covers a broader scope of root-cause analysis scenarios.

Boost Your Situational Awareness With Flowmon ADS 11.3

The new Flowmon ADS 11.3 enhances your contextual understanding with built-in knowledge of adversary tactics and techniques described in the MITRE ATT&CK framework.
Petr Pecha

Science of Network Anomalies

Today’s networks have evolved a long way since their early days and have become rather complicated systems that comprise numerous different network devices, protocols, and applications. Consequently, it is practically impossible to have a complete overview of what is happening in the network or whether everything in the network works as it should. Eventually, network problems will arise.

The Flowmon Roadmap for 2021

Your feedback, current trends, and a good chunk of innovation are what shapes the current and future face of our solution. Read on to find out what is coming in 2021.
Pavel Minarik

Flowmon Detects Windows DNS SIGRed Exploitation

The vulnerability called SIGRed (CVE-2020-1350) has been around for 17 years, during which time it was present in Windows Server operating systems from version 2003 through 2019 and received a maximum severity rating of 10. It was finally patched in July 2020.

5 Network Security Trends to Watch in 2021

It is not only the COVID-19 pandemic and the associated rise of remote work that is shaping the everyday routine of network security practitioners. Let's take a look at 5 major trends in network security.
Jiri Knapek

How to Block an External Attack with FortiGate and Flowmon ADS

It’s a question we hear often - how to use Flowmon to block an attack? Flowmon is not an inline appliance to stand in the path of inbound traffic, so we partner with 3rd party vendors who supply equipment like firewalls or unified security gateways.
Petr Pecha

ADS 11.2 – More than ordinary blacklists

Improve your security posture with community Indicators of Compromise and use reputation data to detect threats in encrypted traffic.
Petr Pecha

Flowmon 11.1 – A time-saver

High-level information and speedy configuration for the busy network administrator.
Pavel Minarik

How Flowmon Helps to Detect SUNBURST Trojan Attack in Your Network

Flowmon Anomaly Detection System from Kemp now contains Indicators of Compromise (IoC) for the SUNBURST trojan specifically. Users of the Flowmon network detection and response (NDR) tool can check if they are under attack and set up measures to detect SUNBURST.

Bridging Visibility Gaps in Hybrid Cloud Monitoring

When cloud adoption shifts from a new trend to daily reality, it causes headaches to everyone responsible for the performance, availability, and security of business services or apps. How do you monitor owned and rented infrastructure with all of their differences without creating visibility silos and ending-up with a bunch of disparate tools?
Jiri Tobola

Flowmon and Kemp Together. Why it Makes Sense

For more than a decade we have been concentrating our best talents into two areas. Improving technology and making our products available globally. Now, the time has come to massively scale up our business and technological power.
Pavel Minarik

Load Balancing and NetSecOps - What’s the Deal?

Kemp, known for its well-tuned and easy-to-use load balancer LoadMaster, has acquired Flowmon, extending its product portfolio and growing through acquisition. So you may ask, how does the technology fit?
Petr Pecha

ADS 11.1 - Point-and-click Analysis

Insight and ergonomy for the smart security analyst.

Changes in the Specifications of Our Hardware Appliances

Find out what applies to you.
Petr Pecha

Integration of PRTG and Flowmon

Get the most out of PRTG and Flowmon by bringing them under one GUI and allowing their complementary functionalities to work together.
David Townsend

Ensuring Availability and Security for Remote Workers

The year 2020 has seen various changes throughout the world but no change has seen more of an impact than the Corona-virus. During this epidemic, workers from all industries have moved from a traditional office-based role to WFH (Working From Home).

Improved FortiGate Integration

The new release of FortiOS 6.4 from 31 March 2020 brings a new and interesting feature of using webhooks for external API calls and enable automation stitches, which are easy to configure in FortiGate UI and allow you to run multiple actions.

Integrating Flowmon and LDAP/AD

How to deploy Flowmon for multiple users easily.

Configuring Flowmon Using Presets

Flowmon Monitoring Center features presets to save labor and help users understand their monitoring needs.
Jiri Knapek

Key Fortinet and Flowmon Integrations: Automated Incident Detection and Response

Flowmon has recently joined Fortinet’s Open Fabric Ecosystem by integrating with FortiGate and FortiSIEM. This cooperation brings automated system for threat detection and response, blocking security risks in their infancy, and giving time to administrators to carry out forensics.
Petr Pecha

SOC Visibility Triad - Calling for the network-centric approach

Endpoint protection has been a staple since the dawn of cybersecurity, but how many endpoints are really protected? The expansion of digital environments is pushing SOC analysts towards a change of ideology.

Story of a Large Call Center

We hear many applications promise “new heights of success and prosperity for your company.” But what do you do when the application is slowing your business down?

From Packet Recording to Investigation - Advancements in the Flowmon suite

We have recently introduced the Flowmon Packet Investigator (FPI) as a successor to the Flowmon Traffic Recorder. This blog article explains the drive behind the change.

Flowmon ADS 11.0 - Improved insight & enhanced performance

To prevail over contemporary threats you need immediate response and a high-performance detection tool - you need Flowmon ADS 11.0.

Tracking the Performance of Online Meeting Tools

Tools for online collaboration, and online meetings in particular, have begun to replace face to face contact since the global COVID-19 emergency. A prerequisite for smooth and reliable video conferencing is sufficient bandwidth and low network latency. How does this matter when everybody is working from home and IT teams have no control over the environment of individual employees?

Tracking Devices and Users in Your Network

Is the DHCP pool wide enough? How many users are authenticated during the day? On how many devices one user is authenticated? In this article, we will demonstrate how you can check it easily with Flowmon’s improved Active Device functionality.

QoS and DSCP Monitoring with Flowmon

Quality of Service (QoS) and Differentiated Services Code Point (DSCP) are mechanisms to classify and prioritize critical services such as voice or video, ensure sufficient bandwidth for company applications and provide simple best-effort service to web browsing or data transfer.

Meet Flowmon Packet Investigator

Packet capture and analysis in one - for those occasions when extra detail is needed.

Flowmon 11.0 - Insight at Your Fingertips

Fast deployment and user ergonomy. Flowmon understands that time is valuable and that’s why it’s designed to save yours.

DDoS Defender 5.2 - Precise and easy-to-use

Developments in DDoS Defender 5.2 are in the spirit of performance and user experience.
Samo Kotnik

2-factor Authentication to Flowmon

In this blog, we will guide you through the process of how to enable two-factor-authentication (2FA) via TACACS+ on the Flowmon system.

Introducing Flowmon’s 2020 Roadmap

This year brings challenges to tackle and horizons to explore. Find out what Flowmon has in store for 2020.
Pavel Minarik

Flowmon Incident Response

This document is aimed at operators and analysts who use Flowmon to detect and analyse security events. The document introduces a set of so-called best practices, i.e. a summary of the manufacturer's recommendations on how to proceed when analysing security incidents.
Lukáš Dolníček

IDG survey shows gap between IT experts’ confidence and their ability to repel encrypted threats

96% of IT professionals claim confidence to repel encrypted traffic threats. Still, only one third of businesses cover all attack vectors of this steadily growing nefarious activity.
Pavel Minarik

Boosting Enterprise IT to the Next Level

This is the story of a large-sized company (1000-5000 employees) that understood the importance of IT in the digital era and its business impact. The IT department needed a new impetus to reconsider tools and processes in place.
Pavel Minarik

Journey from Reactive IT to Proactive Control

This is the story of a medium-sized company (250-1000 employees) on its transition from a reactive IT department that acted like a firefighter, to a modern team having full control and visibility in their digital environment.

The Upsurge of Home Office: Best Practices to Keep Your Network Secure and Running

Just like many companies in these trying times, we too have asked many of our employees to work from home to protect their health. As a consequence of this decision, our network traffic characteristics have changed dramatically. This change comes with a variety of associated operational and security challenges. 
Pavel Minarik

Validate Indicators of Compromise in Your Network

You may have recently come across indicators of compromise (IoC), such as malicious IP addresses, which you can use to validate whether you have been affected or not. For example, a national cyber security agency can approach you to validate specific IoCs in your environment and report back to them. Flowmon can help you with this. You can simply do a retrospective analysis and proactive real-time monitoring to detect the occurrence of such IoCs.
Pavel Minarik

Network Traffic Monitoring with and without Encrypted Traffic Visibility

Having or not having an encrypted traffic analysis feature in your network monitoring system makes a huge difference.

Emotet Malware: Email Spoofer Awakening

According to IBM X-Force, the Emotet malware has recently been spreading in Germany and Japan, targeting companies in the area more and more aggressively.
Roman Cupka

5 Reasons Why Hackers Will Have a Bumper Harvest

In the coming years we can expect an even larger and more sophisticated wave of theft, fraud, extortion and deactivation of the various services run by businesses and public organisations. Here are a few reasons cybercrime will flourish in the coming years.

Enhancing Network Visibility & Security in Google Cloud

As networks grow in complexity, a proactive approach, prevention and early detection of anomalies are the only way forward toward delivering reliable, secure, and scalable services to users and customers.

New Flowmon DDoS Defender - Straightforward Performance

The new Flowmon DDoS Defender 5.0 is faster, more precise and better-looking. It combines powerful and highly customizable attack detection with an intuitive user interface, turning DDoS protection into a smooth and satisfying experience.
Dusan Janik

Monitoring Flowmon System Resources via SNMP

To monitor Flowmon system resources, we can use common monitoring tools based on SNMP.

Flowmon ADS 10.0 Facelift

The new facelift of Flowmon ADS is not just about looking better. It was purposely designed to facilitate faster analysis and easier fine-tuning while aiming for maximum user comfort.

Flowmon DDoS Defender 4.5 Released

The stable version of Flowmon DDoS Defender 4.5 is out and boasts a powerful new feature - mitigation tiering.
Joseph Krenson

Four Things to Consider as You Migrate Services to the Cloud

As businesses migrate services to the cloud, the network team loses control (and visibility) on how these critical productivity apps will impact their local network(s). Please see the following considerations ...

Flowmon 10.3 Released

User experience is the driving force behind Flowmon 10.3.
Pavel Minarik

Cutting SaaS Troubleshooting Time with Network Performance Metrics

With the popularity of SaaS platforms on the rise, network performance metrics become an invaluable tool in the hands of network administrators, who cannot afford to waste time resolving issues that originate outside their network.

Flowmon ADS and Integration with Security Event Management

This blog post explains how to nicely enhance logs received from Flowmon ADS in virtually any SEM/SIEM.

Flowmon Taking Advantage of Amazon VPC Traffic Mirroring

The whole IT industry has experienced a transition into cloud in past years. As a major player in Public Cloud, AWS is also one of the first considered option for Flowmon customers when designing their IT plans.

Flowmon and OpenVAS Integration

Rest API, provided by Flowmon, is a great tool to strengthen the security of organisations and enabling you to integrate FLOWMON with many existing security solutions.

Flowmon 10.2. Release News

The success of IT is measured by time and therefore this spring update comes with performance in mind, moving operations ever closer to real-time. Through our continuous research, we’ve identified the need for a variety of improvements that would help IT experts to achieve their performance metrics faster and easier.
Pavel Minarik

ICS/SCADA Monitoring and Anomaly Detection

Operational Technology and Information Technology are merging. And spoken frankly, they do not understand each other. OT systems have lived for years totally isolated and now they should be connected to enterprise networks or the internet. The lack of security measures in this environment, where availability and integrity will return us back in time, means we will have to deal with the very same issues that experienced IT professionals solved 20 years ago.
Michal Kratky

What is Hidden in Encrypted Internet Traffic Streams

Full internet encryption is on the horizon and with it the risk that hackers will gain access to your computer network.
Pavel Minarik

Packets and Flow Data: best of breed combination for network forensics

IT experts usually distinguish between two types of systems for network monitoring: flow-based and packet-based. But facing today's challenges brought by bandwidth explosion, new platforms and hyper-connectivity they must change their relationship from simple coexistence to fruitful cooperation. And this is exactly what we have delivered to IT ops by introducing Flowmon 10 and Rolling Memory Buffer feature. Let’s see what benefits it brings for network forensics.
Martin Sevcik

How to use Network Performance Metrics with Flowmon

Using basic network performance metrics, namely Round Trip Time (RTT) and Server Response Time (SRT), is an easy-to-go way how to deal with performance issues in your network. Let’s take a closer look at how every network administrator can use RTT and SRT metrics in Flowmon.
Roman Cupka

5 predictions for cyber security in 2019

Last year completely refuted doubts about the increasing cyber security risks. Hackers, obtained sensitive data on hundreds of German politicians, including Chancellor Merkel and accessed data relating to tens of millions of Facebook accounts. The year also confirmed that hacking has become a means for political activists and an effective tool for professional criminals who have discovered a lucrative opportunity on the internet. What conclusions can we draw from these events for 2019?
Martin Sevcik

3 Network Performance Monitoring Metrics to Deal with Performance Degradation

In my 20+ years career, I’ve worked with two types of technologies. Those that took extensive marketing efforts to communicate their value and failed to deliver it, as well as technologies that proved themselves quickly during a single day. Network performance monitoring using flow data is the second case. In this post, I share my experience with NPM techniques, how to take them on in a real environment and what are the typical root causes of performance bottlenecks found in network traffic.
Dusan Janik

Creating custom logs from NetFlow

Did you know you can create logs with any flow information and export it to 3rd party systems like SIEM. Check this post to see how to do it and what we have prepared for you.
Pavel Minarik

DDoS Protection tool without BGP Peering Analysis? Why not?

It is difficult to count how many times I have been involved in discussions about the role of BGP peering analysis in DDoS protection. Usually, people think of how these technologies are connected together, so I have decided to share my point of view in various scenarios.
Artur Kane

Revised Flowmon interface: First step to customer-centric UX

Revised user interface as it comes with Flowmon 10.0 is one but important stop on our long term initiative that will end up with completely new concept of the Flowmon solution providing unified view across network, application and security dimensions. Let’s see what it brings.
Rostislav Listvan

Flowmon 10.01 - redefined Dashboard improved Reports and much more

As a part of our long term strategy to enhance User Experience, Flowmon 10.1 comes with reworked and fully responsive Dashboard. These improvements offer ultimate flexibility to tailor Flowmon to specific customer needs and help to maximise usability. Read about more new features in this article from our Product Manager, Rostislav Listvan.
Samo Kotnik

Let’s talk PoC

Whenever you want to buy something new, you may entertain doubts about a product you have never tried out before. Although the product appears great on paper, often you want physical proof to persuade you that the product is well-suited to your needs.
Roman Luks

Nail These 6 Encrypted Traffic Cases with Flowmon

There is no doubt SSL/TLS offers major benefits, such as confidentiality and integrity. However, it also creates challenges. For instance, visibility gaps and management overheads. Furthermore, malicious threats are evolving and adopting encryption to cover their tracks. In this article, we'll look at how Flowmon can help tackle some of these challenges.
Rostislav Listvan

Introducing flow formats and their differences

There are multiple flow formats. What are the differences? Which are supported by Flowmon? Check the post to see the answers.
Artur Kane

What made us create Distributed Architecture

Developing hyper-scalable network analytics design, called Flowmon Distributed Architecture, was one of the biggest technology challenges we’ve faced to date. What were the drivers behind this resource demanding development project?

Can Flow Monitoring Work on Encrypted Traffic?

Encrypted traffic is on the rise. It's no longer possible to inspect the content of the communication. What does this mean for network traffic monitoring?
Zoltan Techy

Resource Misuse Detection with Flowmon ADS

An example on how flowmon helps to detect unwanted software running on your network.
Martin Skoda

Flowmon Traffic Recorder 10.0 – Revolution Continues

New major release of Flowmon Traffic Recorder is now available. Whenever you need to go beyond flow visibility level, Traffic Recorder is here to help with scale from 1G up 100G networks. Version 10.0 comes with fully flexible capture criteria and in-memory rolling buffer for raw packets. Don’t miss a packet and don’t miss this blog post.
Joseph Krenson

Customer experience: Deploying Monitoring as a Service in Amazon AWS and Virtual Environments

Here are some conversations that I am having with increasing regularity after the established need for installing network monitoring and security protection.
Pavel Minarik

Flowmon 10.0 - Where the Revolution Begins

The new major Flowmon release is out. Take a sneak peek into the Flowmon 10.0 revised user interface and the concept of distributed architecture in this article from our CTO, Pavel Minarik.
Martin Skoda

Where do the Flows Come From?

Flow data is the basis of modern network monitoring, helping administrators to ensure the reliability and security of the given environment. But where does flow data come from? There are several options how to get flow data with each option having pros and cons. Let us go through them.
Roman Luks

Integration Baby Steps with Flowmon REST API and Python Requests Library

One of the ways Flowmon integrates with 3rd party solutions is by using REST API. In this article, we provide examples and show how easy it is to use the REST API to get the data from Flowmon.

Flowmon brings visibility to Azure via VTAP

Flowmon introduces native Azure public cloud deployment. Just launch a virtual collector in Azure, start collecting flow data or take advantage or Microsoft Azure VTAP to mirror traffic into monitoring ports of collector.
Pavel Minarik

Debunking 4 Myths about NetFlow data

Flow data (NetFlow/IPFIX, etc.) has been generally known about in the IT community for years, and is used, for example, in use cases such as billing, capacity planning and DDoS protection, primarily in the Telco segment. Enterprises, their IT managers and CIOs have only recently started exploring its tremendous potential. Yet, myths preventing faster adoption of flow technology are still being perpetuated in the networking community. Let's look at the 4 major ones.
Tomáš Vlach

Docker in Flowmon

Check this post to see how you can use recently added Docker to install custom packages and applications in Flowmon solution.
Roman Luks

Flow Analysis Using Filters - DNS and Workstations

In this step by step guide you will learn how to use filters to analyze network traffic and better understand your network.
Gert-Jan de Boer

Prevent malware spreading with automatic client isolation using Flowmon ADS and Cisco ISE

Today, threats are not only limited to the internet. Organizations face guests and employees who connect their own equipment into the network or take company equipment home with them. A firewall with IPS capabilities, such as a next generation firewall, is a good first measure to protect against modern day threats, but they will only protect what goes in and out at the network perimeter.
Tomáš Vlach

Secure monitoring of Flowmon resources

Today we will show you how to configure secure monitoring of Flowmon appliance using SNMPv3 in several easy steps.
Frank Dupker

Defending Networks With "Best of Both Worlds"

More and more organisations are struggling to keep up with the rapid IT developments and the increasing number of attacks. One thing is for sure, neither are going to get any less. That is why it is important to implement a strategy and solutions that are flexible scalable in order to continuously anticipate changes. In terms of security this can be done by combining the best of both worlds. Packet capture from the legacy world and self-learning flow monitoring from the digital transformation.
Sinisa Antunovic

Helping you keep your web application users satisfied

There is an app for everything, or so the saying goes. Nowhere is this truer than in the world of business. Organizations increasingly rely on their applications performing to the maximum to guarantee the happiness and satisfaction of their end users. The sheer number of web applications is astounding.
Jesus Mingarro

Adaptative DDoS Attacks - Commercial and Operational Savings Tips

DDoS attacks have increased by 16% since the beginning of 2018, achieving record high throughput volumes (1.35Tps) and featuring adaptative mechanisms and new attack vector techniques.
Martin Skoda

Integrate Flowmon ADS with Hillstone iNGFW for Ultimate Protection

Network Behavior Analysis and firewall solutions nicely complements each other. Let’s check how to integrate Flowmon ADS with Hillstone iNGFW for comprehensive network security.
Roman Luks

Flow Analysis Using Filters – Exploring DNS Communication of Servers

In this step by step guide you will learn how to use filters to analyze network traffic and better understand your network.
Michal Kratky

Get the most out of the profiles in Flowmon Monitoring Center

Today we will learn the concept of profiles in Flowmon Monitoring Center and examples how to get the most out of them.
Martin Skoda

Success Story: East-West Traffic Visibility Enabled by Flowmon Probes

One of the largest banks in the world is using Flowmon thanks to probe’s wide L2 and tunneling protocols support including Overlay Transport Virtualization.
Roman Cupka

Crypto-jacking, Crypto-mining and Crypto-currency security

Earlier this year, news was reported about Slovak Telecom secretly injecting a crypto-mining script into a website that users accessed. This was all done, apparently, without the consent of Slovak Telecom - a member of Deutsche Telekom – users. Specifically, the mobile TV Magio Go website was used, running a script that resulted in maximum processor overload due to Monero crypto-mining.
Jiri Knapek

Define Profiles Automatically Using Script

Creating profiles can be time consuming, especially in large and changing network infrastructures. Today we will show you how you can save your time using script to create profiles automatically.
Sinisa Antunovic

Business Benefits of Network Behavior Analysis

When we talk about the business value of a tool or a system that (at first point) may seem like a “nice to have” or “helpful but not absolutely necessary” technology or system, it is good idea to start this discussion by putting some things in perspective.
Artur Kane

Monitor user behaviour to detect Insider Threats

The risk of Insider Threats has grown massively with attackers getting around the increasingly complex perimeter protection of Enterprise organisations. It is one of the most common ways customer data or industrial and trade secrets are leaked. This very complex topic includes countless types and techniques. Let us see how such behaviour could be detected at a network level.
Martin Skoda

What's new in Flowmon 9.01

Flowmon 9.01 has recently been released as a beta version for users to take a look at before its fully official release. The new version comes with a completely new flow forwarding engine, brings Flowmon closer to the cloud, introduces 1 minute profiles and much more.
Tomáš Vlach

Time for database accounts audit

With Flowmon solution you can easily automate the detection of users, applications or administrations accounts in MSSQL databases. New attacks have been spreading on internet since the end of 2017 and with the new year it is the right time for small check if you are not one of the victim.
Artur Bicki

Flowmon ADS integration with Elasticsearch

ElasticSearch gathers more and more enthusiasm on the IT market. Released versions of ElasticSearch put the project into the group of most important solutions in Open Source community. Growing number of leading market companies decide to learn more about the solution what becomes a real alternative for Big Vendors products.
Lubos Lunter

Success story: Flowmon helps MSP to deal with DDoS attacks

Aspire, award-winning managed services company specialising in hosted services and data centre solutions started to become the victim of several large volumetric style DDoS attacks, aimed at both its network and the networks of its customers.
Martin Skoda

Ixia Threat Armor Integration with Flowmon ADS

An easy way to relieve your security teams and strengthen overall enterprise security.
Tomáš Vlach

Detect Web Cryptocurrency Mining With Flowmon

Do the browsers that your business use support JavaScript? Well, it is truly hard to imagine that somebody exists on the Internet without this feature. Then computers in your network may be potentially affected by the newest “cryptojacking” threat and mine money for somebody you’ve never met.
Lubos Lunter

Don't forget to include your network into your GDPR strategy

The General Data Protection Regulation (GDPR) will strengthen and unify data protection for individuals within the European Union (EU), whilst addressing the export of personal data outside the EU. This directive is very much about processes - some of which inherently need to be supported by technologies. There is no single tool or platform, and incorporating dozens of technologies isn’t the right way to go. Both financially and technically-wise.
Martin Skoda

Don’t Go Down The BadRabbit Hole

Yet another ransomware campaign called BadRabbit has recently started to spread. Not to worry though, Flowmon helps to detect the BadRabbit as well as other rising threats and allows you to react immediately.
Tomáš Vlach

Worrying About Your WiFi Security Due to KRACK Vulnerability?

Widely used WPA2 standard for WiFi Networks has been broken and it will take months to patch all affected appliances. It is a right time to consider how powerful your security is in order to deal with such a situation. Using Network Behavior Analysis immediately alerts on behavior deviations and reveals even zero-day threats.
Artur Kane

HUNTING FREQUENT AND DANGEROUS #2: Protection against Malware, Ransomware and Zero-day exploit

In our previous articles we discovered the most common types of cyberattacks. We also learned how they are designed and how they operate. Such understanding helps us build adequate and effective protection strategies. This time we'll focus on Malware, Ransomware and Zero-day exploits.
Artur Kane

Customer Success Story: When Automation Fails

Almost every vendor, Flowmon included, claims its NPMD solution delivers automation, machine learning, context analytics and other modern features. So, it is easy for admins to handle networks today, right? Well, it is not and feedback I get from Level 3+ engineers of 50 thousand people bank proves that sometimes automation is not enough.
Artur Kane

Flowmon Studio #13 - What Stuart Smith has learned during 17 years of expertise in APM

Some of you may have seen our Flowmon Studio series. Over the years, we’ve become experts in network visibility and security. It appears that becoming experts in video shooting will take more than our current 12 episodes. Recording of an interview with APM expert with 17 years of experience and our latest member of the Flowmon UK team, Stuart Smith, went wrong. But such a small failure was never going to stop me from sharing Stuart’s priceless thoughts, at least the old way - in written form.

Native Support for DDoS mitigation with F5® DDoS Solutions

Flowmon Networks and F5 Networks have joint forces to protect Service Providers and their enterprises customers against DDoS attacks. The integration of Flowmon’s fast flow-based DDoS detection with F5 Networks’ out-of-band mitigation solution provides timely and effective protection for service providers and their customers.
Vojtech Hodes

Fast DDoS Detection and Mitigation in SDN Environment

DDoS attacks are still growing threat to all businesses dependent on the connectivity. There are several approaches to protect against DDoS attacks, where the most cost efficient one is the out-of-path strategy to detect and mitigate the attacks. But how it fits SDN environments?
Martin Skoda

Gift For Our Customers: Flowmon APM TG For Business Critical Application Monitoring

This brand new module in the area of APM allows a way to monitor the availability of your business critical applications. The module is free for all our customers for a limited period. Check this post to see how you can get it today, for free.
Roman Cupka

Nowadays anyone can hold you to ransom on the internet

In the past years illegal activities have been moving more and more into the virtual world. Many types of cyber-attacks are now also able to be used in specific “business” activities.
Artur Kane

Artificial Intelligence will be the decisive factor in the fight against cyber-threats

It has been almost 50 years since the world's first computer virus was seen. Over the years, it has evolved from the amusement of a handful of enthusiasts into an extensive business that is endangering companies every day around the world. Modern technologies enable these companies to face these threats. One of these is the artificial-intelligence for network analysis through which, the European company Flowmon Networks broke through to the world. 
Martin Skoda

Three Steps to Monitor Cloud Services Usage

Are you using cloud services and don’t know why they are slow or how much data is transferred? The answers are in Flowmon.
Tomáš Vlach

Detect ExPetr/Petya wiper

A new malware attack is spreading on the internet and causes big troubles to users and administrators. Find out how Flowmon helps with this recent threat.
Martin Skoda

DDoS Protection in SDN Based Networking

The efficient out-of-path DDoS detection and mitigation is not always available out of the box in virtual networking such as Contrail. Check this post to see how to generate NetFlow in Juniper Contrail Networking SDN environment and use Flowmon DDoS Defender for traffic rerouting and automated DDoS Mitigation.
Artur Kane

Hunting Frequent and Dangerous #1: Protection against Pharming, Phishing and Botnets

In our previous article we discovered the most common types of cyberattacks. We also learned how they are designed and how they operate. Such understanding helps us build adequate and effective protection strategies.
Martin Skoda

New Generation of Flowmon Solution Arrives

The new generation of Flowmon solution has arrived. Besides improved solution performance, you can look forward to new and interesting features. Come and find out what is new.
Tomáš Vlach

Apply monitoring of AMT attack for your datacenters and users

The attack to Intel based hardware is still going on via Intel® Active Management Technology.   More than one month known critical vulnerability CVE-2017-5689 (CVSS score 9.8) is not patched fully yet by new BIOS versions and we are not fully focused on the risk as new threats like WannaCry or SambaCry are coming in last weeks.
Martin Skoda

Using Behavior Patterns to Detect Rising Threats

We witnessed an unprecedented global outbreak of WannaCry infection last week. Let’s examine how one can detect and minimize the impact of WannaCry as well as other rising threats with the new feature in Flowmon ADS module.
Artur Kane

Flowmon Sales Training: The Making of

Some people educate themselves because they are personally interested in the topic. For some, education is compulsory while others are just looking for a better qualification. The best way we can share our experience from selling Flowmon with you is through training and workshops. A video session of a few hours should be better fun to watch though and with this idea in mind we decided to create a whole new type of experience for you. This is how we made it.
Artur Kane

Reasons not to worry about GDPR and NIS

Brace Yourselves for the new European legislation on data and network security coming soon! Get ready to invest millions in technologies and hire dozens of new employees. The whole world as we know it will never be the same again.
Roman Cupka

Network visibility in the SCADA/ICS environment

Security in the SCADA/ICS environment is a much discussed topic today. In the past these systems were strictly separated. But their connection to common computer networks has opened new opportunities for attackers. How the network visibility combined with real-time anomaly detection helps to protect SCADA/ICS environments?
Martin Skoda

What is your network’s real performance?

If you are unaware of the actual figures, this post will give you the answer. Network Performance Monitoring enables you to avoid network infrastructure downtime, identify bottlenecks and troubleshoot performance issues. So let us take a close look at NPM metrics today.
Martin Skoda

What's new in Flowmon 8.03

Flowmon 8.03 is here with new interesting features such as NPM metrics visualization, broader L7 visibility, encrypted flow export and much more.
Jiri Knapek

Writing a custom script for Flowmon

Previously, we got familiar with alerting in Flowmon. Today we will learn how to write a script which can be triggered by the alert.
Martin Skoda

Alerting in Flowmon Monitoring Center

Using alerts can significantly simplify your life. There is no need to sit in front of a monitor and search for operational problems in your network. In this blog post, we will go through the capabilities of automatic alerting in Flowmon Monitoring Center.
Richard Steficek

5 things that pay off when doing PoC projects

Every customer wants to be sure they are making the right decisions. PoC campaigns are a great way to achieve this and also how to distinguish between empty phrases and real benefits.
Lubos Lunter

Pros and Cons of Agent-less Application Performance Monitoring

Network-based Application Performance Monitoring solution measures delays in network and application for all transactions of all users. If any problem occurs, it immediately reports and alerts the administrator and provides all necessary data to point out the cause of the performance issues. It is often compared to traditional APM solution, so let's see where the limits of such agent-less solution are?
Martin Skoda

Configuring Palo Alto NGFW Flow Export to get Additional Layer of Security

Today we will take a look on how to configure Palo Alto NGFW NetFlow export to Flowmon solution.
Pavel Minarik

Tuning the Network Behavior Analysis

Today, we are busting a myth about configurating and tuning of the NBA / UEBA solution to be time consuming project. Come and learn how you can tune Flowmon ADS in an hour.
Jakub Goral

Flowmon ADS integration with Splunk

In most organizations security issues are the responsibility of many teams. Each of them manage only a selected part of the infrastructure and the global view is missing. Learn how to get overview of the entire environmnet with Flowmon ADS integration with Splunk.
Artur Kane

Enterprise network security 101: Make the most out of your investments in SIEM

With the rising number of devices and services in the network organizations face the problem where requirements of ensuring security and smooth operations goes far beyond human capabilities. SIEM would solve the problem you think. But this answer is just not good enough. Let’s see how we can do better.
Martin Skoda

Getting the Flows to Cloud Securely

Nobody wants to share his communication with the public. And customers of cloud services based on flow data analysis are no exception. They need to be sure that their traffic is not “overheared” when sending data to cloud provider through public network. With Flowmon this is not an issue anymore. Welcome to the flow data encryption.
Richard Steficek

Lessons learned: Developing Flowmon foreign operations

For six years I’ve been standing in the front line of Flowmon international business development. As an area manager I’ve launched operations on several markets across Europe. Usually with no brand awareness, no partners on the target market and with inexorable KPIs hanging over my head like the Sword of Damocles . In this article I’m sharing my experience and identifying six key must-haves when developing a new market.
Tomas Sarocky

How Flowmon can help you grow your career?

Three weeks ago I was giving a presentation to a customer and you wouldn’t believe what question I have received. “So how the deployment of Flowmon can help me and my colleague to grow in career?” Wow!
Artur Kane

Frequent & Dangerous: Discover seven cyberattacks you will face sooner or later

“Cybercriminals to compromise company: business loses $56 million.” Do you find this headline familiar? Such front-page news and analysis of large-scale attacks hit us every day. In this article I don’t want to talk about them. I would rather explain the very common techniques that are often used and what lies behind the word ‘compromise’. Have you ever met Hitchcock’s electronic birds or sirens luring you into a trap?
Lubos Lunter

Encrypted flow forwarding and other news in Flowmon 8.02

New version of our flag ship product has been released as a Flowmon 8.02. One of the most important feature is reliable and encrypted flow forwarding option. It also brings reinvented view on Active Devices as well as new active device related widgets for Flowmon Dashboard. In addition, Flowmon 8.02 supports IPFIX items with variable length and Cisco AVC HTTP values.
Martin Skoda

DNS Monitoring in Flowmon – part 2/2

Today we will have a look on how our advanced behavioral intelligence of Flowmon ADS can detect DNS service related security incidents and how it helped our customer find malware infected hosts in the network.
Martin Skoda

DNS Monitoring in Flowmon – part 1/2

DNS is one of the most essential network services - often poorly monitored - and any outages may lead to a major business impact. Let’s take a look how Flowmon is able to monitor DNS protocol and how you can benefit from it.
Martin Zadnik

System for sharing and analysis of security events in Czech cyberspace

Our network monitoring abilities grow every year, but our viewing glass is largely limited to the network we manage. But what if we have information about what has just happened in other networks?
Tomas Sarocky

Just like David and Goliath. How DDoS Defender Succeded

I’m having a goose bumps as I’m holding a fresh case study of a Managed Service Provider from the Netherlands. It was not an easy task to fulfill their technical requirements and, what’s more, the competition was already deployed!
Chris Bihary

Feeding the Flowmon Solution, The Benefits of Aggregating Network TAPs

Network visibility and monitoring is critical to understanding how our network monitoring tools are performing. In today’s economy performance equates to dollars; having real-time visibility allows for quick troubleshooting and reduced mean time to resolution (MTTR).
Pavel Minarik

Network-based Application Performance Monitoring

Are you interested in how your application behaves to your customers or employees from their point of view? What is their user experience? With network-based Application Performance Monitoring you can measure delays in network and application for all transactions of all users. Check this blog post to see how it works.
Lubos Lunter

Flowmon Mobile Dashboard Into Your Pocket

Meet Flowmon Mobile Dashboard! Try out our new app for iOS and Android platforms. Installing and launching the app to a smartphone or tablet, you are connected to your Flowmon appliance instantly. You can easily browse widgets and swipe among your individual dashboard panels to see, what's happening in your network anytime. Follow just three steps to use the app.
Martin Skoda

Extended visibility and Flowmon Dashboard

In previous blog posts we described big news in Flowmon 8.0 – new architecture of Flowmon Collectors, DHCP. Today we will have a quick look at another new features in Flowmon 8.0.
Klaudyna Busza

Malware in a view of Network Behavior Analysis

More than 75% of companies is infected by malware and they don't know about that. This is not an overstated declaration, this is todays reality. Network Behavior Analysis technology helps to uncover threats in the infrastructure that may sooner or later take your money. Check out this blogpost to know how NBA deals with malware.
Roman Cupka

DDoS launched via IoT is reality. The importance of early detection grows

In February last year, one of the leading internet service providers in Slovakia suffered from the largest DDoS attack in the history of the country. The total volume of the attack exceeded 400 Gbps. Servers of its customers were down for tens of minutes… and not only the targeted ones. The attack wasn’t identified by automated tools and few hours passed from its start to successful resolution of the situation and restoration of the services.
Pavel Minarik

Continuous packet capture or flow monitoring?

We in Flowmon Networks believe that merging flow and packet level visibility into one versatile solution is the technology that will help us to scale to future performance and capacity needs while preserving detailed information about network traffic.
Martin Skoda

DHCP Monitoring in Flowmon 8.0

New major version of our flagship product Flowmon was recently released. We are tirelessly following our vision to provide customers with a complete understanding of what is happening in their networks. In order to do that, we enrich flow data (information from network and transport layer) with information from application protocols (application layer). Let’s look at the new L7 protocols we have added to Flowmon 8 and dig little bit deeper into DHCP.
Konstantin Agouros

Intracloud DDoS detection and mitigation using SDN

DDoS attacks are today’s common threat. In most cases, the attackers flood customer’s network from the outside. But what if you are a cloud provider and the DDoS attack doesn’t come from the outside? What if both the attacker and target are inside the same cloud? Can you protect your customer then? Check this post created by Konstantin Agouros, Solution Architect Security Technologies at Xantaro and see, how Flowmon DDoS Defender and OpenDayLight protect against DDoS attack in cloud environment.
Lubos Lunter

New Architecture of Data Storage in Flowmon 8.0

We've just proudly released new major version of our flagship product – Flowmon 8.0. The new version comes with a significant change of architecture of flow data storage. Moreover, Flowmon 8.0 extends visibility in L3, L4, L7 and improves central dashboard, reporting capabilities and brings other handy features. New architecture of flow data storage dramatically increases number of flow sources per one collector appliance, enables new features and consequently brings new concept of profiles.
Martin Skoda

Flowmon ADS & Cisco APIC-EM Integration

In the end of year 2015 we announced new collaboration with Cisco. By integrating Flowmon Anomaly Detection System (ADS) with Cisco’s Application Policy Infrastructure Controller Enterprise Module (APIC-EM), the companies will provide administrators with agility when provisioning quality of service and executing security policies across the entire network. Check out how Flowmon ADS and Cisco APIC-EM overcome cyber threats and secure network infrastructure.
Lubos Lunter

External Storage Backup & Restore of Flowmon Profiles

A profile in context of Flowmon is a specific view on flow data stored in Flowmon Collector. It is defined by name, type, combination of profile filters and for a continuous type of the profile also size of allocated quota. Exceeding the quota causes an expiration of the oldest data, which is overwritten. A new feature allows to backup the profiles to defined external storage and restore them vice-versa whenever needed.
Lubos Lunter

Dynamic Baselining and Adaptive Threshold in DDoS Defender

Dynamic baselining allows to respond to increasing volumes of traffic based on adaptive thresholds and defined rules. Flowmon Networks has introduced DDoS Defender for DoS/DDoS detection and subsequent mitigation in May 2015. Since version 2.0 released on October 2015, Flowmon DDoS Defender monitors traffic volume characteristics based on adaptive thresholds.
Lubos Lunter

Internet Service Providers to Deliver Security as a Service with Flowmon

Some of significant present cyber threats are the attacks targeting government or finance institutions to cut them off the Internet, penetrations into protected systems or malware earning money for its creators. Most of these attacks come from computers of unsuspecting users that are under control of attackers and are part of botnet. What if an ISP protects end customers and connectivity provider protects ISP against cyber threats including DoS/DDoS?
Martin Skoda

VoIP traffic monitoring use-case

Are your VoIP bills too damn high? Are you paying more than you should? Maybe you don’t even know it! You might have a similar problem as our customer had. Let’s see what the problem was and how Flowmon solved it in following use-case.
Jiri Tobola

How SEGA Switched to the Next Level of Network Monitoring

Cooperation with innovative businesses that have become iconic in their fields is always challenging to us. Especially when such a firm comes from Japan, famous for its quality requirements. These factors came together in our project for SEGA, a legendary interactive entertainment company.
Martin Skoda

Measuring TCP Retransmissions in Flowmon

Network Performance Monitoring was extended with monitoring of TCP retransmissions and out of order packets. Using these metrics we are able to identify data transfer issues. This article explains TCP retransmissions and shows how to easily measure them and how it helps network administrators to identify network issues and troubleshoot the network.
Martin Skoda

Extended Active Devices

How often you need to know, who is sitting behind devices in your network, who communicated in certain time frame or a month ago? Flowmon solution provides reliable user identification based authentication logs combined with flow data. The ability to monitor active devices in your network brings new benefits like user identification and host OS identification.
Jiri Tobola

Flowmon-GÉANT Story: Monitoring Network with 50 Million Users

Big things in life have quite beginnings sometimes. More than ten years ago, a small group of Czech scientists worked for the pan-European association GÉANT. They had no idea that this project would change their lives forever and give a rise to the Flowmon solution which would one day monitor and secure pan-European network which is used by 50 million users.
Martin Skoda

Flowmon Monitoring Center vs. Flowmon ADS

Why would you need Network Behavior Analysis once you have deployed flow collector and traffic reporting? Well, there are scenarios where automatic anomaly detection goes far beyond capabilities of flow collectors. Are you using Flowmon Monitoring Center and still don’t have Flowmon ADS? Find out in 7 minutes how you can extend your Flowmon deployment with Network Behavior Analysis module.
Pavel Minarik

User identity as part of flow data

How often you need to know who is sitting behind that IP address right now or who was logged there one month ago? Flow monitoring will give you information about IP, MAC address or DNS name but getting the user identity is usually time consuming task of analyzing the auditing logs of Active Directory or network access control system.