Use out-of-the-box prioritisation or apply your own severity rules at a global, group or user level. Create custom dashboards for security, networking, IT helpdesk or managers based on their interests.
Flowmon is a single pane of glass for both teams while respecting their needs. A unique combination of early detection, security event warnings and deep visibility into network help NetOps and SecOps teams cooperate on incident handling and root cause analysis.
Know what is happening inside your LAN to detect and stop insider threats, data exfiltration. Detect activities such as lateral movement of malware that has not been yet recognised by an antivirus, or activities not visible on the perimeter.
Understand every suspicious event in its complexity. Context-rich evidence, visualisation, network data or full packet traces for forensics allow taking decisive actions promptly.
The system comes with pre-defined configurations for a variety of network types and automatically adjusts the settings after the initial configuration by using a simple wizard. Then, by managing false positives, maximise the relevancy of detected events.
Enhance your detection capabilities with the best of breed combination of commercial and community databases. Receive alerts on indicators of compromise and communication with malicious hosts such as C&C domains and phishing sites.
With Flowmon you can rely on a state-of-the-art detection engine that uses entropy modelling and machine learning to detect suspicious anomalies in your network traffic, including APTs, malware, insider and other threats that bypass signature-based tools.
Detect misuse and suspicious behaviour of users, devices and servers. By understanding protocols such as DNS, DHCP, ICMP and SMTP you can reveal data exfiltration, reconnaissance, lateral movement and other unwanted activity.
Create custom detection methods flexibly. Red flag malicious, unwanted or otherwise interesting traffic specific to the client's network environment or policies. You only need to create a rule in an SQL-like syntax.
Respond to attacks automatically through script-based integration with network or authentication tools. When detecting an event, Flowmon can connect to, e.g. Cisco ISE through pxGrid, and quarantine the malicious IP address.
Feed your Log Management or SIEM system with comprehensive logging with context-rich syslog or SNMP messages. Maximise visibility across IT environment or log events automatically into your ticketing tools.
Get a comprehensive insight through visualising the hosts involved in an attack or anomaly. Track interactions between hosts, look up related communication, drill down to flow level.
Trigger full packet capture automatically when detecting an event. Thanks to the Rolling Memory Buffer, the recorded packet trace includes network data, even from the period before the attack started. Use a filter to store the particular attack communication only.
See what user or a hostname has taken part in an attack by collecting authentication system log data and correlating them in Flowmon. Any syslog enabled authentication service or vendor is supported, including Cisco ISE and LDAP.
Leverage your existing infrastructure to generate NetFlow, IPFIX, sFlow, jFlow or NetStream from network devices and other data sources such as firewalls, virtualisation platforms and packet brokers.
Detect network anomalies and incidents in near real-time. The status of detected events is continuously updated with additional information until the detection finishes.