Flowmon
[Error loading the control 'Flowmon_Videolist', check event log for more details]

Features to Keep Your Network Protected

Behavior Patterns

Detect misuse and suspicious behaviour of users, devices and servers. By understanding protocols such as DNS, DHCP, ICMP and SMTP you can reveal data exfiltration, reconnaissance, lateral movement and other unwanted activity.

Learn More
User Defined Methods

Create custom detection methods flexibly. Red flag malicious, unwanted or otherwise interesting traffic specific to the client's network environment or policies. You only need to create a rule in an SQL-like syntax.

Learn More
Advanced Action Triggering

Respond to attacks automatically through script-based integration with network or authentication tools. When detecting an event, Flowmon can connect to, e.g. Cisco ISE through pxGrid, and quarantine the malicious IP address.

Learn More
Logging and Reporting

Feed your Log Management or SIEM system with comprehensive logging with context-rich syslog or SNMP messages. Maximise visibility across IT environment or log events automatically into your ticketing tools.

Attack Visualization

Get a comprehensive insight through visualising the hosts involved in an attack or anomaly. Track interactions between hosts, look up related communication, drill down to flow level.

Attack Recording Automation

Trigger full packet capture automatically when detecting an event. Thanks to the Rolling Memory Buffer, the recorded packet trace includes network data, even from the period before the attack started. Use a filter to store the particular attack communication only.

Learn More
User Identification

See what user or a hostname has taken part in an attack by collecting authentication system log data and correlating them in Flowmon. Any syslog enabled authentication service or vendor is supported, including Cisco ISE and LDAP.

Learn More
Compatibility with Flow Data Standards

Leverage your existing infrastructure to generate NetFlow, IPFIX, sFlow, jFlow or NetStream from network devices and other data sources such as firewalls, virtualisation platforms and packet brokers.

Learn More
Early Detection

Detect network anomalies and incidents in near real-time. The status of detected events is continuously updated with additional information until the detection finishes.

Explore Flowmon Now

Try Flowmon Demo or Explore Use Cases