1
Setting the Objectives and Data Gathering Scheme
This step helps us to choose the right source of data by understanding your network infrastructure. Finally, the optimal project cost is estimated.
Use 3rd Party Data Sources
Flowmon is built to process NetFlow data from any source to provide early detection and warning to common and yet unknown attacks and network anomalies. You can use a variety of 3rd party devices including switches, routers, packet brokers and firewalls.

This data gathering scenario delivers a great starting pack that protects your past investments. On the other hand, it requires more configuration changes while providing less detail.

Check Compatibility Sheet

Use Flowmon as a Data Source
Deploy Flowmon Probe to get an ultimate level of network insight, scalability and enterprise-grade features with no changes to your infrastructure. Learn more about the ultimate performance of Flowmon Probes.

Flowmon's malware detection capabilities are enhanced with application layer visibility into DNS and HTTP, correlation with inbuilt IDS engine and community threat intelligence databases.

Probe comes as a hardware, virtual appliance or cloud service. It connects via SPAN port or Tap and seamlessly generates NetFlow/IPFIX data while enriching them with extended L2-L7 monitoring.

Learn More about Enriched Flow Data

2
Understanding the Monitoring Scope
This step ensures the selection of the most price efficient data storage and processing part of the solution, Flowmon Collector.

Flowmon Collector receives data from the sources chosen in the previous step. The data is stored for further processing via machine learning, adaptive baselining and the heuristics engine.

Data transfers between Flowmon Probes and Collectors are minimal, hence keeping the bandwidth requirements low and all data can be encrypted for extra security.

Flowmon Collectors come in a variety of storage sizes and with different performance. Depending on your data retention requirements, you can scale from 0.5TB to 96TB per appliance.

Choose the hardware appliance, virtual appliance (compatible with VMware, Hyper-V and KVM hypervisors) or Amazon AWS and MS Azure for cloud deployments.

3
Understanding Your Expectations
Flowmon Anomaly Detection System is an extension module of Flowmon Collector that automatically detects a variety of insider threats and attacks.

The detection engine uses auto-configuration based on basic network information provided in a step-by-step wizard. Auto-configuration tunes off-the-shelf methods and calibration following the deployment to ensure zero false positives.

Should you wish to define your own specific detection methods, you can use our concept of User defined patterns defined by a simple, SQL-like query.

Integrate Flowmon with an infinite variety of network equipment capable of responding to an incident using customer scripts. As an example, on the detection of communication with a botnet C&C server, Flowmon automatically triggers a script through which it connects to a firewall and creates a rule to block this communication in real-time.

Flowmon Anomaly Detection System is a very open system and allows the use of external data sources to provide a broader picture of network anomalies, such as User Identity, customer blacklists and IDS Suricata detections.

Administrator is alerted on detecting an attack by using email, syslog or SNMP. Flowmon is also a source of logs for SIEM systems, providing visibility into the most vulnerable part of the network (LAN), enhancing the SIEM's detection capabilities.

Deployed together with Flowmon Traffic Recorder module, Flowmon automatically triggers full packet capture and stores full packet traces related to the attack for forensic purposes.

Languages
Flowmon is localised in English, Spanish, German, French, Japanese and Czech, including the GUI, user guides, training and most technical content.
Industry-leading Support
Delivering a top level service and support is our commitment. We require the same from our partners, who are highly skilled, experienced and ready to help.

Interested in Deployment and Implementation?

 

Discover Implementation Step by Step

"Thanks to Flowmon ADS performing behavioral analysis automatically we are be 
able to gain complete insight into network traffic revealing problems and attacks 
in real-time enabling us to react on these problems effectively."

Check the Implementation DM Case Study