Real estate LATAM

FUNO Defends Against Ransomware with Flowmon

FUNO is the first and largest real estate investment trust in Mexico. It focuses on generating sustainable value for its investors through the operation, acquisition, sale, and development of real estate for commercial use.

But the success also creates particular challenges. A high-profile company like FUNO curates a large amount of sensitive data. In addition, its already extensive infrastructure has to cope with ongoing global digital infrastructure, increasing the company’s attack surface even further.


  • Expanding attack surface
  • Lack of deep network visibility
  • Need for multi-layered data protection

Key Benefits

  • Timely threat detection
  • Easy event triage and analysis
  • Significantly reduced time to resolution

Deployed products

  • Flowmon ADS
  • Flowmon Collector
  • Flowmon Packet Investigator


FUNO is actively seeking to counter the cyber threats the world is facing and understands the role of network traffic visibility in modern cyber protection.

“Due to the ongoing digital transformation, we realized that despite having identified some security risks, we did not have a complete perspective of what was happening in our network and lacked historical traffic for in-depth analysis,” says Carlos Cruz, Security Specialist at FUNO Mexico.

FUNO needed to achieve holistic visibility of the network and thus gain the ability to analyze detected events related to both internal and external communications.

FUNO didn’t have an IDS per se and only had visibility at the perimeter, which caused visibility gaps that considerably impacted its ability to perform analysis and make informed decisions.

“We were looking for a solution that could monitor, diagnose, and generate alerts on the endpoints of the internal network, components, and links to enable us to monitor end-user experience and interactions of the network infrastructure components,” says Cruz.

“Thanks to implementation partner NPROS, we found this ability in Flowmon, which also helps us to perform analysis of historical network telemetry and real-time performance monitoring by analyzing network flows and inspecting packets,” continues Cruz.

“NPROS has seen FUNO transform markedly over the last few years,” says Ismael Badillo, CEO of NPROS. “As a trusted advisor, NPROS is committed to helping strengthen FUNO’s security posture.”


The solution consists of a Flowmon Collector with Anomaly Detection System and Packet Investigator modules installed. It gathers flow data from a Cisco switch, Kemp WAF, and FortiGate firewall.

“FUNO enabled Flowmon for network monitoring capabilities that provided a rich context of the communication happening throughout the network by collecting telemetry from different devices, including core switches, firewalls, and load balancers,” says Badillo.

The detection capability of ADS supported by its advanced filtering capability helps detect network traffic anomalies symptomatic of malicious activity on the network, such as SMTP anomalies, suspicious uploads, or dictionary attacks.

The solution also helps ease NOC workload with real-time bandwidth consumption monitoring.

Both network and security teams use Flowmon to track down the origin and destination of communications to identify their type and accurately assess their impact on company security or user experience.

“We can now prevent the spread of possible malicious files by having the ability to monitor lateral movements,” continues Cruz, “and our overall time of event resolution has been cut considerably.”

"Thanks to the ability to capture, process, and analyze network traffic, Flowmon helps us detect and investigate data flows that may indicate the possible compromise of a team (IoC). Flowmon provided us with deep visibility into all the tactics, techniques, and procedures that attackers use to exploit the network, expand control and do persistence, as well as parameters to identify and avoid any possible case of data leakage. In general, Flowmon helped us expand network flows’ visibility to timely detect any possible attack, anomalous behaviors and better understand the network infrastructure. And, above all, to a timely decision making in the face of the diversity of events."

Carlos Cruz,
Security Specialist FUNO México

The End Result

Thanks to the Flowmon solution, FUNO can now capture, process, and analyze network traffic. 

“Flowmon helps us detect and investigate data flows that may indicate a possible compromise,” says Cruz. “We now also have deep visibility into all the tactics and techniques that attackers use to exploit the network, expand control, and establish persistence. With Flowmon’s AI-driven anomaly detection, we can detect risks of data leakage even before they occur.”

“The partnership between NPROS and Kemp helped FUNO significantly improve network monitoring capabilities and continuous security posture assessment using the Flowmon solution while streamlining security management with integrated controls through Flowmon ADS,” says David Rendón of Kemp.


See live product demo

Explore a fully interactive product demo and see what issues it can tackle for you.

Launch demo

Request free trial

Get no-obligation 30-day trial of Flowmon in your network.

Get your trial today