Flowmon ADS

See what user or a hostname has taken part in an attack by collecting authentication system log data and correlating them in Flowmon. Any syslog enabled authentication service or vendor is supported, including Cisco ISE and LDAP.

Learn More

Trigger full packet capture automatically when detecting an event. Thanks to the Rolling Memory Buffer, the recorded packet trace includes network data, even from the period before the attack started. Use a filter to store the particular attack communication only.

Learn More

Choose from a variety of options: from an email alert or a syslog message to traffic redirection into a RTBH, 3rd party scrubbing centre; additionally, traffic dropping is an option too, and rate-limiting using BGP Flowspec. Mitigate traffic automatically or manually to ensure no downtimes and latency drops, and create different rules for different tenants or types of traffic.

Feed your Log Management or SIEM system with comprehensive logging with context-rich syslog or SNMP messages. Maximise visibility across IT environment or log events automatically into your ticketing tools.

Use out-of-the-box prioritisation or apply your own severity rules at a global, group or user level. Create custom dashboards for security, networking, IT helpdesk or managers based on their interests.

Flowmon is a single pane of glass for both teams while respecting their needs. A unique combination of early detection, security event warnings and deep visibility into network help NetOps and SecOps teams cooperate on incident handling and root cause analysis.

Know what is happening inside your LAN to detect and stop insider threats, data exfiltration. Detect activities such as lateral movement of malware that has not been yet recognised by an antivirus, or activities not visible on the perimeter.

Learn More

Detect network anomalies and incidents in near real-time. The status of detected events is continuously updated with additional information until the detection finishes.

Create custom detection methods flexibly. Red flag malicious, unwanted or otherwise interesting traffic specific to the client's network environment or policies. You only need to create a rule in an SQL-like syntax.

Learn More

Detect misuse and suspicious behaviour of users, devices and servers. By understanding protocols such as DNS, DHCP, ICMP and SMTP you can reveal data exfiltration, reconnaissance, lateral movement and other unwanted activity.

Learn More

Understand every suspicious event in its complexity. Context-rich evidence, visualisation, network data or full packet traces for forensics allow taking decisive actions promptly.

The system comes with pre-defined configurations for a variety of network types and automatically adjusts the settings after the initial configuration by using a simple wizard. Then, by managing false positives, maximise the relevancy of detected events.

Learn More

Enhance your detection capabilities with the best of breed combination of commercial and community databases. Receive alerts on indicators of compromise and communication with malicious hosts such as C&C domains and phishing sites.

With Flowmon you can rely on a state-of-the-art detection engine that uses entropy modelling and machine learning to detect suspicious anomalies in your network traffic, including APTs, malware, insider and other threats that bypass signature-based tools.

Learn More