Flowmon ADS

Flowmon Anomaly Detection System is at the forefront of the technology-driven battle against modern cyber threats that bypass traditional perimeter and endpoint security. Whenever new security or operational issues arise, Flowmon ADS is the light providing IT professionals with detailed network visibility and powerful behavior analytics to take decisive actions and manage the network with confidence.

Flowmon ADS Features

User Identification

See what user or a hostname has taken part in an attack by collecting authentication system log data and correlating them in Flowmon. Any syslog enabled authentication service or vendor is supported, including Cisco ISE and LDAP.

Learn More
Attack Recording Automation

Trigger full packet capture automatically when detecting an event. Thanks to the Rolling Memory Buffer, the recorded packet trace includes network data, even from the period before the attack started. Use a filter to store the particular attack communication only.

Learn More
Advanced Action Triggering

Choose from a variety of options: from an email alert or a syslog message to traffic redirection into a RTBH, 3rd party scrubbing centre; additionally, traffic dropping is an option too, and rate-limiting using BGP Flowspec. Mitigate traffic automatically or manually to ensure no downtimes and latency drops, and create different rules for different tenants or types of traffic.

Logging and Reporting
Feed your Log Management or SIEM system with comprehensive logging with context-rich syslog or SNMP messages. Maximise visibility across IT environment or log events automatically into your ticketing tools.
Prioritisation and Reporting

Use out-of-the-box prioritisation or apply your own severity rules at a global, group or user level. Create custom dashboards for security, networking, IT helpdesk or managers based on their interests.

NetOps and SecOps Integrated

Flowmon is a single pane of glass for both teams while respecting their needs. A unique combination of early detection, security event warnings and deep visibility into network help NetOps and SecOps teams cooperate on incident handling and root cause analysis.

Entire LAN Visibility

Know what is happening inside your LAN to detect and stop insider threats, data exfiltration. Detect activities such as lateral movement of malware that has not been yet recognised by an antivirus, or activities not visible on the perimeter.

Learn More
Early Detection
Detect network anomalies and incidents in near real-time. The status of detected events is continuously updated with additional information until the detection finishes.
User Defined Methods

Create custom detection methods flexibly. Red flag malicious, unwanted or otherwise interesting traffic specific to the client's network environment or policies. You only need to create a rule in an SQL-like syntax.

Learn More
Behavior Patterns

Detect misuse and suspicious behaviour of users, devices and servers. By understanding protocols such as DNS, DHCP, ICMP and SMTP you can reveal data exfiltration, reconnaissance, lateral movement and other unwanted activity.

Learn More
Attack Evidence and Analysis

Understand every suspicious event in its complexity. Context-rich evidence, visualisation, network data or full packet traces for forensics allow taking decisive actions promptly.

Configuration Wizzard

The system comes with pre-defined configurations for a variety of network types and automatically adjusts the settings after the initial configuration by using a simple wizard. Then, by managing false positives, maximise the relevancy of detected events.

Learn More
Threat Intelligence

Enhance your detection capabilities with the best of breed combination of commercial and community databases. Receive alerts on indicators of compromise and communication with malicious hosts such as C&C domains and phishing sites.

AI Based Detection

With Flowmon you can rely on a state-of-the-art detection engine that uses entropy modelling and machine learning to detect suspicious anomalies in your network traffic, including APTs, malware, insider and other threats that bypass signature-based tools.

Learn More

Dominance over modern cyber threats

Flowmon ADS 10


Flowmon Anomaly Detection System (ADS) is a powerful network security tool providing engineers with dominance over modern threats. Utilizing sophisticated network behavior analysis, an advanced artificial intelligence based on machine learning, it permanently observes and analyses data communication seeking anomalies and revealing suspicious behavior. Thanks to this ADS automatically eliminates risks that bypass traditional solutions such as firewall, IDS/IPS or antivirus. The solution provides administrators with accurate information on what is happening in the network, taking the entire network security to the next level while saving time and money.

Flowmon ADS is a comprehensive solution to reveal operational problems and keep a network secure. The main advantage over standard IDS systems and SNMP monitoring lies in the orientation on the overall behavior of devices in the network revealing suspicious behavior. This also enables a response to still unknown or specific threats for which the signature is not available.


  • Full-range of detection methods. Detect network traffic anomalies (DNS, DHCP, etc.), undesired devices behavior, attacks on network services (port scanning, dictionary attacks, DDoS), unwanted applications, viruses, botnets, country reputation, etc. Automatically.
  • Simple installation and ease of use. In 30 minutes you will have a comprehensive NBA solution up and running. A well-arranged dashboard provides interactive visualization of events with detailed drill-down to the level of individual data transmissions.
  • Proactive Security against modern threats. Utilize predefined methods for detection of undesirable behavior patterns. Flowmon ADS proactively identifies and stops advanced threats, botnets, unknown malware, DDoS and more.
  • Real-time monitoring and alerting. Flowmon ADS delivers real-time monitoring of security and operational issues for both physical and virtual environments. Benefit from e-mail notifications and export of events available in various formats (syslog, SNMP, CSV).
  • Complementary. Deploy ADS literally in every network. No matter if you run a virtual or physical network, what fabric with what flow data standard you use or how large your network is. Benefit from vast integration capabilities including native SIEM integration.
  • Maximum flow data utilization. Flowmon ADS supports all flow data standards (NetFlow v5/v9, IPFIX, jFlow, NetStream), NBAR2, analysis of HTTP information, MAC addresses and VoIP attributes. Integration with SIEM systems delivers maximum flow data utilization.

Full functionality in 30 minutes

Flowmon Formula

Watch the introduction video

Watch this webinar and learn how Flowmon ADS helps security experts to protect their networks from today's cyber threats. During the webinar you will learn about:

  • Principles of network behavior analysis and its role in IT security landscape

  • Importance of active network protection

  • Features of Flowmon ADS and typical use cases

  • User interface and workflow of Flowmon ADS


Flowmon ADS is a software module for Flowmon Collector or Flowmon Probe. The deployment process is very simple enabling you to have a complete Network Behavior Analysis solution in a few minutes. Anomaly detection services are pre-configured enabling rapid deployment with limited need for time consuming configuration and customization. Optimized deployment models are available for any kind of network including enterprise networks, Internet Service Providers (ISP) and backbone operators.

Product brief    Get specification

"The biggest benefit is the automatic detection of attacks and traffic anomalies with detailed information about particular events, including involved flows. This functionality decreases the time needed to evaluate potential risks so we can focus on other important activities knowing that everything is under control.“

Robert Grabowski, Security Expert of ICT systems at Orange

Our customers

Explore more

Network Behavior Analysis & Anomaly Detection

Automate detection of operational and security anomalies in your network. Stop cyber risks that o...

Automated DDoS Protection

Learn more about flow-based DDoS protection for high-speed networks.

Agentless Performance Monitoring to Drive Application Value

Learn more about agentless application performance monitoring technology.