Flowmon is a network detection and response (NDR) solution that detects threats hidden in network traffic. It focuses on minimizing your IT’s attack surface by bridging the gap between perimeter and endpoint security. Flowmon leverages AI/ML and employs multiple detection methods at once to uncover any hidden malicious activity.
Flowmon analyzes network traffic for signs of malicious activity and informs you about every suspicious or anomalous occurrence to give you a timely warning about unknown and insider threat actors operating in your network. It represents the network-centric approach to malware detection that complements traditional inline solutions and enables timely and proactive threat hunting.
Detected security events are categorized as MITRE ATT&CK® tactics and techniques to provide a clear idea about the attack’s severity, scope and future development. By drilling down into an event, you can quickly access full detail of the event to facilitate prompt triage and response.
Flowmon leverages over 40 methods and more than 200 algorithms including machine learning, behavior analysis, MISP threat intelligence, IoCs, or reputation databases with automated packet capture available on demand. In combination with perimeter and endpoint security solutions, it adds an additional protection layer and improves the overall security posture.
The ML-powered engine discerns between anomalies and normal traffic, and allows you to whitelist selected traffic to accelerate fine-tuning. Security events are ranked by severity and visualized in the UI with additional detail only a click away. By integrating Flowmon with other security solutions, you can harden your entire defense matrix. For instance, you can use it to feed detected events to your SIEM and thus augment its analytical capability with the network-centric view, or enable your firewall to perform triggered quarantine of IP addresses involved in security events detected by Flowmon.
Flowmon tackles anomalies that traditional solutions miss.
Understand every suspicious event in its complexity and take decisive action without delay.
Leverage a state-of-the-art detection engine that uses entropy modeling and machine learning to detect suspicious anomalies in your network traffic.
Report detected events via integration with SIEM systems, surveillance, and incident handling systems.
Trigger full packet capture upon event detection. The rolling memory buffer ensures no data is lost.
Create your own custom methods and red-flag malicious or unwanted traffic specific to your environment or policies.
Enhance your detection capabilities with a combination of commercial and community threat intelligence feeds and stay briefed on the latest indicators of compromise.
"After three months of intensive testing we were able to prove that Flowmon was the right product due to its performance, anomaly detection capabilities, scalability in GÉANT and its simplicity when managing and configuring."