Monitoring

Why do I need network monitoring?

It is impossible to manage or protect any network without the network operation being visible.

FLOWMON SOLUTION

Flowmon is a complete solution to acquire detailed visibility of the network operation, optimisation of network performance and protection from today’s cybernetic threats. The product portfolio includes Flowmon probes, the most powerful device for NetFlow/IPFIX statistical export in the world, Flowmon collectors used to store, visualise and analyse network operation, and specialised modules that extend the function of probes and collectors by advanced analytical functions.

 

Flowmon probes

These devices monitor network operation; statistics are sent in the form of IP flows for processing to the Flowmon collector.

Main properties:

  • Invisible within layers L2/L3
  • High performance of NetFlow / IPFIX exporter
  • Provides the most accurate data
  • Available as hardware (HW) or virtual device (VA)
  • up to 100G (HW) or 10G (VA) of network

 

Flowmon collector

This device is used for collection, analysis, displaying and long-term storage of network statistics from devices supporting flow technology (switches, routers), Flowmon probes or other sources.

Main properties:

  • Detailed information of the network, application and users (Flowmon Monitoring Centre)
  • Effective troubleshooting and detection of configuration errors
  • Optimisation and planning of capacity, prevention against overload and network outages
  • Hardware or virtual device

 

Flowmon modules

These software modules extend the functionality of Flowmon probes and collectors.

Flowmon ADS (Anomaly Detection System)

This system automatically identifies threats, attacks, incidents and network configuration problems.

Main properties:

  • Monitors overall device behaviour using behavioural analysis, i.e., even detects threats that cannot be identified by traditional, signature-based means.
  • Utilises machine learning technology, behaviour profiles, various detection methods.
  • Wide variety of event reporting (e-mail, SIEM, SNMP, user scripts...)
  • Native integration with SIEM systems for maximum utilisation of acquired information (QRadar-IBM)
  • The premium Flowmon Threat Intelligence service acquires information on current attackers, infected stations or command&control centres, which are used to detect any suspicious communication within the network. Flowmon Threat Intelligence also allows you to update behaviour templates of detection methods and thus detect the newest threats, such as 0-day vulnerability and others.

Flowmon APM (Application Performance Monitoring)

Provides detailed information on the real performance of web applications (based on HTTP/HTTPS) from the perspective of their users.

Main properties:

  • Monitors all users and transactions in real time.
  • Distinguishes between network, application and database-based delay.
  • Agent-less and transparent measurement
  • The so-called APM index is used to create application performance from the standpoint of SLA performance.

Flowmon DDoS Defender

It is a solution of detection and mitigation of volumetric attacks of the service denial type – DDoS (Distributed Denial of Service).

Without any configuration changes, topology of data network or additional investments into networking components it is possible to perform real-time detection of volumetric attacks launched against the IT infrastructure, servers, critical systems or applications. Additionally, collaboration with the so-called Scrubbing centre or specialised out – DDoS attack elimination solutions (deployed “out-of-band”) allows you to block the attacks automatically and effectively.

Flowmon Traffic Recorder (TR)

Extends functions provided by Flowmon probes regarding the possibilities to record the data traffic, including the content.

The module is used for complete recording of data communication within the network, as well as potential subsequent analysis. Data traffic can be recorded on the basis of various criteria such as IP address, MAC address, port number, and more.

Resulting PCAP files are available for download via the user interface.

Flowmon Data Retention (DR)

This is a verified system used to store IP operation and localisation data.

This solution presents a reliable way to generate and store network statistics for an operator of a public communication network while meeting the requirements of Section 97 paragraph 3 of Decree No. 357/2012 on the preservation, transfer and deletion of traffic and location data.

 

Use of the Flowmotion technology