FlowMon solution for ISP

FlowMon is comprehensive solution for monitoring of network infrastructure, based on an observation of IP data flow (NetFlow/IPFIX). The technology provides overall view of network traffic within fixed, mobile or cloud infrastructure, details of every single communication as well as details about who, where, for how long, how often, using which protocol and which service, or amounts of data transferred during the communication. FlowMon is the only European solution using Network Behavioral Analysis (NBA) as identified by analytical agency Gartner.

The solution consists of powerful dedicated probes, collectors and NBA based module ADS (Anomaly Detection System), which detects both known and unknown security threats (attacks on network services, infected hosts, network traffic anomalies etc.). FlowMon solution may be extended by additional modules such as DR (Data Retention) to fulfill governmental law requirements not only in Czech Republic. Furthermore it is module TR (Traffic Recorder), recording chosen portion of traffic, including contain of packets.

flowmon-icon1Flow Monitoring – Next Generation Network Monitoring (NetFlow/IPFIX)

flowmon-icon2Network Behavior Analysis – Next Generation Network Security (NBA, NBAD)

flowmon-icon3IP Data Retention for ISP – governmental law fulfillment

flowmon-icon4FlowMon Traffic Recorder – recording of whole network traffic (L2-L7)

As of today, internet service providers require solution of a new generation, which provides faster and more comprehensive overview of network traffic and security of both their networks and their customer networks. Width of bandwidths is growing as well – from 10Gbps, 40Gbps, 80Gbps up to 100Gbps and the only solution delivering overall network monitoring is IP flow monitoring.

Benefits of FlowMon for ISP

  • Real-time network traffic monitoring, improvement of security and detection external and internal threats, analysis long-term statistics including details about computers, applications and conversations, detailed monitoring of users and services, effective bandwidth capacity management.
  • Long-term storage of network traffic statistics – law fulfillment.
  • Quick, efficient and accurate network operational troubleshooting, identification of any kind of anomalies using automated alerting.
  • Clear statements about network traffic, QoS monitoring, easier planning of infrastructure upgrades, peering control and supervision over the quality of service (SLA) are available thanks to qualified reporting.
  • Monitoring and detection of anomalies within VoIP traffic (SIP).
  • Detection of specific application usage based on NBAR2 standard.
  • Optimization of peering policies, compliance and SLA monitoring.
  • Monitoring of IP flows between BGP and autonomic systems (AS).
  • Monitoring of kind of traffic comes in or goes out within the network of operator.
  • Verification whether the load of load balancers works according to the proposed rules.
  • Thanks to the long-term statistics is the status/performance ratio of the network comparable before and after the upgrade of network elements
  • FlowMon provides information about the transmitted data or bandwidth to the FlowMon operator based on which operator is able to charge its service to customers

FlowMon solution detects anomalies or security incidents during the occurrence on the network thanks to ADS module. Through a collector the data is stored for the required period (for tracing incidents or forensic analysis). The whole solution can be fully integrated into SIEM solutions (Syslog, CEF).

Detection of these events:

  • Attacks (port scanning, dictionary attacks, DoS, Telnet)
  • Network traffic anomalies (DNS, multicast, high variability of communication)
  • Anomaly behavior of IP addresses (change in behavior profile)
  • Malware (viruses, spyware, botnets, communication with blacklisted addresses)
  • Mail (outgoing SPAM, illegitimate mail servers)
  • Operation problems (delay, overcapacity, reverse DNS records, service outages)