Posted on

Fast flow-based DDoS protection for high-speed networks

[av_one_full first min_height=” vertical_alignment=” space=” custom_margin=” margin=’0px’ padding=’0px’ border=” border_color=” radius=’0px’ background_color=” src=” background_position=’top left’ background_repeat=’no-repeat’ animation=” mobile_display=”]

[av_heading heading=’Fast flow-based DDoS protection for high-speed networks’ tag=’h2′ style=’blockquote modern-quote’ size=” subheading_active=” subheading_size=’15’ padding=’20’ color=” custom_font=”][/av_heading]

[av_textblock size=” font_color=” color=”]

Challenge

Rising trend of popularity of DoS/DDoS attacks is indicated by all major security reports. Ponemon Institute’s Cyber Security on the Offense:A Study of IT Security Experts estimates that an average cost of a single minute of downtime is $22.000 when an average downtime is 54 minutes. According to Q2/2016 State of the Internet – Security Report, Infrastructure layer DDoS attacks increased by 151% compared to Q2/2015. Attacks with magnitude over 100Gbps are no exception while the largest attack peaked at hundreds Gbps. Volumetric DDoS attacks remain the nightmare of ISP world. The attack landscape is changing every day, and attackers are deploying new techniques to increase the magnitude of attacks and make them more difficult to mitigate. Protection of high-speed networks and successful mitigation of DDoS attacks is one of the key challenges for internet service providers and backbone operators. Allowing the attack to reach its target means that the attacker was successful and there are no more options left to clean the internet pipe.
[/av_textblock]

[av_textblock size=” font_color=” color=”]

Network visibility and attack detection

Flowmon Networks empowers businesses to manage and secure their computer networks confidently. Through our high performance network monitoring technology and lean-forward behavior analytics, IT professionals worldwide benefit from absolute network traffic visibility to enhance network & application performance and deal with modern cyber threats. Driven by a passion for technology, Flowmon Networks leads the way of NetFlow/IPFIX network monitoring that is high performing, scalable and easy to use. The world’s largest businesses, internet service providers, government entities or even small and midsize companies rely on Flowmon to take control over their networks, keep order and overcome uncertainty. With Flowmon solution recognized by Gartner, recommended by Cisco, Check Point and IBM, Flowmon Networks is one of the fastest growing companies in the industry.
[/av_textblock]

[/av_one_full][av_image src=’https://www.sobavigor.co.za/wp-content/uploads/2017/04/flowmon_f5_wp-DDoS-fig1-1030×386.jpg’ attachment=’563′ attachment_size=’large’ align=’center’ styling=” hover=” link=” target=” caption=” font_size=” appearance=” overlay_opacity=’0.4′ overlay_color=’#000000′ overlay_text_color=’#ffffff’ animation=’no-animation’][/av_image]

[av_textblock size=” font_color=” color=”]
Flowmon provides following components for advanced DDoS protection:

  • Flowmon Collector – aggregation and storage of flow data in all major industrial formats from an unlimited number of sources. The traffic is profiled in 30s batches to reduce attack detection time (MTTR). In addition, collector provides full featured tools to report and analyse network and application traffic.
  • Flowmon DDoS Defender – scalable multi-tenant DDoS detection module for Flowmon Collector using dynamic baselines and adaptive thresholds to detect various types of volumetric attacks and bandwidth consumption.
  • Flowmon Probe – optional export of NetFlow/IPFIX data for infrastructures without flow-enabled network equipment.

Flowmon Collector equipped with DDoS Defender module observes and profiles volumetric characteristics of network traffic to create and maintain dynamic baselines. In case of unexpected increase of network traffic it triggers configurable actions that include alerting (e-mail, syslog, SNMP trap), traffic diversion (policy based routing, border gateway protocol, remotely triggered black hole), execution of script or mitigation through specific out-of-band DDoS mitigation system. Flowmon DDoS Defender enables to define protected segments – individual detection profiles corresponding to IP ranges, subnets or network services. In case that DDoS attack is detected all the attack characteristics including top source 10 IP addresses, subnets, autonomy systems and countries, L4 protocols and interfaces are part of the attack details.
[/av_textblock]

[av_textblock size=” font_color=” color=”]

Attack mitigation

F5 helps organizations seamlessly scale cloud, data center, and software-defined networking deployments to successfully deliver applications to anyone, anywhere, at any time.
BIG-IP Advanced Firewall Manager protects the network against incoming threats, even the most massive and complex DDoS attacks. With deep threat intelligence services and flexible mitigation options, BIG-IP Advanced Firewall Manager defends against threats to network layers 3–4, stopping them before they reach your data center.
Specifically, BIG-IP AFM scales to shut down high-capacity DDoS attacks that can overwhelm load balancers, firewalls, and even networks. It automatically invokes mitigation, alerts security admins, and configures or adjusts DDoS thresholds as traffic patterns change and without affecting legitimate traffic.
[/av_textblock]

[av_textblock size=” font_color=” color=”]

Joint Solution

Network visibility, traffic analysis and attack detection together with attack mitigation capability is essential when fighting DDoS attacks in backbones as close to attack source as possible. Leveraging network traffic statistics from routers or dedicated network probes enables to detect attacks and understand their characteristics to start successful mitigation.
Once the attack is detected using flow data, network traffic needs to be diverted to specific out-of-band DDoS mitigation appliance that is able to create a dynamic attack signature and scrub the attack while enable the legitimate traffic to continue unaffected. And here comes to play F5 with BIG-IP appliance, which performs DDoS mitigation for diverted traffic. The described procedure is complex attack detection and mitigation ecosystem focused on volumetric attacks that includes seamless cooperation of multivendor solution.
[/av_textblock]

[av_image src=’https://www.sobavigor.co.za/wp-content/uploads/2017/04/flowmon_f5_wp-DDoS-fig2-1030×651.jpg’ attachment=’564′ attachment_size=’large’ align=’center’ styling=” hover=” link=” target=” caption=” font_size=” appearance=” overlay_opacity=’0.4′ overlay_color=’#000000′ overlay_text_color=’#ffffff’ animation=’no-animation’][/av_image]

[av_textblock size=” font_color=” color=”]
Flowmon DDoS Defender takes advantage of stream processing of flow data which enables to profile traffic with 30s granularity. It allows to detect DDoS attack in sub 60s timeframe which is on the edge of flow-based detection.
Compared to in-line deployment of attack mitigation appliances this approach provides higher scalability and significant cost efficiency especially for large networks with multiple peering partners and bandwidth of tens of gigabits per second. In-line deployment of DDoS mitigation appliances is irreplaceable for the protection of so called last mile to detect sophisticated attacks focused on application layer that do not expose themselves in high volume of network traffic.
Joint multi-layered DDoS protection by F5 and Flowmon Networks benefits from combined approach. Out-of-band mitigation for volumetric attacks with in-line deployments is the most efficient method how to protect network infrastructure from DDoS attacks and ensure high quality and availability of network services.
[/av_textblock]

[av_textblock size=” font_color=” color=”]

For more information

For more information, please contact your F5 or Flowmon Networks partner.
[/av_textblock]

Posted on

Next Generation Security Experts

[av_one_full first min_height=” vertical_alignment=” space=” custom_margin=” margin=’0px’ padding=’0px’ border=” border_color=” radius=’0px’ background_color=” src=” background_position=’top left’ background_repeat=’no-repeat’ animation=” mobile_display=”]

[av_textblock size=” font_color=” color=”]
FLOWMON PARTNERS WITH CYBERKOMBAT TO TRAIN NEXT GENERATION SECURITY EXPERTS

are-you-ready-for-your-hack-attack

Flowmon Networks, a provider of network monitoring and security solutions, today announced the alliance with CyberKombat,

an attack/defense experience training program designed to test and develop a security operations centre (SOC) teams’

response to an incident. This combination enables a hands-on experience between Flowmon and CyberKombat, hugely

enhancing the capabilities of security teams.With the modern day cyber threat constantly changing, it is of utmost importance

for security teams to be sufficiently prepared to defend.

The CyberKombat is an attack/defence experience program delivered at Satisnet Innovation Centre in Luton, United Kingdom.

“CyberKombat is created through a Satisnet/IBM collaboration, designed to replicate a serious cyber-attack on an organisation.

The centre provides SOC teams with the opportunity to test their abilities and gain a wealth of new skills in the process,”

says Alan Miller, Marketing Manager at Satisnet.

As part of CyberKombat, Flowmon takes care of network security monitoring and anomaly detection. “Thanks to Flowmon,

security teams have gained visibility into the network traffic, including application layer visibility. Moreover Flowmon Anomaly

Detection System permanently observes and analyses data communication seeking anomalies and revealing suspicious

behaviour,”  says Artur Kane, Technology Evangelist of Flowmon Networks.

Flowmon flow-based (NetFlow/IPFIX) network traffic monitoring tools provide IT professionals with detailed network visibility

to streamline troubleshooting, network operations and optimise the performance of an entire IT environment. What is more,

utilising flow data statistics for security needs opens completely new possibilities for security engineers. The so called Network

Behavior Anomaly Detection technology provides them with advanced network security monitoring for the automatic detection

of suspicious activities, attacks and advanced threats that bypass traditional solutions.

CyberKombat  comprises of a full day of tutoring and hands-on experiences of dealing with cyber threats. The Satisnet Red

Team is responsible for attacking and compromising a set of hosts, while the Blue Team is responsible for detecting the

attacks and, in a limited form, protecting the hosts. In parallel to the Red/Blue team, C-level management participate by utilising

table-top exercises and interaction with the Blue team to analyse potential emergency incidents and to examine existing

operational plans and determine where they can make improvements. These exercises provide a forum for planning, preparation

and coordination of resources during any kind of attack.

The SOC teams participating in CyberKombat experience can also benefit from the native integration of Flowmon ADS and IBM

QRadar when investigating advanced threats.  “Flowmon and IBM QRadar integration brings an advanced tool into the

c yber-defense field. Thanks to that, security personnel is provided with benefits such as quick solving of incidents without

demanding and expensive manual processes, the ability to identify early symptoms of threats, and a single access point to

information for the user,”  says Alan Miller.
[/av_textblock]

[/av_one_full]

Posted on

Flowmon Helps to Train Next Generation Security Experts

[av_one_full first min_height=” vertical_alignment=” space=” custom_margin=” margin=’0px’ padding=’0px’ border=” border_color=” radius=’0px’ background_color=” src=” background_position=’top left’ background_repeat=’no-repeat’ animation=” mobile_display=”]

[av_heading heading=’Flowmon Helps to Train Next Generation Security Experts’ tag=’h2′ style=’blockquote modern-quote’ size=” subheading_active=” subheading_size=’15’ padding=’10’ color=” custom_font=”][/av_heading]

[av_textblock size=” font_color=” color=”]
With the modern day cyber threat constantly changing, it is of utmost importance for security teams to be sufficiently prepared to defend. We are glad to announce that Flowmon is proud partner of CyberKombat, an attack/defence experience training program designed to test and develop a security operations centre teams’ response to an incident. The whole story tells the official press release. Check out our latest news below.

► Where You Can Meet Flowmon Team in Late 2016?

When it comes to events, we try to be very active. Our team regularly attends key industry conferences and this fall it will be no different. Check out this listing to see where you can meet us.

► Inside the Heart of the Flowmon Solution: The Collector

Join Lubos Lunter, our product expert, at an upcoming webinar September 21, 2 PM (CEST), to learn how you can get complete network traffic visibility with powerful Flowmon Collector. Lubos will show you the key features and use cases beneficial for network engineers, security experts and application specialists.

► How to Analyse and Understand Your Network?

Are you new to network traffic monitoring? Learn the basics with the first part of our handbook on flow-based network monitoring. Download here.

► Success Story Bonatrans: Monitoring of Remote Locations

“Our priority was to gain a network traffic visibility not only in the main location, but also in the remote branches, where being physically present is much more difficult,” says Marek Hanzel, Head of IT at Bonatrans Group, in our latest success story.

Follow our latest news on Twitter, LinkedIn and Facebook.
[/av_textblock]

[/av_one_full]

Posted on

Bank of America thought its Firewall and Anti Virus were good enough.

[av_one_full first min_height=” vertical_alignment=” space=” custom_margin=” margin=’0px’ padding=’0px’ border=” border_color=” radius=’0px’ background_color=” src=” background_position=’top left’ background_repeat=’no-repeat’ animation=” mobile_display=”]

[av_textblock size=” font_color=” color=”]
Bank of America On Line Banking was down for 6 days effected 29 Million users!    Is your Firewall, Anti Virus, security better than Bank of Americas??

Already known cyber threats are efficiently detected and eliminated by firewall, antivirus, IDS/IPS or similar solutions. However, advanced cyber threats are designed as non-detectable by commonly available tools and if they overcome the security perimeter, they can easily spread uncontrolled in the network and behave in a way that they are regarded as legitimate. Thanks to their covert activity, they can access sensitive information or systems being unnoticed for a long period of time. The challenge here is to detect these attacks as soon as possible rather than investigate how to avoid them.

One of the examples is malware called Flame, which had gone undetected for five years until it was discovered by accident. Flame has infiltrated more than 5,000 networks, stealing data and providing access to the infected stations.
The analysis of activities within the data network is the only way to detect these cyber threats. Although they seem to be invisible in legitimate network traffic, they can be detected using detailed analysis of network traffic and detection of real network anomalies. The analysis and detection have to be fully automated since today’s network traffic volume, increasing network complexity and dynamics disable manual analysis.

The Cost Effective FlowMon solution focuses on detection of complex and dangerous threats which breaks into internal network despite the perimeter protection and can operate unnoticed for several months or even years. Major benefits include:

  • Protection of internal network, which is most vulnerable to advanced cyber threats.
  • Detection of threats closer to the origin and in time, minimizing the damage and reducing the risk of further spread.
  • Scalable, non-invasive and cost-effective security monitoring of the entire network.
  • Simplification and automation of expensive manual process of inspecting incidents.
  • Ability to leverage existing network infrastructure.

FlowMon – Cost Effective Advanced Threat Detection & Network Monitoring – www.flowmon.com
[/av_textblock]

[av_button_big label=’Contact Us to arrange a free trial’ description_pos=’below’ link=’page,49′ link_target=” icon_select=’no’ icon=’ue800′ font=’entypo-fontello’ custom_font=’#ffffff’ color=’theme-color’ custom_bg=’#444444′ color_hover=’theme-color-subtle’ custom_bg_hover=’#444444′][/av_button_big]

[/av_one_full]

Posted on

Flowmon July News

[av_one_full first min_height=” vertical_alignment=” space=” custom_margin=” margin=’0px’ padding=’0px’ border=” border_color=” radius=’0px’ background_color=” src=” background_position=’top left’ background_repeat=’no-repeat’ animation=” mobile_display=”]

[av_textblock size=” font_color=” color=”]
Even when holidays knock on the door and temperatures rise, Flowmon doesn’t take a day off. Check out our latest news below.

► Webinar: Flowmon Probes, the Most Powerful Flow Data Exporters in the World

Join our LIVE technology webinar on August 17 to learn how you can benefit from managing your network with Flowmon Probes. Register here.

► Amstelland Hospital Manages its Network with Flowmon

“Formerly we called our network a Black Box because it was unclear what kind of traffic was under way,” said Wouter Kors, IT Architect of Amstelland Hospital. Read the whole story…

► New Alliance With Garland Technology

Thanks to the cooperation with Garland Technology, a network test access point (TAP) manufacturer, data center operators can utilize an absolute traffic visibility and 100% uptime guarantee when performing operational and security tasks by the Flowmon Solution. Learn more in the joint solution whitepaper.

► Flowmon Networks Announced as a CSI Awards Finalist

We are delighted to be shortlisted for the Best monitoring/network management solution category at this year’s CSI Awards. Winners will be announced on Friday 9 September 2016 at IBC in Amsterdam. Keep your fingers crossed :-).

Follow our latest news on Twitter, LinkedIn and Facebook.
[/av_textblock]

[/av_one_full]

Posted on

Does Proactive Monitoring Really Matter?

[av_one_full first min_height=” vertical_alignment=” space=” custom_margin=” margin=’0px’ padding=’0px’ border=” border_color=” radius=’0px’ background_color=” src=” background_position=’top left’ background_repeat=’no-repeat’ animation=” mobile_display=”]

[av_heading tag=’h2′ padding=’10’ heading=’Does Proactive Monitoring Really Matter?’ color=” style=’blockquote modern-quote’ custom_font=” size=” subheading_active=” subheading_size=’15’ custom_class=”][/av_heading]

[av_textblock size=” font_color=” color=”]
does-proactive-monitoring-really-matterYou bet. On average, businesses are losing R84,000 for every minute of unplanned network downtime (Gartner). That’s well over R4.5M every hour. How long does it take your IT team to find and fix issues?

The issue that grinds your business to a halt could be an application or server issue, an unknown virus, a BOT or DDoS attack a disgruntled employee wanting revenge or simply an unknown event that disrupts the network and magically disappears. What can be done to prevent or at least detect these many diverse, unusual and challenging issues?

Things to consider:

Dynamic Network Mapping – See who is up, who’s down, response times, etc Mapping the network and drilling down to maps of specific locations and connections allows us to quickly pinpoint issues. If a router in Cape Town is acting up, you can instantly see the problem, where it is located, the impact it can have on the network, and what we need to do to fix the issue.”

Anomaly Detection – Detect any abnormal activity on the network, Worms, Virus’s, DDoS attacks, repeat password attempts, high or low bandwidth usage, data seepage, abnormal response times, unknown or unauthorized IP addresses, in fact anything that is not normal. Most companies rely on legacy IT systems, consisting of perimeter security and endpoint protection. However, they dismiss the significant infrastructure located between these two areas. In the world where threats have more opportunities than ever to bypass traditional solutions and sneak in, where 70% of attacks come from an internal network, this approach is not enough anymore. How do you secure your systems and data from sophisticated, ever changing threats that are undetectable by traditional solutions?

Application Performance Monitoring

Applications are usually the only part of the IT environment visible to the end users. So that ensuring a high quality user experience is crucial for application-driven business. For years, transaction simulations and software agents on servers were only resource demanding ways how to achieve this. Network traffic monitoring proves that there is a better way how to identify and resolve performance issues and enhance user experience.

Network Traffic Monitoring

Do you know who communicates with whom, when, how long and how often in your network? Flow based monitoring, NetFlow, IPFIX, sFlow, jFlow, etc have been developed to provide these answers and manage corporate infrastructure with confidence. By using Flow based analysis, administrators get an instant insight into network traffic structure to check its utilization, to find stations most loading the crucial connections, to plan capacity properly or control QoS.

All of the above functions are available in one product, FlowMon from Invea, developed for GÉANT in Europe linking most of the research institutions and universities and hosting over 65 million users FlowMon is the most powerful Network Monitoring and Security tool available and is used by many Government agencies, Police and Military organizations, worldwide. Now available in South Africa from Soba Vigor.
[/av_textblock]

[av_button_big label=’Contact Us to arrange a free trial’ description_pos=’below’ link=’page,49′ link_target=” icon_select=’no’ icon=’ue800′ font=’entypo-fontello’ custom_font=’#ffffff’ color=’theme-color’ custom_bg=’#444444′ color_hover=’theme-color-subtle’ custom_bg_hover=’#444444′][/av_button_big]

[/av_one_full]

Posted on

FlowMon solution for ISP

[av_one_full first min_height=” vertical_alignment=” space=” custom_margin=” margin=’0px’ padding=’0px’ border=” border_color=” radius=’0px’ background_color=” src=” background_position=’top left’ background_repeat=’no-repeat’ animation=” mobile_display=”]
[av_heading tag=’h2′ padding=’10’ heading=’FlowMon solution for ISP ‘ color=” style=’blockquote modern-quote’ custom_font=” size=” subheading_active=” subheading_size=’15’ custom_class=”][/av_heading]

[av_textblock size=” font_color=” color=”]
FlowMon is comprehensive solution for monitoring of network infrastructure, based on an observation of IP data flow (NetFlow/IPFIX). The technology provides overall view of network traffic within fixed, mobile or cloud infrastructure, details of every single communication as well as details about who, where, for how long, how often, using which protocol and which service, or amounts of data transferred during the communication. FlowMon is the only European solution using Network Behavioral Analysis (NBA) as identified by analytical agency Gartner.

The solution consists of powerful dedicated probes, collectors and NBA based module ADS (Anomaly Detection System), which detects both known and unknown security threats (attacks on network services, infected hosts, network traffic anomalies etc.). FlowMon solution may be extended by additional modules such as DR (Data Retention) to fulfill governmental law requirements not only in Czech Republic. Furthermore it is module TR (Traffic Recorder), recording chosen portion of traffic, including contain of packets.

flowmon-icon1Flow Monitoring – Next Generation Network Monitoring (NetFlow/IPFIX)

flowmon-icon2Network Behavior Analysis – Next Generation Network Security (NBA, NBAD)

flowmon-icon3IP Data Retention for ISP – governmental law fulfillment

flowmon-icon4FlowMon Traffic Recorder – recording of whole network traffic (L2-L7)

As of today, internet service providers require solution of a new generation, which provides faster and more comprehensive overview of network traffic and security of both their networks and their customer networks. Width of bandwidths is growing as well – from 10Gbps, 40Gbps, 80Gbps up to 100Gbps and the only solution delivering overall network monitoring is IP flow monitoring.
[/av_textblock]
[/av_one_full]

[av_one_full first min_height=” vertical_alignment=” space=” custom_margin=” margin=’0px’ padding=’0px’ border=” border_color=” radius=’0px’ background_color=” src=” background_position=’top left’ background_repeat=’no-repeat’ animation=” mobile_display=”]

[av_heading tag=’h2′ padding=’10’ heading=’Benefits of FlowMon for ISP ‘ color=” style=’blockquote modern-quote’ custom_font=” size=” subheading_active=” subheading_size=’15’ custom_class=”][/av_heading]

[av_textblock size=” font_color=” color=”]

  • Real-time network traffic monitoring, improvement of security and detection external and internal threats, analysis long-term statistics including details about computers, applications and conversations, detailed monitoring of users and services, effective bandwidth capacity management.
  • Long-term storage of network traffic statistics – law fulfillment.
  • Quick, efficient and accurate network operational troubleshooting, identification of any kind of anomalies using automated alerting.
  • Clear statements about network traffic, QoS monitoring, easier planning of infrastructure upgrades, peering control and supervision over the quality of service (SLA) are available thanks to qualified reporting.
  • Monitoring and detection of anomalies within VoIP traffic (SIP).
  • Detection of specific application usage based on NBAR2 standard.
  • Optimization of peering policies, compliance and SLA monitoring.
  • Monitoring of IP flows between BGP and autonomic systems (AS).
  • Monitoring of kind of traffic comes in or goes out within the network of operator.
  • Verification whether the load of load balancers works according to the proposed rules.
  • Thanks to the long-term statistics is the status/performance ratio of the network comparable before and after the upgrade of network elements
  • FlowMon provides information about the transmitted data or bandwidth to the FlowMon operator based on which operator is able to charge its service to customers

[/av_textblock]

[av_image src=’https://www.sobavigor.co.za/wp-content/uploads/2016/10/Flowmon-icon5.jpg’ attachment=’151′ attachment_size=’full’ align=’center’ styling=” hover=” link=” target=” caption=” font_size=” appearance=” overlay_opacity=’0.4′ overlay_color=’#000000′ overlay_text_color=’#ffffff’ animation=’no-animation’][/av_image]

[av_textblock size=” font_color=” color=”]
FlowMon solution detects anomalies or security incidents during the occurrence on the network thanks to ADS module. Through a collector the data is stored for the required period (for tracing incidents or forensic analysis). The whole solution can be fully integrated into SIEM solutions (Syslog, CEF).

Detection of these events:

  • Attacks (port scanning, dictionary attacks, DoS, Telnet)
  • Network traffic anomalies (DNS, multicast, high variability of communication)
  • Anomaly behavior of IP addresses (change in behavior profile)
  • Malware (viruses, spyware, botnets, communication with blacklisted addresses)
  • Mail (outgoing SPAM, illegitimate mail servers)
  • Operation problems (delay, overcapacity, reverse DNS records, service outages)

[/av_textblock]

[av_button_big label=’Further Information Contact Us’ description_pos=’below’ link=’page,49′ link_target=” icon_select=’no’ icon=’ue800′ font=’entypo-fontello’ custom_font=’#ffffff’ color=’theme-color’ custom_bg=’#444444′ color_hover=’theme-color-subtle’ custom_bg_hover=’#444444′][/av_button_big]

[/av_one_full]