FlowMon ADS
FlowMon ADS is a modern system for detection of data network anomalies and undesirable behavior, which is based on permanent evaluation of network traffic statistics. The goal of the solution is to reveal operational problems and to increase external and internal security of a data network. The main advantage over standard IDS systems and SNMP monitoring lies in orientation on the overall behavior of devices in a network, which enables to respond to yet unknown or specific threats for which the signature is not available.
|
|
|
|
|
Main benefits
- Obtaining a detailed overview of the network traffic structure and top users
- Evaluation of compliance with security guidelines and regulations
- Detection of internal and external attacks
- Services quality monitoring
- Elimination of unwanted applications
- Detection of infected network devices
- Prevention of unwanted software use and sharing of illegal content
- Control of the outgoing network traffic, protection of the reputation
- Quick diagnosis of network, services and applications latency
- Wrong network devices configuration detection
Main features
- Predefined set of rules for detection of undesirable behavior patterns
- Predefined set of rules for detection of general network anomalies
- Building long-term behavior profiles of devices on the network in terms of services, traffic volume and communication partners
- A comprehensive dashboard with immediate indication of problems and top statistics
- Interactive visualization of events
- Integration of information from DNS, WHOIS and geolocation services
- Complex filtering options and event prioritization linked to reporting and alerts
Processing of network traffic
- Processing of LAN, WAN, Internet traffic statistics
- Support for IPv4 and IPv6 networks
- Statistics in the format of NetFlow v5/v9
- Implementation of extension of pair flows (RFC 5103 standard)
Anomaly and undesirable behavior detection
- Attacks (port scanning, dictionary attacks, Denial of Service, Telnet protocol)
- Anomalies in data traffic (DNS, multicast, non-standard communication)
- Anomalies in device behavior (change of the long-term behavior profile of a device)
- Unwanted applications (P2P networks, instant messaging, anonymization services)
- Internal security issues (viruses, spyware, botnets)
- Email traffic (outgoing spam)
- Operational problems (delays, excessive load, the reverse DNS records, broken updates)
Behavior profiles
- Volumes of data traffic (transmitted data, connection count)
- The structure of services (used and provided services)
- Communication partners
- Searching network servers and clients
- Searching for devices providing or using services in the network
- Overall view of traffic structure
- Detailed profile for each IP address, monitoring trends
Interactive visualization of events
- Exploration and evaluation of reported events in form of directed graphs compiled on the basis of network traffic that caused the event
- Interactive walkthrough, displaying of relevant neighborhood of the event and drill-down to the level of individual data transmissions
- Export of statistics for network traffic, which caused the event, in a form suitable to prove incidents
Easy deployment and extensibility
FlowMon ADS is designed so that it can be immediately deployed and used in different environments.
- Templates of typical configuration for different types of networks
- Comprehensive graphical reports generated from the application on demand
- Notifications of unwanted network states and situations via e-mail
Availability
- Licensed on the number of simultaneously processed sources of network traffic statistics and the number of concurrent users working with the user interface
- As a software plug-in for INVEA-TECH FlowMon solution, easy to install on probe/collector
About NBA technology
All the solutions of AdvaICT are based on the technology of Network Behavior Analysis. Read more about the uniqueness of this technology.
more about NBA technology
Employees monitoring
Did you know that employees spend up 20% of their working time entertainment? Deployment of monitoring and analysis of network traffic can reveal the use of unwanted services, such as P2P networks, online games or instant messaging, just as it is possible to detect abnormal data transmissions.
Since April 2012 AdvaICT is Registered Developer by Cisco.