Skip to main content
Version: 2.10.1

Benefits

NetFlow data plays a critical role in strengthening network security and streamlining IT operations. It offers a comprehensive view of network traffic, enabling organizations to proactively detect security threats, monitor user activity, and gain valuable insights for effective network management and optimization. By providing detailed visibility into network traffic patterns, NetFlow data empowers both security teams and IT operations to ensure a robust and secure network environment while enhancing the overall performance and efficiency of the network infrastructure.

NetFlow Optimizer enables you to efficiently process large volumes of diverse NetFlow data, including IPFIX, JFlow, sFlow, and Cloud Flow Logs from Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). It ensures real-time optimization and enrichment, delivering data exactly where you need it, in the right formats.

NetFlow Optimizer is offering support for SNMP Polling and SNMP Traps, further enhancing its capabilities for comprehensive network monitoring. Whether you're focused on network security, IT operations, or both, NetFlow Optimizer equips you with the tools and insights you need to keep your network secure, efficient, and well-managed.

Data Volume Reduction

Data Volume Reduction (DVR) is a process of reducing the amount of data that needs to be stored and processed. This can be done by consolidating, deduplicating, or filtering data.

  • Consolidation: Consolidation is the process of combining multiple data records into a single record. Bytes and packets from communicating peers are aggregated over a short configurable period of time by source, destination, protocol, and ports. Consolidation can reduce the amount of data that needs to be stored and processed, without losing any accuracy.
  • Deduplication: Each flow is reported only once, even if it passes through multiple network devices. This further reduces the volume of data without losing accuracy.
  • Top traffic: Top traffic is a technique for reducing the amount of data that needs to be stored and processed by only reporting the top N consolidated flows. Top traffic can significantly reduce the amount of data that needs to be stored, while still maintaining a high level of accuracy.

Flow Data Enrichment

NetFlow records only contain a limited amount of information about network traffic. Flow data enrichment is the process of adding additional information to NetFlow records, such as:

  • DNS names: The domain names of the hosts involved in the flow.
  • VM names: The names of the virtual machines involved in the flow.
  • Applications: The names of the applications that are being used.
  • User identity: The identity of the users who are using the applications.
  • Cloud instance names, services, regions: The names, services, and regions of the cloud instances involved in the flow.
  • SNMP polling data: Data that is collected from network devices using SNMP.
  • GeoIP: The geographic location of the hosts involved in the flow.
  • Reputation based on threat lists: The reputation of the hosts involved in the flow, based on threat lists.

Flow Stitching

Flow stitching refers to the process of consolidating client-server request-reply flows into a single flow record, offering several distinct benefits:

  • Enhanced accuracy in traffic analysis: By stitching together request-reply flows, a more comprehensive view of the traffic between two hosts is obtained. This aids in the identification of malicious activities such as port scans or denial-of-service attacks, thereby improving overall threat detection capabilities.

  • Heightened visibility into network behavior: Flow stitching provides a deeper understanding of how applications utilize the network. This visibility proves invaluable in troubleshooting performance issues and identifying potential security vulnerabilities, leading to more effective network management.

  • Streamlined security operations: Through the consolidation of request-reply flows, certain tasks involved in security operations can be automated. This automation allows security analysts to allocate their time and resources to more intricate and critical responsibilities, thereby enhancing overall operational efficiency.

By leveraging flow stitching, organizations can optimize traffic analysis, gain insights into network behavior, and streamline their security operations, resulting in improved network performance, enhanced security posture, and more efficient resource utilization.