Skip to main content
Version: 2.9.1

Benefits

NetFlow Optimizer enables you to process massive volumes of NetFlow (IPFIX, sFlow, Cloud VPC Flow Logs, etc) data, optimizing and enriching it in real time - ensuring that you get data where you need it in right formats.

Data Volume Reduction

Data Volume Reduction (DVR) is a process of reducing the amount of data that needs to be stored and processed. This can be done by consolidating, deduplicating, or filtering data.

  • Consolidation: Consolidation is the process of combining multiple data records into a single record. Bytes and packets from communicating peers are aggregated over a short configurable period of time by source, destination, protocol, and ports. Consolidation can reduce the amount of data that needs to be stored and processed, without losing any accuracy.
  • Deduplication: Each flow is reported only once, even if it passes through multiple network devices. This further reduces the volume of data without losing accuracy.
  • Top traffic: Top traffic is a technique for reducing the amount of data that needs to be stored and processed by only reporting the top N consolidated flows. Top traffic can significantly reduce the amount of data that needs to be stored, while still maintaining a high level of accuracy.

Flow Data Enrichment

NetFlow records only contain a limited amount of information about network traffic. Flow data enrichment is the process of adding additional information to NetFlow records, such as:

  • DNS names: The domain names of the hosts involved in the flow.
  • VM names: The names of the virtual machines involved in the flow.
  • Applications: The names of the applications that are being used.
  • User identity: The identity of the users who are using the applications.
  • Cloud instance names, services, regions: The names, services, and regions of the cloud instances involved in the flow.
  • SNMP polling data: Data that is collected from network devices using SNMP.
  • GeoIP: The geographic location of the hosts involved in the flow.
  • Reputation based on threat lists: The reputation of the hosts involved in the flow, based on threat lists.

Flow Stitching

Flow stitching is the process of combining client-server request-reply flows into a single flow record. Here are some of the specific benefits of flow stitching:

  • Improved accuracy in traffic analysis: By stitching together request-reply flows, it is possible to get a more complete picture of the traffic between two hosts. This can be helpful in identifying malicious activity, such as port scans or denial-of-service attacks.
  • Improved visibility into network behavior: By stitching together request-reply flows, it is possible to get a better understanding of how applications are using the network. This can be helpful in troubleshooting performance problems or identifying security vulnerabilities.
  • Improved efficiency in security operations: By stitching together request-reply flows, it is possible to automate some of the tasks involved in security operations. This can free up security analysts to focus on more complex tasks.