NetFlow-based analytics brings valuable information that helps you understand your network and arms you with actionable intelligence. It provides data for deeper drill-down analysis and allows to identify: - Security risks and internal threats, which could be missed by firewalls and other IDS systems; - Anomalous traffic; - Network bottlenecks which need reconfiguration; - Applications, users, and protocols that consume most of network bandwidth.
No. NFO is a powerful real-time processing engine for any type of flow data, including NetFlow, sFlow, J-Flow, and IPFIX. It optimizes flow data for volume and relevancy and converts it into a format easy to ingest by log visualization tools and SIEM systems.
Depending on the hardware specification a single NFO instance is capable of processing up to 1,000,000 flows per second without a single drop.
No. NFO License is based on the aggregate *flow rate you want to process, and a single license is required for any number of NFO instances.
No. NetFlow Analytics for Splunk App and Add-on are free and no separate license is required.
Yes. NFO’s flow consolidation feature allows up to 90% reduction in data volume sent for visualization and analysis, with no loss of accuracy.
With NFO, you can instantly identify hosts and network devices issuing most TCP resets. This pinpoints the source of the problem, thus reducing time to resolution.
NFO identifies top bandwidth users – both devices, users, protocols, and in some cases applications.
Yes. With NFO and V2P Network Visibility for Splunk App you can trace and troubleshoot connectivity issues by seeing VMs affected by physical network outages, and viewing physical switches and routers on path of communicating VMs
Yes. NFO enables you to look at network bandwidth consumption by each individual end point. You can easily identify an employee who is watching Netflix or using any other entertainment service during working hours.
NFO shows what parts of the network are overloaded and which parts are underutilized, thereby allowing the customer to reroute traffic so as to make efficient use of existing hardware.
NFO can help you identify bottlenecks and network equipment malfunctions.
NFO’s unique consolidation capability enables up to 90% reduction in volume without losing accuracy.
NFO takes Autonomous System paths from the customer’s edge devices (e.g. Juniper routers). You can use this information to understand the routing of traffic from data centers to your customers. Then you can pick the least cost routing software to optimize for higher speed and lower cost.
NFO’s Geo IP location *flow enrichment capability allows to capture and report information about network users and their geographical location, down to a city level.
Yes. NFO enables identification of overloaded network interfaces and identification of applications that are consuming a significant portion of the bandwidth (so the customer can move the application to a different part of the network to reduce the number of hops between its users and the application).
Yes. NFO provides *flow enrichment with information, such as user identities, domain names, and Geo IP at the time flow records are processed. This approach assures the accuracy of the IP addresses and the information linked to each address.
When your internal hosts communicate with outside peers, NFO detects and reports suspicious traffic using a number of threat feeds. It enriches flow data with external host reputation, such as “Scanning Host”, “Botnet C&C”, “Malware Domain”, etc. The Cyber Threat Statistics dashboard shows malicious traffic counters, GeoIP information, source / destination details and traffic direction.
Yes. NFO provides the ability to identify unusually large data transfers. It can help you prevent cases when someone is exporting a large volume of your engineering data, and also someone downloading significant data to a laptop, putting it on a flash drive, and walking out of the building with it.
Yes. NetFlow Logic’s DDoS Detector is designed to improve your existing incident response plan. Advanced analytics engine used by DDoS Detector can reduce False Positive alerting by 90%.