NFO provides a comprehensive set of security features to help you protect your network from known and unknown threats. These features include:
- Threat detection: NFO can identify known and unknown security threats, including communications with malicious hosts, spreading viruses, and denial-of-service attacks.
- Threat tracing: NFO can trace the source of security threats, helping you to identify and block the attackers.
- Data loss prevention: NFO can help you to identify the unauthorized movement of large amounts of data to external sites or laterally within your network.
- User activity monitoring: NFO can track user activity, helping you to identify suspicious behavior and potential security threats.
- Compliance reporting: NFO can generate reports that can be used to demonstrate compliance with industry regulations.
NFO enriches flow data with the following information:
- Reputation: NFO uses a variety of sources to get reputation information about IP addresses and domains. This information can be used to identify malicious traffic and potential security threats.
- User identity: NFO can be integrated with various user identity systems, such as Microsoft AD, Okta, etc. This information can be used to track user activity and to identify potential security threats.
- Application: NFO can identify applications by their port numbers or by their signatures reported by network equipment Deep Packet Inspection (DPI). This information can be used to track application activity and to identify potential security threats.
- GEO IP: NFO can identify the geographic location of IP addresses. This information can be used to track the source of traffic and to identify potential security threats.
Other security features include:
- Drill down to see which hosts are affected: NFO allows you to drill down to see which hosts are affected by a security threat. This can help you to quickly identify and respond to the threat.
- Early warning DDOS attack detection: NFO can detect DDOS attacks early on, giving you time to take action to mitigate the attack.
- Forensic investigation: NFO allows you to look back in time for forensic investigation by setting a NetFlow Recorder rolling period of time. This can help you to investigate security incidents and identify the root cause of the incident.
Monitoring of AWS via VPC Flow Logs
Ability to read VPC Flow Logs from Kinesis or CloudWatch or S3
Ability of supporting many AWS accounts, VPCs, and AWS regions with one NFO EC2 instance
Enrichment of flow records with VPC name, EC2 instance name, DNS name, and AWS region
Monitoring of Microsoft Azure NSG Flow Logs
Ability to read Azure NSG Flow Logs
Ability of supporting many Azure storage accounts, accessing NSG Flow logs via Service Principle or System-assigned Managed Identity
Enrichment of flow records with Virtual Network name, VM name, DNS name, and Azure region
Monitoring of Google Cloud Platform (GCP) VPC Flow Logs
Ability to read GCP VCP Flow Logs
Ability of supporting many GCP Service accounts and projects
Enrichment of flow records with VPC Network name, Subnetwork name, Instance name, DNS name, and GCP zone
Monitoring of Network Device Health
Identification of overload conditions
With our SNMP polling
- CPU utilization
- Memory utilization
- Tracking of interface errors
- Dropped packets counter
- Flapping interface identification
Latency / Jitter
Monitoring of User Activity
Integration with Windows Domain Controller enables to match user IP address using login events
Integration with other identity systems by receiving login / logout events via syslog
Application Visibility via Flows from
Cisco AnyConnect or other Cisco devices generating Application Visibility Control (AVC) flows
Fortinet devices (e.g. FortiGate) reporting applications in IPFIX
Palo Alto Network devices
Other devices detecting applications using DPI, e.g. Cubro's Omnia
Any exporter based on known destination ports
Virtual Network / Physical Network Visibility
Pinpoints physical devices and interfaces impacting VM performance, on a Splunk dashboard
Reconstructs paths VM-to-VM and VM-to-host conversations over the underlying physical network
Real-time Consolidation of Any Flow Data
Enables customers to store and index only a fraction of volume and at the same time gain all benefits of flow information without losing accuracy
Deduplication: optionally report flows only from authoritative router/switch. Authoritative network device is determined as the one that sees the most flows for each communicating pair. This is recalculated every 30 seconds (by default, and could be changed), thus providing accurate information in a dynamic network environment
Capable to process any standard flow protocols, NetFlow v5/v9, Flexible NetFlow, NetFlow Options, IPFIX, sFlow (both data records and counter records), J-Flow, NetStream
Unmatched Performance Utilizing Patented Technology
Capable of processing 1,000,000 flows per second without a single drop
Can process up to 350,000 flows per second with consolidation
Enriches Flow Data with Real-time Information
VMware vCenter VMs
GeoIP at Country or City level
Enables customers to enable and configure features to address their specific use cases
NFO is a software solution. Same code base for Windows and Linux, as well as virtual appliance
NetFlow Recorder – enables you to look back in time. You can set rolling flow capture and replay period of time, and store flows in memory or on disk, then press <Replay> button to send these records in syslog or JSON format to your SIEM to gain complete visibility of past network traffic
Reverse DNS lookup – add host names to IP addresses
SNMP Polling and SNMP Traps support
Integration with Active Directory. Supports Two Factor Authentication
NFO can be configured via our GUI or REST API. Useful to customers with a large number of locations
NFO offers the flexibility to output flow data in standard syslog or JSON format.
It supports up to 16 output destinations, allowing configuration for different types of data distribution. For example, you can retransmit flows to a legacy flow collector while simultaneously producing analytics to be sent to your SIEM.
NFO integrates seamlessly with the following platforms:
- Splunk Enterprise, Splunk Cloud, Splunk ITSI, Splunk ES, Splunk Observability Cloud
- Sumo Logic
- New Relic
- Amazon S3 Buckets
- Amazon Open Search
- VMware vRealize Log Insight