Network Threat Detection
When choosing your next investment in Network Security Software it is important to try and identify the nature of the types of threats (e.g. phishing attacks, click jacking) you want to stop. It is also important to ensure that the solution allows you to perform a thorough investigation as malware WILL make it onto your network. Because of the breadth of network threat types, your next network security software solution will almost certainly focus on a specific method of network threat detection. For example:
- Antivirus software is installed on end systems
- Firewalls placed on internet connections attempt to protect the company from Internet connections
- IDS appliances are inserted in-line and perform deep packet inspection to identify signatures
Cisco ASA NetFlow
Perhaps your next investment in network security software should leverage NetFlow. Although NetFlow and IPFIX have long been thought to be only beneficial in network monitoring, these technologies were designed for security purposes as well. In fact, most enterprise class firewalls today export either NetFlow or IPFIX. Take for example Cisco ASA NetFlow. Its export includes contextual details including usernames as well as the ACLs being matched - including hit counts.
Other firewalls that support NetFlow and IPFIX exports include Barracuda, CheckPoint, Dell-SonicWALL and Palo Alto Networks. Their exports include details on layer 7 application and username. Some even include details on latency, packet loss and URLs. Only the best NetFlow analyzers can report on these exports and they are generally built on Linux.
Most Linux NetFlow solutions are not limited to network monitoring rather, they were built on Linux to ensure that they scale to meet the needs of large enterprises. The ability to collect, analyze and store massive amounts of flow data is a critical factor when choosing your next network security software solution for a few reasons:
- Many organizations are capable of sending tens of thousands of flows per second. Some are reaching into the millions.
- With the introduction of Cisco AVC reporting, NetFlow and IPFIX volumes are increasing 2-4 fold
- Storage of flow "big data" is of paramount concern because when a threat is detected, the NetFlow reporting solution is often the first appliance turned to when investigating the event.
If your IT security team would like to learn more about fighting threats, detecting threats and especially investigating threats with NetFlow and IPFIX, have them sign up for an advanced NetFlow training class where they will learn from some of the most seasoned network professionals in the industry. Topics covered include:
- Tuning behavior algorithms (e.g. DDos, Excessive SYNs, etc.)
- Creating custom monitors
- Hunting through the data, finding a breach, where did it come from?
- Tracking all lateral movements of a threat
- IP host reputation monitoring
- Event correlation and setting notifications
Best NetFlow Analyzer
If you want your next network security software investment to leverage NetFlow, learn from one of the best NetFlow analyzer companies in the industry: Plixer International