Flow Analytics

Protect end systems, even those that return to the corporate network after accessing public hotspots, by implementing a continuous detection, response, and mitigation system. Since nearly all malware eventually reaches out to the Internet, Flow Analytics monitors Internet-bound (i.e. outbound) connections, then baselines and uncovers abnormal communication patterns. Regardless of device type (e.g. Android, iPhone, Mac, PC, etc.) uncovering suspicious behaviors is independent of the hardware platform.

Behavior Monitoring

    Monitoring for odd traffic patterns can trigger events that become indicators of compromise. By correlating these events and building a threat index, you can reduce false positives and raise awareness of infections and misconfigured devices.

History—Big Data Storage

    Store the raw flows for weeks, months, or even decades and, just as importantly, retrieve specific details within seconds. Don't just meet the needs of regulatory compliance—exceed the storage requirements of policies such as HIPAA and PCI.

Filter, Watch, and Trigger

    Flow Analytics™ for Scrutinizer is the only product today that allows you to monitor any element exported in NetFlow and IPFIX, set up extensive 'include' and 'exclude' filters, set a threshold, and then wait for the event. For example, you can monitor an application for a certain ToS within a class A subnet and trigger for excessive latency or packet loss. You can even set thresholds on the number of events necessary before a notification is triggered. Take full advantage of the details exported in the flows from your hardware regardless of vendor.

Define In-House Applications

    Every business depends on unique applications to stay competitive. These flows can be identified and labeled to remove uncertainty when poring through massive amounts of network traffic. Simple and fast classification of ports and IP addresses allows your team to more easily manage the traffic that needs to stay optimized on the network.

Advanced Reporting

    Add the Advanced Reporting module to Flow Analytics™ and empower administrators with the ability to decide what they want to see in the flow exports. Select what values to group on and the metrics to count and trend. Regardless of vendor (from Alcatel to Ziften) we can report on their flow export.

Before, During, and After

    Answer these key questions with Flow Analytics™ Before, During, and After an Attack:

    • What were the key indicators used to uncover the infection?
    • Where and when was the point of entry?
    • Are any other systems exhibiting the same behavior?
    • What connections were triggered after the infection?

    Before: Flow Analytics™ uses global threat intelligence to strengthen defenses. Out of the box, it monitors and triggers on dozens of indicators of compromise. By themselves, these indicators could easily be dismissed as false positives. Correlation is key.

    During: Flow Analytics™ uses the intelligence gained from the indicators of compromise in the correlation process to uncover compromised devices that are trying to exfiltrate proprietary information. Combined with the FlowPro Defender, the system will identify DNS abuse, command and control traffic, and data theft.

    After: Inevitably, some infections will evade your first lines of defense. Flow Analytics™ provides a lattice of detection capabilities. It uses proprietary methods combined with globally collected domain reputation lists to determine if advanced, unknown malware evaded front-line defenses. Using the raw flows, you can pinpoint exactly when an end system was compromised, as well as which other systems may have been affected by the malware's lateral movement through your network.

Unmatched Traffic Visibility

    Proven correlation techniques evaluate all of the indicators of compromise to positively identify the behavioral characteristics that are uncharacteristic of the baseline. If a device starts communicating in ways outside of the baseline or behaving outside of expected tolerances, Flow Analytics™ will alert security teams or automatically remediate the traffic based on policy controls.

    Flow Analytics™ provides unmatched traffic visibility into the malware's origin and the systems that may have been impacted. It gives security teams the level of deep visibility needed to quickly uncover malware, scope a compromise, and contain the infection before it spreads and causes further damage.