Comments on: Security and NetFlow: The time is now!

By: Steven Pollock

Steven Pollock — Mon, 25 Jul 2011 15:57:09 +0000

We have some government customer using Netflow for Security very extensively today. You might want to check with Argonne National Lab (@argonne), specifically Scott Pinkerton who does a great job of explaining his Federated Model. I’ll forward this to him.

0 likes

By: Chris Coleman

Chris Coleman — Wed, 20 Jul 2011 20:23:55 +0000

Mark,

Thanks for the comment and point of view. I would suggest that you look into the capabilities that Flexible NetFlow introduces and how those capabilities can be leveraged for anomaly detection and other security focused analysis. With regards to sophisticated malware, very few technologies will identify these threats based on signatures but we have many government customers that are successfully using NetFlow to identify compromised hosts which are not being identified by traditional perimeter security devices. We are also seeing customers in mid-market and enterprise verticals use NetFlow at an increasing rate for security specific purposes.

0 likes

By: Mark Longworth

Mark Longworth — Wed, 20 Jul 2011 19:30:44 +0000

NetFlow has absolutely no security context! Particularly for ATP..

0 likes

By: jennifer Baltazar

jennifer Baltazar — Wed, 29 Jun 2011 14:44:56 +0000

This is a great post. Thanks for sharing.

0 likes

By: it support newcastle

it support newcastle — Sun, 26 Jun 2011 15:58:06 +0000

Hey, I really enjoyed this post. Cheers.

0 likes

By: Michael Patterson

Michael Patterson — Sun, 26 Jun 2011 11:44:25 +0000

Performance Monitoring from Cisco also uses Flexible NetFlow. For TCP connections, this means we gain details on Round Trip Time (RTT) and for VoIP we get details on jitter and packet loss. Performance Monitoring has been slow to take off as customers need to be running at least IOS 15.1(3)T.

These new metrics allow NetFlow to take traffic monitoring to another level.

0 likes