Welcome to the NetFlow Auditor Blog

The Strategic Value of Advanced Netflow for Enterprise Network Security

Posted by Rafi Sabel on Oct 19, 2016 8:34:45 AM

Networks today are exponentially faster, bigger and more complex than those of just a few years ago.

With thousands of devices going online for the first time each minute, and the data influx continuing unabated, it’s fair to say that we’re in the throes of an always-on culture.

As the network becomes arguably the most valuable asset of the 21st century business, IT departments will be looked at to provide not just operational functions, but, more importantly, strategic value.

Read More

Topics: NetFlow

How NetFlow Solves for Mandatory Data Retention Compliance

Posted by Rafi Sabel on Aug 8, 2016 11:24:23 AM

Compliance in IT is not new and laws regulating how organizations should manage their customer data exist such as: HIPPA, PCI, SCADA and Network transaction logging has begun to be required of business. Insurance companies are gearing up to qualify businesses by the information they retain to protect their services and customer information. Government and industry regulations and enforcement are becoming increasingly stringent.

Most recently many countries have begun to implement Mandatory Data Retention laws for telecom service providers.

Read More

Topics: NetFlow, Data Retention Compliance

NetFlow for Usage-Based Billing and Peering Analysis

Posted by Rafi Sabel on Jul 25, 2016 12:09:00 PM

Usage-based billing refers to the methods of calculating and passing back the costs of running a network to the consumers of data that occur through the network. Both Internet Service Providers (ISP) and Corporations have a need for Usage-based billing with different billing models.

NetFlow is the ideal technology for usage-based billing because it allows for the capture of all transactional information pertaining to the usage and some smart NetFlow technologies already exist to assist in the counting, allocation and substantiation of data usage.

Read More

Topics: NetFlow

How to Improve Cyber Security with Advanced Netflow Network Forensics

Posted by Rafi Sabel on Jul 7, 2016 7:30:00 AM

Most organizations today deploy network security tools that are built to perform limited prevention - traditionally “blocking and tackling” at the edge of a network using a firewall or by installing security software on every system.

This is only one third of a security solution, and has become the least effective measure.

Read More

Topics: Network Forensics, Cyber Security

5 Benefits of NetFlow Performance Monitoring

Posted by Rafi Sabel on Jun 28, 2016 11:43:19 AM

In today’s global marketplace there has never been more pressure on organizations to reduce costs in order to be competitive. No longer can an organization afford to ignore the ever-escalating costs associated with increasing complexity and the lack of visibility of network traffic. Time is money! A great deal of time is spent on painstaking and often unsuccessful searches for the causes of performance and security incidents and monitoring inappropriate network use and risk. Applications continue to grow in complexity and have ever increasing bandwidth. Network infrastructure is growing and increasing in cost and complexity.

Read More

Topics: NetFlow, Network Performance Management

Deploying NetFlow as a Countermeasure to Threats like CNB

Posted by Rafi Sabel on Jun 1, 2016 7:30:00 AM

Few would debate legendary martial artist Chuck Norris’ ability to take out any opponent with a quick combination of lightning-fast punches and kicks. Norris, after all, is legendary for his showdowns with the best of fighters and being the last man standing in some of the most brutal and memorable fight scenes. It’s no surprise, then, that hackers named one of their most dubious botnet attacks after “tough guy” Norris, which wreaked havoc on internet routers worldwide. The “Chuck Norris” botnet, or CNB, was strategically designed to target poorly configured Linux MIPS systems, network devices such as routers, CCTV cameras, switches, Wifi modems, etc. In a study on CNB, the University of Masaryk in the Czech Republic, examined the attack’s inner workings and demonstrated how it employed Netflow as a countermeasure to actively detect and incapacitate the threat.

Read More

Topics: NetFlow, Network Security

Why NetFlow is Perfect for Forensics and Compliance

Posted by Rafi Sabel on May 25, 2016 8:32:04 AM

As flow-data is rich in metadata and continues to be extended with more contexts, NetFlow Forensics offers the perfect method of how you can deal with a large aspect of network security.

Read More

Topics: Network Forensics

Identifying ToR threats without De-Anonymizing

Posted by Rafi Sabel on May 17, 2016 8:08:22 AM

Part 3 in our series on How to counter-punch botnets, viruses, ToR and more with Netflow focuses on ToR threats to the enterprise.

ToR (aka Onion routing) and anonymized p2p relay services such as Freenet is where we can expect to see many more attacks as well as malevolent actors who are out to deny your service or steal your valuable data. Its useful to recognize that flow analytics provides the best and cheapest means of de-anonymizing or profiling this traffic.

Read More

Topics: NetFlow, ToR

How to counter-punch botnets, viruses, ToR and more with Netflow (Pt. 2)

Posted by Rafi Sabel on May 11, 2016 7:30:00 AM

Data Retention Compliance

End-Point Profiling

Hosts that communicate with more than one known threat type should be designated a high risk and repeated threat breaches with that hosts or dependent hosts can be marked as repeat offenders and provide an early warning system to a breach or an attack.

It would be negligent of me not to mention that the same flow-based End-Point threat detection techniques can be used as part of Data Retention compliance. In my opinion this enables better individual privacy with the ability to focus on profiling known bad end-points and be used to qualify visitors to such known traffic end-points that are used in illicit p2p swap sessions or access to specific kinds of subversive or dangerous sites that have been known to host such traffic in the past.

Read More

Topics: NetFlow

How to counter-punch botnets, viruses, ToR & more with Netflow [Pt 1]

Posted by Rafi Sabel on May 5, 2016 7:30:00 AM

You can't secure what you can't see and you don’t know what you don’t know.

Many network and security professionals assume that they can simply analyze data captured using their standard security devices like firewalls and intrusion detection systems, however they quickly discover their limitations as these devices are not designed for and cannot record and report on every transaction due to lack of granularity, scalability and historic data retention. Network devices like routers, switches, Wi-Fi or VMware servers also typically lack any sophisticated anti-virus software.

Presenting information in a manner that quickly enables security teams to act with simple views with deep contextual data supporting the summaries is the mark of a well constructed traffic analyzer ensuring teams are not bogged down by the detail unless required and even then allowing elegant means to extract forensics with simple but powerful visuals to enable quick contextual grasp and impact of a security event.

Read More

Topics: NetFlow, ToR