Obtaining Network Metadata For Security Operations

  • Calendar Icon

Cyber threats are advancing and evolving over time, and companies continue to fall victim to these malicious attacks. Once a breach has happened, a company’s security or incident response teams are busy analyzing what has happened or what is still on their network. Full packet capture is critical for analysis and reconstruction.  

Utilizing Multiple NetFlow Protocols

This is where NetFlow comes into play. NetFlow is used to visualize traffic patterns on a network-wide basis. The NetFlow set of protocols enables statistics and traffic information for analyzing network data. Network engineers can gain real-time insights into all of the underlying traffic while providing all necessary data feeds to applications, security and operations teams. This allows tracking of network growth based on number of routing devices, ports, or higher-bandwidth interfaces. Likewise, security analysis is augmented by tracking network traffic changes and anomalies. 

Standard v5 NetFlow provides operational data on IP traffic data flow through networks. This has long been a standard for broad based network analysis, security monitoring (such as Denial of Service –DoS trends), and IP traffic accounting. V5 is ‘fixed’ in terms of fields that can be matched and exported.

Over time newer additions of NetFlow, such as NetFlow v9 and IPFIX, have been introduced, which allow customization of traffic analysis parameters based on the user’s needs. This improves on NetFlow v5 by enabling greater granularity while focusing on the fields that matter most. 

Complete Visibility Solution

To augment network engineers’ security infrastructure, APCON offers NetFlow V9 and IPFIX on its HyperEngine blade, a part of APCON’s network visibly solutions that adds up to 200Gbps of high performance packet processing. With integrated NetFlow generation on the APCON network monitoring switch, network engineers, operations and security teams now have a single platform to aggregate/filter monitoring feeds from across their network, generate different NetFlow feeds to all necessary collectors, and simultaneously process data to multiple network analysis and security tools. 

Benefits of generating NetFlow on APCON’s network visibility solution:

  • Offloading NetFlow generation processing from network devices such as routers enhancing network and security equipment performance
  • Allows users to utilize templates which can define the records used for flow definition and to define what fields get sent to a collector
  • Configurable selection of feeds from across the network to gain higher levels of visibility and selection of network segments with a few simple clicks
  • Media and data rate agnostic operation by seamlessly patching to 100G/40G/10G/1G fiber and 100/1000 copper feeds to generate NetFlow data
  • Simultaneous NetFlow generation (of v5/v9/IPFIX feeds) and data to multiple network security and monitoring tools with same monitor feeds
  • Setting up and maintaining even complex NetFlow configurations is made easy with APCON's WebXR GUI interface.

APCON’s NetFlow is a very powerful source of traffic flow and contextual network awareness. NetFlow v9 and IPFIX enable field selection for even greater levels of granularity. Combined with APCON’s network security platform, network administrators can now leverage this information on feeds from across the network while maintaining and increasing their purpose-built monitoring and security tools. Feel free to contact our sales engineers for a demonstration of our NetFlow.