FlowMon. Complete solution for network monitoring and security. INVEA-TECH info@invea-tech.com

FlowMon Complete solution for network monitoring and security INVEA-TECH info@invea-tech.com

INVEA-TECH University spin-off company 10 years of development, participation in EU funded projects project Liberouter and programmable hardware, 10 mil Euro invested, creation of world's unique technologies Company profile Strong academic background: CESNET, MU, VUT Founded 2007, 50 references during the first year Strong domestic market position Now developing export markets Key products: FlowMon: network traffic monitoring NBA: detection of anomalies, operational and security issues FlowMon + NBA = complete solution for monitoring and security 2/30

References GEÁNT2, Federica monitoring of 7 European backbones Czech Ministry of Defense Korea Telecom Uniqa, AVG CESNET T-Mobile University of Madrid and more... 3/30

Network = backbone of your IT Do you know the cost for an hour's network downtime to your organization? Is your network secured against both external and internal threats? Do you know the value of data available on your network? Many things depend on your network.. applications databases users customers business operation of organization organization image 4/30

Key Points Network monitoring based on IP flows Do you know what's really happening in your network not only to Internet but also in LAN and WAN? Real-time and historically? Security NBA (firewall is not enough any more) Do you easily detect DOS, DDOS and attacks against services? Are you able to reveal viruses/malware not detected by antivirus? Do you have a tool for suspicious behavior changes detection? Network infrastructure optimization Are you paying too much for Internet or WAN connection? Is your network slow? Long responses of network applications? Employees efficiency Are P2P services or instant messengers used in your network? Do they visit suspicious web pages? 5/30

FlowMon Network Under Control Innovative network monitoring solution using IP flows Based on NetFlow v5/v9 and IPFIX technology Provides information about who communicates with whom, how long, what protocol, traffic volume and more Provides answers to all questions from previous slide Best price/performance ratio in the industry Solution for networks of all dimensions Exceptional customer benefits Your network under control! 6/30

Technological Overview 7/30

Gartner & Reality Gartner Reality There is no security without monitoring. After you have successfully deployed firewalls and intrusion prevention systems with appropriate processes for tuning, analysis and remediation, you should consider monitoring and NBA. secure organization = firewall + IPS + NBA/NBAD/ADS network communications monitoring and network behavior analysis is one of the TOP10 most important technologies in 2010 lot of organizations have no system for network communications monitoring/ IP flows monitoring FlowMon + NBA can perfectly complete other flow monitoring systems there are still growing requirements to monitoring and security, audits of financial institutions, CSIRT teams 8/30

FlowMon Architecture FlowMon Probes passive standalone source of network statistics (NetFlow / IPFIX data) FlowMon Collectors visualization and evaluation of network statistics 9/30

FlowMon Probe High-performance standalone probe - source of IP flow records in NetFlow v5,9 and IPFIX format L2/L3 invisible - transparent for monitored network Standard and hardware accelerated models Remote configuration via a user-friendly web GUI 10/100/1000 Ethernet, 10 GbE, IPv4, IPv6, MPLS, VLAN Maintenance-free appliance with simple configuration Built-in collector for quick technology evaluation 10/30

Standard Model Compact rack mount (1U) NetFlow probes Excellent Price/Performance ratio Suitable for most of the standard networks performance more than 500 k packets per second for 1GbE port more than 1.5 M packets per second for 10GbE port FlowMon Probe 100/1000/2000/4000/6000/10000/20000 models with copper, fiber or SFP/SFP+ interfaces 2x 10GbE or up to 6x 1GbE monitoring ports and 1 management port 11/30

FlowMon Collector Standalone appliance for long term storage of flow statistics from multiple sources Collector application for NetFlow/IPFIX/sFlow statistics FlowMon Monitoring Center included for free in each appliance Web GUI is the same as for the built-in collector on the probe Professional solution for mid-size and large networks RAID, redundant power etc. HDD capacity from 1TB up to 100TB (see the models specification) 12/30

FlowMon Appliance Web GUI User-friendly web interface with secure access (https) Appliance parameters settings FCC Collector application - FMC Communication via the management port of the appliance 13/30

FlowMon Monitoring Center Graphs, tables and form for further data processing Top N statistics (users, sites, services) Predefined set of profiles (views) for standard protocols User defined profiles (based on IP address or ports) Profile support and automatic alerts (e-mail etc.) 14/30

FlowMon Plugins 15/30

FlowMon Reporter Intelligent reporting tool, exports to pdf, csv Overview of what is happening on the network for the last day/week/month Online web statistics, offline email reports Reports for administrators: What s the load of Internet connection link? How are the different services used in the network? Reports for managers: Who are the top web visitors? What are the favorite websites? Who is the top email sender? 16/30

FlowMon ADS Undesirable behavior detection Attacks Undesirable services Operational and configuration problems Behavior profiles computing Communication partners Anomaly detection Traffic volume and structure Intuitive user interface Immediate network problems indication Interactive event visualization Integration with information from DNS, WHOIS, geolocation services Complex filtering, alerting, reporting 17/30

FlowMon ADS Detection of undesirable patterns in communication Attacks (port scanning, dictionary attacks, denial of service, telnet protocol) Data traffic anomalies (DNS, multicast, non-standard communications) Device behavior anomalies (changes in long-term device behavior profile) Undesirable applications (P2P networks, instant messaging, anonymizer) Internal security problems (viruses, spyware, botnets) Mail traffic (outgoing spam) Operational problem (delays, high traffic, reverse DNS records) 18/30

FlowMon ADS Behavioral analysis Behavioral profile (client/server, data traffic, partners, traffic structure) Anomaly detection (actual behavior against long-term profile) Statistics information (continues indicators about network behavior) 19/30

FlowMon ADS User interface Modern web user interface Various alternative views on events Behavior profiles lookup Interactive event visualization Localization and on-line help 20/30

Typical Project - Small Monitoring of internal network and also Internet by usage SPAN/mirror port of active device. One-port gigabit probe. Depending on number of plugins 3600 7200 EUR References: JIC, Hospital Olomouc, MVV Energy Alternatively for 10/100 Mbps FlowMon Probe 100 Office 21/30

Typical Project - Medium Internal network monitoring by usage SPAN/mirror port of active device. Communications monitoring behind firewall by TAP usage. Four-port gigabit probe. Depending on number of plugins 7200 20000 EUR References: Aegon, Olomouc Region Academy of Sciences, BFÚ 22/30

Typical Project - Huge Monitoring of several localities - probes, collectors and plugins Depending on number of localities 20 000 500 000 EUR References: AVG, Ministry of Defense (through VDI Meta) 23/30

Typical Project - ISP All uplinks monitoring peering, transit Standard project sizes Small ISP, 1-2 gigabit links, 3600 7200 EUR Big ISP, tengigabit links, 20 000 500 000 EUR References: Sloane Park, ČD Telematika, KT Přerov 24/30

Benefits for administrators... Total network visibility (LAN, WAN) real-time & historically Network performance monitoring Fast, precise and effective troubleshooting Monitoring of the Internet usage (games, videos,...) Efficient capacity planning and traffic engineering Detection of internal and external attacks Top users and applications identification 25/30

..Security and Management.. Benefits for security departments: detection of internal and external attacks, changes in behavior user access control to data sources investigate and prove security incidents compare security policy with status quo prevention of information leakage Benefits for management: costs savings on management and operation of network statistics (tables, pie graphs) about network usage electronic resources usage by employees (e.g. Internet costs in working time) overview about P2P application usage... 26/30

...Internet Service Providers Long-term statistics storage about traffic Network capacity planning Connectivity optimization Peering agreements optimization Easy SLA control and proving Data retention law fulfillment Accounting and billing based on traffic amount Possibility to graphs and tables integration to your IS 27/30

FlowMon Solution Advantages Complete product portfolio for monitoring of all dimensions networks Scalable and flexible solution Best price/performance ratio low price of standard models high performance of hardware-accelerated models Unique customer benefits 28/30

Network Security Analysis Professional service for customers Deep analysis of your network focused on security, performance and optimal utilization State-of-the-art IP flows monitoring Deep experience in the area of network monitoring and security Network security analysis benefits detailed view in the network traffic fast and precise troubleshooting prevention of possible incidents (network overloads and failures) monitoring and analyzing of user and application activities improving the network security 29/30

Thank you for your attention High-Speed Networking Technology Partner INVEA-TECH info@invea-tech.com +420 511 205 250 INVEA-TECH a.s. U Vodárny 2965/2 616 00 Brno Czech Republic www.invea-tech.com 30/30