The Business Value Of NetFlow : Why Invest In NetFlow Technology?

LadyWallThere has been a rapid increase in demand for security solutions that can defend against Advanced Persistent Threats (APTs). Why? Because today, cyber criminals don’t use a specific attack to compromise targeted networks.

Successful attacks are typically made up of a number of chained exploits. A hacker may start with social engineering, deliver malware through phishing and gain internal access through compromised machines. Once the hacker has established a foothold into the internal network, he may spread rootkits through a hidden torrent like environment to communicate under the radar and steal information.

Defending against attacks like this is difficult to detect and to remediate. Point productions may catch a piece of the puzzle however you will need the complete picture to deal with sophisticated attacks. Solutions must have network wide visibility, which typically can be accomplished through logging, packet capture or network analysis. Logging requires security tools such as firewalls and IPS appliances spread across the network sending logs to a centralized system for event correlation and reporting. Analyzing packets usually requires collectors analyzing a tremendous amount of data obtained from key network segments. Network security and performance analytics can be obtained directly from network devices capable of providing NetFlow such as routers and firewalls.

Of the three methods, network analysis is becoming an extremely attractive method to defend against advanced threats since NetFlow can be harvested from existing devices.

What are the key reasons to invest in NetFlow when an organization has already invested in firewalls, anti-virus, IPS systems, and other security tools?

Answer “Are We Compromised?”

The most important question any decision maker should ask is “will this solution make our organization safer from cyber threats?” Providing a current network security risk level is key for answering that question. NetFlow lets you provide near real-time data on cyber threats on the network and in the data center. That’s very powerful.

More Bang from Existing Hardware

You may hear, “We have security tools.” Do they consider the entire network and how much maintenance is required for usable data? Tuning and upkeep can be cumbersome when multiple vendor solutions are pieced together to provide 24/7 network wide security visibility. Investing in NetFlow rather than another network visibility solutions can be as high as a 15 to 1 cost savings since NetFlow is an industry standard pulled from existing devices.

Improve Network Performance

One key feature besides security analytics for NetFlow is tracking network performance. A huge inhibitor for any security solution is the fear of how it impacts business, which security tends to have a bad reputation. NetFlow can alert when network segments are saturated and identify the devices behind the problem.

Reduce time to Identifying and Mitigating Threats

Advanced threats need a fraction of time to do severe damage to your corporation. NetFlow can quickly identify malicious behavior and map out all aspects of the threat improving the time to identify, react and remediate. Remediation is critical and NetFlow can be a key to avoiding reoccurrence of similar attacks.

Enforcing Policies

Policies are only as good as they are enforced. NetFlow arms you with the ability to track how the network is used to specific policies. For example, NetFlow can identify people saturating the network with streaming Internet radio or communicating through unauthorized channels.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.