Netflow Auditor / ideaData

AI Netflow analysis and Packet Capture integration

Packet Capture Analysis is the last mile, requiring deepest knowledge of protocols, performance values, status codes and anomalies shown in packets.

Deep packet analysis is often a manual and time consuming task and must be somehow triggerd to be executed, usually by an external incident or command - or by the data provided by the capture solution itself - which is the most optimal workflow when incident or anomaly detecting system can provide the packet data.

seamless solution for the integration of high-performance netflow and packet capture

Idea data

NetFlow Auditors Unique approach delivers comparative baselining, superior granularity, scalable collection, root cause analysis and QoS analysis. All designed to run independently or work together as a powerful single unit.

NetFlow Auditor empowers communication and application visibility for networking, security, billing and compliance with high-end integrated network traffic analytics, granular forensics, cybersecurity intelligence, cloud usage, internet-of-things analytics, peering and billing to medium and large enterprise customers and service providers.

We provide absolute data retention, enabling the most data-oriented decision making and cost-effective workflow for any organization, significantly enhancing network performance, network security and cyber intelligence to the highest level.

 

Which problem does it solve

Many capture solution with deeper analysis features cannot sustain high traffic load, because the processing requires too much CPU- where other capture solutions can capture zero-loss data in 40/100 gig networks - but don't provide deep data to get an understanding of the network and a hint where further analysis is required.

 

On the other side, high-speed netflow does exist “everywhere”.

With IPFIX-vendor-extensions going much deeper into areas of npm, apm and security analysis - if these extension can get interpreted by the netflow solution.

So Netflow is becoming one of the most precious platforms for network analysis.

 

Description

IPAC was developed to combine and integrate various data sources to provide seamless cross-border workflows.

IdeaData with its excellent and feature rich product “Netflow Auditor” provides the following exclusive features for this purpose

  • Fully integration of various Netflow / IPFIX versions (including IXFLOW and nTop, what was required)
  • Easy access to all fields of netflow data by json or API
  • Baselining for flows
  • Data organization based on variable subnet schemes
  • Flexible for extending displayed metrics

Interview iPAC - interview packet analysis center

- a software integrating different technologies to provide seamless workflows to the user.

  • Netflow data from a packet broker exists in high speed - high performance networks
  • Capture appliances at speeds beyond 20 Gbps often do not provide deep statistics about the traffic.

By integrating netflow data and high-speed capture - best of both worlds could be merged to create a powerful, high performance solution for networks beyond 20 Gbps:

Netflow data shows statistics of traffic and it sources - in this case DPI app recognition netflow was used, supporting metrics like http-return codes, server response time, dns time etc.

Using IPAC, customer could identify critical values on IPAC Dashboard, select objects of interest and download the packets from the connected packet capture device.