Netflow Auditor / ideaData
AI Netflow analysis und Packet Capture integration
Packet Capture Analysis is the last mile, requiring deepest knowledge of protocols, performance values, status codes and anomalies shown in packets.
Deep packet analysis is often a manual and time consuming task and must be somehow triggerd to be executed, usually by an external incident or command – or by the data provided by the capture solution itself – which is the most optimal workflow, when incident- or anomaly detecting system can provide the packet data.
seamless solution for the Integration of high-performance netflow und Packet Capture
Idea Data
NetFlow Auditors Unique approach delivers comparative baselining, superior granularity, scalable collection, root cause analysis and QoS Analysis. All designed to run independently or work together as a powerful single unit.
NetFlow Auditor empowers communication and application visibility for networking, security, billing and compliance with high-end integrated network traffic analytics, granular forensics, cybersecurity intelligence, cloud usage, internet-of-things analytics, peering and billing to medium and large enterprise customers and service providers.
We provide absolute data retention, enabling the most data orientated decision making and cost-effective workflow for any organization, significantly enhancing network performance, network security and cyber intelligence to the highest level.
Which Problem does it solve
Many capture solution with deeper analysis features can not sustain high traffic load, because the processing requires too much CPU- where other capture solutions can capture zero-loss data in 40/100 Gig networks – but don’t provide deep data to get an understanding of the network and a hint where further analysis is required.
On the other side highspeed netflow does exist “everywhere”.
With IPFIX-vendor-extensions going much deeper into areas of npm, apm and security analysis – if these extension can get interpreted by the netflow solution.
So Netflow is becoming one of the most precious platforms for network analysis.
Description
IPAC was developed to combine and integrate various data sources to provide seamless cross-border workflows.
IdeaData with its excellent and featurerich product “Netflow Auditor” provides following exclusive features for this purpose
- Fully integration of various Netflow / IPFIX versions ( incl. IXFLOW and nTop, what was required)
- Easy access all fields of netflow data by json or API
- Baselining for flows
- Data organization based on variable subnet schemes
- Flexible for extending displayed metrics
Interview iPAC – interview packet analysis center
– a software integrating different technologies to provide seamless workflows to the user.
- Netflow data from a Packet Broker exists in highspeed – high performance networks
- Capture appliances at speeds beyond 20 Gbps often do not provide deep statistics about the traffic.
By integrating netflow data and highspeed capture – best of both worlds could be merged to create a powerful, high performance solution for networks beyond 20 Gbps:
Netflow data shows statististics of traffic and it sources – in this case DPI app recognition netflow was used, supporting metrics like http-return codes, server response time, dns time etc.
Using IPAC, customer could identify critical values on IPAC Dashboard, select objects of interest and download the packets from the connected packet capture device.