NetFlow Optimizer (NFO) is a new solution from NetFlow Logic released in January 2017. It is a new name for our core product, NetFlow Integrator or NFI, as we believe that it better describes what our product does.
NFO is not a NetFlow collector. It uses patented streaming technology that consumes and enriches NetFlow records with other data and sends it to Security Information Event Management (SIEM) systems, which are then correlated with other machine data.
Like its predecessor – NetFlow Integrator™ – NFO provides a processing engine for various formats of flow data: NetFlow, IPFIX, sFlow, J-Flow, etc.
- NFO is a software solution. No investment in expensive proprietary hardware is required;
- It provides unmatched performance and can process up to 350,000 records per second on an 8-core machine with 12GB of memory. Millions of flow records per second can be processed if multiple instances of NFO are deployed;
- Unique real-time consolidation and archiving technology optimizes the flow data sent to the SIEM, without losing the accuracy of the information;
- NFO can be deployed in a virtual environment and scales horizontally and vertically with the growth of the enterprise network.
NFO optimizes flow data for volume and relevance, enriches based on predefined policies, and sends for visualization and alerting.
NFO enables real-time network monitoring.
NetFlow Optimizer provides cost-effective real-time solutions:
- Initiates relevant alerts for network security and management issues;
- Provides multi-dimensional views of your network traffic by summing up flow counts, bytes, packets and other flow characteristics per protocol, per application, per network host or per subnet over a period of time, and reports loads on network devices, top bandwidth consumers, and servers’ response times;
- Identifies security threats and traces current known threat sources;
- Enriches flow data with current Reputation and GEO IP information;
- Monitors network devices and interface loads. Measures bandwidth consumption for capacity planning. Identifies applications and users that consume bandwidth. Initiates alerts of anomalous network host behavior and anomalous network traffic including “low and slow” DDoS attacks;
- Enables actionable virtual and physical network monitoring. Identifies VMs affected by physical network outages. Visualizes virtual and physical network data paths. Supports point-to-point communication tracing: VM – VM, VM – physical host, VM – VM over VXLAN;
- Identifies impact of physical network devices and interface failures on the virtual network.
Visit Solution briefs page to learn more.
Standard System Requirements
16GB RAM, 8 Cores CPU, 20 GB disk space.
VMware ESXi 5.x and above
Linux CentOS 5.5, 6.5, 7 – Debian 6 – RHEL 5.5, 6.5, 7 – SUSE ES 11 (kernel 2.6+ 64-bit)
Windows Server 2008 R2, 2012, and 2012 R2 (64-bit)