The Demo is based on a sample of NetFlow Optimizer-generated syslog, visualized by the NetFlow Analytics for Splunk App. Several basic use cases that you can leverage with flow data are described below. If you are interested to see how NetFlow Logic products can help in more complex situations, providing operational visibility across virtual and physical domains, improving network security and enabling DDoS attack detection, you can schedule a free guided demo.
Sample Use Cases
NetFlow-based analytics brings invaluable information that helps you understand your network and arms you with actionable intelligence.
Imagine a single PC, infected with a virus, sending a large number of network packets in all directions. It can overload your whole network, consuming available bandwidth, and thus incapacitating business applications. With NFO you can identify the perpetrator within minutes.
When your internal hosts communicate with outside peers, NFO detects and reports suspicious traffic using a number of threat feeds. It enriches flow data with external host reputation, such as “Scanning Host”, “Botnet C&C”, “Malware Domain”, etc. The Cyber Threat Statistics dashboard shows malicious traffic counters, GeoIP information, source / destination details and traffic direction.
Having many visitors to your website can be great for your business, but what if they are accessing your corporate network? When these visitors come from unusual geographies, especially those known for suspect behavior, it is important to be aware of such visits and may require an investigation.
With NFO, you can monitor the health of your TCP traffic and instantly identify hosts and network devices issuing most TCP resets. This pinpoints the source of the problem, thus reducing time to resolution.
By looking at your network bandwidth consumption by hosts, you can immediately identify an employee who is watching Netflix during working hours.