Comments
Using NetFlow Data For Robust Network Security
Newest First  |  Oldest First  |  Threaded View
jgherbert
50%
50%
jgherbert,
User Rank: Ninja
12/30/2013 | 12:33:18 PM
No Silver Bullet
"Robust" in the sense that if you add this to your existing in depth arsenal of analysis tools, then yes it's another good thing to have around. I note that the Dark Reading articls says "More Robust" which is a bit more accurate in my opinion.

 

Netflow is great, but data may not be complete, and is not as "real time" as we'd typically like. It's not like it's streaming information constantly to a netflow analyzer. Typically netflow data aggregates IPs (because storing every individual IP flow is just too much overhead for busy routers, whether in terms of CPU or memory), has limited storage assigned to it (after which, should you ditch the older data or just not add the new data?), and is only dumped from the router to a collector periodically (the time frame for which determines the potential granularity of the definition of 'real time' analysis).

 

You can of course allow netflow to capture every flow in detail, assign a lot of memory to it, and dump every minute - with, as you can imagine, an accompanying impact on the network devices providing the data. I'm sure some can handle it well, but netflow is not a panacea for full network visibility. The fact that the data comes neatly formatted and ready for onward processing is very helpful though and if you can see discrepancies in that data that will help security then certainly there's no harm. As with every tool though we have to recognize the inherent limitations in the data gathering process and take that into account when analyzing the output.


The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.