FlowGuard – Details & Use Cases

Network flow monitoring

Large Enterprises, Public Organizations, Hosting Providers, Managed Network and Security Services Providers often struggle with scalability issues to control their networked applications or those of their customers. SNMP (Simple Network Management Protocol), a traditional way of monitoring LANs, DMZs, and Internet connectivity, requires polling every monitored host. However, this information does not allow sufficient insight into what applications are generating traffic (and could have performance or security issues).

Since many years a different approach exists: routers and firewalls can “push” via standard protocols (NetFlow and sflow) information about the traffic they are handling. The extra load to generate this information and the bandwidth to carry it to a central collection point are both negligible. However, scalable and intelligent tools are required to collect, process and quickly render it.

CHALLENGE

SNMP based monitoring methods are not scalable, and do not provide sufficient insight into application traffic

Image

FlowGuard: scalability and accuracy

FlowGuard collects and processes NetFlow/sFlow information about the Internet access, DMZs and LAN traffic. The processed information is visually rendered with a minimum time granularity of 1 minute, but details of single application sessions between host pairs are accessible for at least one month.

FlowGuard can collect traffic from hundredths of devices. The visualization can be organized to support tens of administrators of a large multi-site corporate network. In multi-tenant mode, a single FlowGuard instance can be accessed by completely independent customers, enabling the monitoring to be delivered “as a Service”.

Alerts can be easily configured to raise alarms via email or text messages in case of abnormal, unexpected or missing traffic. The graphical drill down enables a fast troubleshooting. A reporting functionality provides management reports of the network status, (e.g. every week), evidencing variations from previous periods.

Image

SOLUTION

FlowGuard is a multi-tenant platform, ideal to consolidate NetFlow data from different devices and deliver a network monitoring and alerting service to hundredths of network administrators

Image

FlowGuard benefits: use cases

Managed Network Monitoring

An organization providing IT and network services to several small and medium business customers could consolidate on its FlowGuard instance all the network monitoring data from its customers by simply collecting NetFlow and sFlow records from the customers’ border routers and switches.

Each customer could be offered a (paying) network monitoring service handled 24/7 by the organization’s NOC, responsible of handling the alerts automatically generated by FlowGuard and escalating them to the on-call IT managers of the customers when needed. Moreover, a (paying) reporting service could be offered to the customers, with daily/weekly/monthly details of top used applications, top bandwidth consumers, etc.

The periodic reporting service service, greatly appreciated by the IT managers, allowed to spot network abuses and avoided unnecessary, expensive bandwidth upgrades

security and misconfiguration alerts

A large enterprise with several business critical applications must keep under constant control the traffic to / from some critical servers. With FlowGuard several alerts could be configured to detect overload situations (often related to security issues – e.g. incoming targeted DDoS or brute force password guessing attempts).

FlowGuard was also configured to also detect underload situations, i.e. unusual absence of the application traffic (often related to misconfigurations in servers, clients or mid-boxes like firewalls) that suddenly blocked the application delivery.

In such cases the network administrators could be immediately alerted and could start troubleshooting the issues even before the customers called in the NOC or open a Ticket. Moreover, the central and site administrators could both access the FlowGuard interface, that became their common troubleshooting tool speeding up problem solution.

Image

Benefits

Flowguard could avoid buying extra bandwidth for non business applications

FlowGuard could reduce service outages time of critical applications, and enabled a quick reaction to cyber attacks