Michael Patterson : Advanced NetFlow Traffic Analysis
Michael Patterson
Founder and Product manager for Plixer's Scrutinizer NetFlow and sFlow Analyzer as well as Flow Analytics.

Network Behavior Analysis

Detecting Advanced Persistent Threats with NetFlow and IPFIX

April 11, 2012

Detecting Advanced Persistent Threats and other Network Security Threats with NetFlow and IPFIX requires advanced flow analytics. For example Top hosts, top applications, top DSCP values, etc., it’s great information and these reports can be used both reactively and proactively but, it’s just the tip of the iceberg as NetFlow can tell us about all kinds of anomalous traffic that may be flying under the radar. 

NetFlow Behavior Analysis Systems : Limited Impact

January 13, 2012

NetFlow Network Behavior Analysis (NBA) systems have limited impact on detecting threats. They are only suitable as a second or perhaps third layer of threat detection. Some companies offering NetFlow Threat Detection tools would have you believe otherwise. Don't fall for it. "Gartner says NBA is suitable as a complementary technology to intrusion detection and prevention software, which is effective for addressing network attacks that can be positively identified." As a HUGE NetFlow and IPFIX supporter, I tend to agree that flow technologies can augment security practices, but can't replace them.

Featured Events