Enriched Flow Intelligence for NetOps and SecOps
Observer GigaFlow provides user-focused insight for managing performance and security challenges by combining previously siloed data sets into a single enriched record. The aggregated intelligence provides immediate understanding of end user, application and infrastructure behavior and performance across virtual, cloud, and traditional networks and expands edge visibility into branch offices and remote resources. This provides in-depth detail for security and performance investigations on network device types, connectivity, traffic control, usage patterns and behavior down to the individual user and session.
Key Features and Benefits:
- Wizard-Driven Threat ProfilingA new, easy wizard-driven configuration method for Threat Profiles allows you to quickly and confidently define the hosts and services you want to monitor for suspicious traffic patterns. Real-time alarms alert if traffic outside of the allowed patterns is detected, reducing or eliminating altogether false positives that can obscure real issues and waste resources.
- New IP ViewerBy compiling Layer 2 to Layer 3 insights into a single enriched flow record, Observer can produce unique, interactive visualizations that illustrate the relationships between User, IP, MAC, and application usage in the network. A NetOps or SecOps user can simply enter a name enter in a username and immediately find all devices, interfaces, and applications associated with it. Finding out what’s connected and who’s communicating across your network has never been easier.
- End-User & Application Capacity ManagementGigaFlow provides network traffic visibility on a per interface basis down to the layer 2 switch. Gain usage and utilization insight by individual user or in aggregate spanning the service delivery environment from core to edge and into the cloud. This is ideal for general assessments of end-user experience at points anywhere along the conversation route, and valuable for quantifying asset cost/benefit efficiencies. For example, assessing the cost effectiveness of cloud deployments and accurately attributing costs of underlying IT assets to the resource users (e.g. department, business unit).
- Enriched Flow ForensicsGigaFlow offers real-time and long-term historical perspectives of end-user status and device as a function of underlying service health at every network traffic interface. The enriched flow records of GigaFlow dynamically capture all relevant data including timestamp and location continuously over extended periods. Because of this, IT teams can navigate to a specific event or anomaly in the past to troubleshoot and solve the problem by answering who it impacted and when, where, and how the incident occurred.
- Threat ID with Scope & Impact ContextOut of the box, GigaFlow will automatically call home to obtain the latest black lists IPs, then checks it against all enriched flow records over time. GigaFlow can also alert on syn only flow records, often associated with rogue activity. Incidents from other security solutions can be passed to GigaFlow providing search and identification capabilities. This helps answer questions like: What was the host or device communicating with earlier? Where is the rogue host/device now? Who was using the host/device? This aids SecOp teams in their investigations and enhances existing security solutions.
- Host/Device Traffic ProfilingA core capability of GigaFlow is the ability to build a traffic profile of hosts/devices on the network. Hosts are characterized by type, usage, application, and communication activity. This can be used to assess acceptable usage (e.g. white lists). Profiles are maintained in real-time with all future network generated device traffic evaluated against past behavior for unusual or anomalous activity. Ongoing SNMP polling has the added benefit of quickly detecting new and possibly rogue activity.