Reading Time: 5 minutes

About Flowmon

Flowmon Networks was a global network intelligence company acquired by Kemp in November 2020.

The acquisition brings together application delivery and security services with deep network visibility and automated security incident response.

One year after (in September 2021), Progress (NASDAQ: PRGS) announced the completion of the acquisition of Kemp and now Flowmon is one of the main company’s product, but still is keeping its own identity and also a dedicated web site (https://www.flowmon.com/en).

Why Flowmon?

Flowmon offers NetFlow based deep network visibility solution for network and security operations and try to solve one fundamental problem in the network world: the lack of visibility (or a limited visibility).

This because visibility technologies usually arrive later and usually the priority could be the manageability or the security problem.

Also, in the past, network visibility could be difficult to implement because of the lack of standards, the limited details (for example at application layer). But now is mature enough and security aspects have accelerated the adoption and the need of network visibility.

And note that visibility does not only mean a complete inventory of all network elements and connections, but also a comprehensive view of all the procedures and processes.

No more only an IT needs

Visibility is no more an IT only stuff, typically used for troubleshooting purpose, but because a needs also for other company roles:

  • Architect needs visibility do identify patterns and seasonality
  • Manager needs visibility to better produce reports and overviews
  • Security team needs visibility to better understand the flows, but also to identify anomalies and detect incidents of compromise
  • Application team needs visibility to better design frontends and backends, but also to better understand the transactions processes
  • C-level needs visibility to improve cooperation and interoperability

But to achieve this multi-roles usage and consumption, of course, is needed a “multi-tenant” access to provide secure and effective access to the right data to the right type of people.

Flowmon architecture

The overall architecture is quite simple but functional:

At the source level there are the probes and the sensors. The Flowmon Probe is the most powerful flow data exporter on the market that generates data down to the application level and measures performance.

The Flowmon probles can work on hardware, virtual or cloud level, from 10 Mb/s to 100 Gb/s of network throughput and they provide fully L2, L3/4, L7 visibility.

Probes natively collect L2–L4 information on IP addresses, protocols, server response time, round trip time, jitter, and more, while leveraging traffic decapsulation to monitor the real user-application conversation instead of the tunnel itself. In addition, Flowmon’s IPFIX extension provides additional L7 data, such as hostnames, URLs, browser information for HTTP/S protocols, and other fields for protocols like DNS, DHCP, SQL, SMTP, or Samba/CIFS, and more.

The NetFlow Collector is a stand-alone appliance for the collection, long-term storage and analysis of flow data from flow-enabled devices (load balancers, switches, and routers), dedicated probes and other flow sources. It is equipped for advanced reporting and data visualization.

It has a very powerful user interface, based on multiple dashboards:

You can see how it works with the online demo (https://www.flowmon.com/en/try-online-demo).

Multi-branch case

One of the challenges of the companies with several branches is provide an overall visibility across all the different remote branches/remote offices.

Flowmon enables maximum network performance and security across every branch of your IT environment in an easy way and affordable investment.

Flowmon eliminate visibility blind spots by analysing data from diverse environments using proprietary and 3rd-party data sources and normalizing diverse data formats to gain insights in one place from multi-branch environments, but also edge and multi-cloud environments.

Flowmon offers limitless scalability thanks to a futureproof flow-based engine that delivers a level of detail comparable to packet-based solutions at a fraction of the resource requirements. Full-packet data is available on-demand and on-event packet capture when needed.

Improving your security

Flowmon provides a unified source of truth to both network and security teams and cuts the cost of functional duplicity between tools.

It can Detect ransomware, expose insider threats and respond to them quickly while keeping your network transparent and problem-free.

But also, it enables your network and security teams to work cross-functionally on markedly quicker incident resolution.

The traditional view is that NetOps and SecOps are independent silos with different technologies and processes. But by merging them together with a unified tool is possible to establish a true NetSecOps!

Flowmon can improve different security aspects:

  • Infrastructure design & deployment​ by providing a complete visibility helps in capacity planning, performance management same as for fine tuning firewall rules.
  • Incident monitoring, investigation, response by using the network view on protection against threats and create complete incident strategy including the response handling.
  • Policy verification and enforcement​ by taking care of out-of-date SSL certificates, policy non-compliant certificates, encryption strength and old TLS versions.

But collect data or provide reports is not enough… sometimes there is the need to act and remediate as soon as is possible to prevent security risks.

One interesting function of Flowmon is the behaviour based anomaly detection (NBAD) that permanently observe network traffic, analysing communication to seek anomalies and reveal suspicious behavior.

https://www.flowmon.com/en/blog/science-of-network-anomalies

To find out more about Flowmon, visit Flowmon.com

Try online Demo – https://www.flowmon.com/en/try-online-demo

Request Free Trial – https://www.flowmon.com/en/download-free-trial

Share

Related Posts

  • VMware vRealize Network Insight 3.6

    VMware has recently released the new verion of vRealize Network Insight (vRNI) 3.6 that adds key capabilities that enhance network and security visibility in customers’ SDDC and AWS environments, and that enable customers to confidently deploy, manage and scale their VMware NSX deployments. VMware vRealize…

  • VMware acquires E8 Security

    VMware has acquired the technology and team of E8 Security. With this acquisition, VMware is further reinforcing its commitment to deliver the industry’s first intelligence-driven digital workspace to empower the employee experience and drive predictive security. Adding E8 Security’s capabilities to VMware's digital workspace platform,…

  • How to discover your network topology

    This is an article that I wrote as a contribuitor for the Aruba blog. Read the full article. Network topology is the arrangement of the different network elements of a communication network, usually represented with a graph. It is an application of graph theory where the…

Virtualization, Cloud and Storage Architect. Tech Field delegate. VMUG IT Co-Founder and board member. VMware VMTN Moderator and vExpert 2010-24. Dell TechCenter Rockstar 2014-15. Microsoft MVP 2014-16. Veeam Vanguard 2015-23. Nutanix NTC 2014-20. Several certifications including: VCDX-DCV, VCP-DCV/DT/Cloud, VCAP-DCA/DCD/CIA/CID/DTA/DTD, MCSA, MCSE, MCITP, CCA, NPP.