1

I'm evaluating various options for Netflow/IPfix based analyzers which focus on identifying security threats and anomalies. It would be highly appreciated if someone can provide a list of tools with the following points in mind.

  • windows or *nix based .. doesn't matter.
  • proprietary tool or open source ... doesn't matter but open source would be good.
  • price .. doesn't matter.

Thanks

Kanwar Saad
  • 111

3 Answers3

2

Cisco maintains a nice list of Netflow Software: freeware, commercial, Cisco solutions

Andrey Sapegin
  • 1,221
0

Here are some options: Cisco just acquired Cognitive Security. They provide only threat detection. No flow reporting. Price = ??

Scrutinizer from Plixer : They perform threat detection and are leaders in reporting especially on firewall exports. They automate host reputation lookups. Price = moderate

Arbor Networks : They are leaders in threat detection and have some flow reporting. It is massively scalable. Price = expensive.

I hope this helps.

Jake Wilson
  • 1
0

Some things to consider when looking at analyzers:

  • Where is your NetFlow data coming from? If you've already got routers and switches that export NetFlow, you're probably in good shape, but if not, there are a number of free flow exporters available as software.
  • Are you looking to buy a ready-to-deploy box, or a software solution to run on hardware that you provide yourself?
  • How long of a data history do you need? Are you looking for a full-fidelity store, or are you OK with aggregation?

The company I work for produces a NetFlow analyzer called FlowTraq. For obvious reasons, I'm a fan :)

Other commercial offerings include SolarWinds, Arbor Networks, and Lancope. I believe Cisco has their own offerings as well. nTop and SiLK are two good open source tools; even if you wind up going with a commercial tool, I recommend trying them out just to get familiar with the terminology, and figure out what features you need in a NetFlow tool.

John Murphy
  • 186