Network flows are the way all of our data traverses corporate networks, mini-home networks, service providers and, of course, the Internet.
Without proper tracking and analysis, these flows can easily get out of control, and with no oversight, bad traffic has nothing to stop it.
Enter flow analysis, such as that offered by ProQSys’ FlowTraq (yes, this company has a funny way of spelling things!).
Flows are really just packets related by the types of data, such as an image or Word doc. Hardware such as switches, routers and firewalls can collect these flows, summarize them, then export them off to a ‘collector.’ The collector is where the real work of analysis and threat mitigation can take place.
FlowTraq does precisely this kind of analysis, and offers this to MSPs so they can understand just what is happening across all their wires and cables (and wireless too).
Now FlowTraq offers broader threat detection and better warnings for IT when problems occur. The company also claims the latest version Q2/13 (now that’s a cool way to name an upgrade) is faster and has an array of usability improvements, including a more parallel architecture to exploit multi-core processors, allowing for the efficient tracking of larger networks.
“FlowTraq is optimized to work in large network and multi-tenant Managed Service Provider (MSP) environments to detect sophisticated threats through Behavioral Anomaly Detection. It uses behavioral analytics to alert IT administrators to data leaks, compromises, spammers, botnets, worms and DDoS attacks. FlowTraq monitors network performance and bandwidth consumption, catalogs applications in use, and detects problematic changes in network activity,” the company explained. “Designed to complement and improve existing network security operations, it can be deployed stand-alone or in a cluster, enabling it to offer its forensically accurate analytics at any bandwidth level.”
The new version includes:
- NBI Threat Management – FlowTraq now makes it easier to expose the tool’s Network Behavioral Intelligence toolkit, and thus control the systems’ anomaly detectors.
- Anomaly Detectors – Speaking of anomaly detectors, there are now more of these that “can baseline quantities such as session counts, byte and packet volumes, etc. on any entity (host, service endpoint, autonomous system, etc.) for any traffic or object,” the company explained.
- Threat Intelligence Service – FlowTraq users can now access this service that provided updated information on threats.
All this is designed to keep networks safe and sound. “Security professionals would prefer to fully understand what happened in the time leading up to a data breach, even if such a scenario is discovered after the fact. With FlowTraq they gain this forensic insight, regardless of the size of their network,” said Vince Berk, ProQSys. “With the latest release we further bolstered our threat detection capabilities to help customers cope with the complexities of defending their networks, and protecting against attacks that are increasingly more sophisticated and harder to detect.”
Do it Yourself
For open source junkies and do it yourselfers, FlowTraq APIs are public. “We understand that users do not always learn about the newest and most sophisticated attacks right away. Therefore we enhanced FlowTraq to allow customers to customize and personalize their Network Behavior Interface (NBI) detection capabilities,” Berk said.
When I heard ProQSys was based in Lebanon, N.H., I reckoned there was a tie to Dartmouth College, located next door in Hanover.
Boy was I right. Berk got his Ph.D. in the Netherlands, but teaches computer architecture and does research at Dartmouth’s Thayer School of Engineering. Old timers may remember that Dartmouth is also the place where BASIC was invented.
Edited by
Alisen Downey