Progress Flowmon 12.4 addresses the challenges in understanding the need for faster and more efficient data analysis.
At Progress, our primary focus is to provide accurate and thorough network data insights to our customers. As our customers' networks grow, the volume of telemetry data expands exponentially. This growth, while beneficial, brings with it the challenge of increasingly longer search times through vast amounts of data.
Progress Flowmon 12.4 has implemented IP Indexing, as identifying the activity of an IP address on a network is one of the most common Flowmon use cases for network administrators and cybersecurity teams.
Additional details of what’s new and improved in 12.4 are available on the Flowmon release blog.
What is IP Address Indexing?
Flowmon stores its data in blocks. Traditional search methods require going through all the data blocks within a specific period. With IP Indexing enabled, Flowmon can quickly determine which blocks have entries and data containing the desired IP address. This allows Flowmon to search only the relevant blocks, which makes the search process significantly faster.
The Power of Accelerated Search
The core benefit of the IP Indexing feature is its ability to drastically minimize search times. For many IT teams, locating specific IP information can be time-consuming, especially in large and complex networks.
Accelerated Search via IP Indexing can significantly reduce search time. This feature enables rapid IP lookups, simplifying the location of network activity for specific IP addresses and aiding tasks like tracking devices or verifying connections. It also speeds up troubleshooting by allowing quicker identification and resolution of network issues and minimizing disruptions. Additionally, IP Address Indexing scales with network growth, maintaining efficient search performance as the number of IP addresses increases.
A typical use case is a retrospective analysis of compromise indicators. For example, a user can receive a near-immediate answer to the question, “Did anyone from my network communicate with the following malicious IPs last month?” The performance improvement of a particular data query will always depend on a specific data set for a given time period.
The video below demonstrates the significant speed improvements when you enable IP Indexed searches.
Get Started with Accelerated Search
You don’t need to do anything. IP indexing is enabled by default after upgrading to Flowmon 12.4. You can control the IP Indexing feature via Configuration Center → FMC Configuration → Basic Settings. IP Indexing is not applied retroactively. The IP Index is being generated for all incoming network telemetry data since the feature is enabled. Keep in mind that the subject of indexing are IP addresses in all channels of the “All sources” profile. Rebuilding an index for historical data is possible through a remote session with our support team. IP Indexing is limited to for IPv4 addresses.
What Happens Next?
IP Indexing is just the first step in our journey toward a revamp of the Flowmon Collector engine, aimed at scaling up overall performance by 2-7Xx (without indexing). Recently, we launched an AI-based feature that automatically processes all triggered events to pinpoint priorities, assisting security professionals in efficiently allocating their time rather than analyzing a high volume of events. Building on this, we plan to offer even more AI-based functionalities, such as automated suggestions for detection engine tuning. This will empower average users to become Flowmon proficient experts, maximizing detection accuracy without requiring a support from an security professional.
Find Out More
Visit the Flowmon platform page for details of Flowmon solution. Contact us to talk with an expert on how Flowmon can help improve your network’s visibility.
To request a free trial of Flowmon to see how it can deliver actionable insights for your organization in minutes, visit our free trial page. Our support team can assist during your free trial testing. Use the contact page to start a conversation with the support team.