Network Operations
Outstanding performance and flexibility
As part of the solution’s futureproofing, we have been reinventing the whole flow processing backend to be unveiled in Flowmon 12 later this year. This is the most radical architectural change in the product’s existence bringing 2-7x more performance in flow data processing and analysis (depending on query type) compared to previous versions on same hardware. In addition, it will feature improved flexibility in the support of new L7 fields or IPFIX extensions from third party flow sources.
Thanks to your feedback, the new dashboard will be more interactive with contextual actions available straight from the top view. Reporting within the Flowmon product suite will be redesigned so that the reports are easier to read and understand.
Complete visibility in hybrid environments
Existing support of cloud-native data sources from AWS will be expanded by flow logs from Microsoft Azure and Google Cloud. This will enable the Flowmon Collector to gather data from all major public cloud infrastructures, reaffirming its position as the #1 go-to solution for hybrid infrastructure monitoring.
Avoid future performance issues
Following this release is Flowmon 12.1 bringing predictive insight thanks to time series analysis. This feature will give you an informed warning of potential problems weeks before they may occur if the current trend continues, giving you plenty of time to avert any coming problems and shifting your ability to respond to problems from reactive to truly proactive.
It is particularly well suited for use cases like bandwidth monitoring and interpreting performance metrics (round-trip time, server-response time, retransmissions) over the long-term.
Figure 1 – Indicative topology visualization of application delivery (visuals may differ upon release)
Cloud and hybrid deployments in AWS will be able to process a broader spectrum of metadata by the addition of TCP flags in AWS flow logs, providing better data granularity and thus more reliable insights and anomaly detection.
Service providers, or anyone who has to deploy multiple Flowmon appliances, will welcome the option to perform configuration via code. This is a handy way to automate the deployment of a large number of appliances without any manual labor.
Intuitive asset monitoring
As a teaser for 2022, where Flowmon 12 brought a new backend, the Flowmon 13 will introduce a total change of workflow by performing network monitoring in terms of assets – subnets, networks, applications – painting a much more intuitive picture of the monitored environment.
In addition, the user interface will allow for relevant detail to be more accessible from the top-level view and more robust filtering options will help separate the information from the noise.
Figure 2 – Reimagined UI of Flowmon 13 (visuals may differ upon release)The solution’s built-in expertise will be expanded by flow quality analysis to enable the recognition of common problems in incoming flow data, thus helping to avoid the loss of fidelity due to misconfiguration or mismatch between the proprietary data formats from different vendors. This functionality enables the automatic recognition of issues in primary flow data that may affect accuracy.
Get more detail out of packets
Last year we transformed the Traffic Recorder by endowing it with built-in expertise and allowed it to perform automated root-cause analysis of captured packet data.
This year, we are improving upon what is now the Packet Investigator by adding new protocols in the 11.1 release and thus allowing it to cover a broader spectrum of scenarios, including certain industrial IoT cases.
Figure 3 – Full analysis tree
It will also feature a more streamlined presentation of analysis results designed to reduce noise and bring your attention to important findings.
Figure 4 – The Packet investigator’s new UI
Security Operations
Instant situational awareness
Being alerted to a security event is one thing but understanding what it means in the broader scope of the company assets is another. Flowmon ADS 11.3 will make your situational assessment much easier by introducing the MITRE ATT&CK matrix coming in spring 2021.
Figure 5 – MITRE ATT&CK dashboard
The MITRE ATT&CK is a framework that describes adversary activities from the initial steps through to impact. The ADS user interface leverages the framework to visualize the situation, allowing you to get an immediate picture and understand the scope of the breach, its severity, and anticipate its possible escalation.
In the spirit of this, the solution will expand on mapping detected events to MITRE ATT&CK categories and aggregate them by adversary tactics and present them in the framework’s terminology.
Cover more security scenarios
Arriving later this year is ADS 12 with an expanded arsenal of detection methods. Besides refining the existing ones, it will bring several new methods, such as techniques for exposing malware-generating domains using machine learning. The system will also extend its capability by the MODBUS, IEC104 protocols, enabling threat hunting and anomaly detection in ICS/SCADA environments.
Simple NDR capability provisioning
MSPs and large enterprises will welcome the support for the concept of multi-tenancy introduced in Flowmon 11 and validated by the industry. Multi-tenancy in ADS 12 will follow the concept of Flowmon and simplify the provisioning of NDR capabilities for MSP customers to consume.
Lastly, the system will receive a number of tuning enhancements to simplify the configuration of detection methods. For example, input flow filters will allow easier false-positive tuning by whitelisting certain occurrences, such as a high number of DNS queries generated by Office 365 which would otherwise be detected as an anomaly.
Bright future ahead
Last year brought many changes to our product and the company and this year will be no different. We are delighted you are with us, so together we may share the joy of exploring new horizons.