Network threat detection using Flow analytics (NetFlow, IPFIX, sFlow and jFlow ) is a valuable enhancement to network monitoring.  So then, implementing a SIEM platform that has native integration with all types of flows takes network security to the next level, combining the ultimate threat detection solution with the in-built SIEM capabilities.

Isn’t a SIEM Enough?

So, you say, I already have network security monitoring in place with my SIEM solution.  Why do I need more?

With Flows( NetFlow, IPFIX, sFlow and jFlow ), security monitoring easily becomes cyber security monitoring, detecting DDoS attacks, malware outbreaks, data exfiltration, and much more.

This Flow (NetFlow, IPFIX, sFlow and jFlow ) cyber security monitoring is based on network traffic algorithms – pattern matching on specific traffic patterns indicative of malicious behavior.  The algorithms are constantly searching for the patterns indicating threats, then generating alarms based on those violations. 

Adding the cyber threat alarms generated from the Flow (NetFlow, IPFIX, sFlow and jFlow ) threat detection algorithms to the default log collection and correlation capabilities of a SIEM provides more focused data to include in the data aggregation. 

Also, you now have more finely tuned logs to correlate with the logs coming from the other sources on your network that you are already collecting from. 

Taking it further, it’s not just cyber threats that Flow (NetFlow, IPFIX, sFlow and jFlow) analyzing can provide.  Cyber threats are the current big ticket items in network threat detection, including threats such as malware command and control servers, botnets, port scans – but it doesn’t stop there.

In addition to those network threats, you can also detect malicious or unwanted traffic unique to your environment. 

If this totally fascinates you and you’d like to see how you can implement a SIEM solution that ingests ALL types of flows (NetFlow, jFlow, sFlow, IPFIX) across ALL core network devices such as Internet Firewalls, ,DC Firewalls, 3rd Party ot Extranet Firewalls, Core Switches, Core or Aggregate Routers, Spines and Border Leaf switches amongst others, please shoot us some lines at info@smsam.net for a demo!