According to a recent blog post on the Plixer International (News - Alert) website, a company that powers innovative NetFlow solutions, Palo Alto (News - Alert) Networks NetFlow support is coming soon and the company will be one of the first vendors to support it in its NetFlow Analyzer.
The team at Palo Alto Networks, the post noted, “not only supports traditional NetFlow, but they also support deep packet analysis to identify actual applications such as Skype, BitTorrent, Webex and more.”
Now, the issue here, as they say, is that many NetFlow analysis tools “mistakenly identify this traffic as HTTP (TCP 80).” Cisco (News - Alert) NetFlow NBAR is a similar technology, the post explains, “which makes network traffic monitoring much more informative especially when trying to perform root cause analysis.”
Support for these new reports comes in form of Scrutinizer v9 and Palo Alto Networks OS v4.1.
Blogger Michael Patterson (News - Alert) from Plixer wrote that NetFlow Network Behavior Analysis (NBA) systems have a limited impact on detecting threats. They are only suitable as a second or perhaps third layer of threat detection; however some companies offering NetFlow Threat Detection tools would have you believe otherwise.
"Gartner (News - Alert) says NBA is suitable as a complementary technology to intrusion detection and prevention software, which is effective for addressing network attacks that can be positively identified." As a huge NetFlow and IPFIX supporter, Patterson wrote, “I tend to agree that flow technologies can augment security practices, but can't replace them.”
In summary, he says, “NetFlow's threat detection value belongs as part of an internal UTM effort where potential threats detected are sent to a SEIM which will then look for other messages from appliances witnessing the same behavior of a host. If other threat detection efforts are not detecting the same suspicious behavior, perhaps a false positive can be avoided. Here's a thought: maybe the security appliance reporting the bad behavior should have an index whereby its accuracy for detecting legitimate threats could be graded over time.”
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO East 2012, taking place Jan. 31-Feb. 3 2012, in Miami, FL. ITEXPO offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. For more information on registering for ITEXPO registration click here.
Stay in touch with everything happening at ITEXPO. Follow us on Twitter.
David Sims is a contributing editor for TMCnet. To read more of David’s articles, please visit his columnist page. He also blogs for TMCnet here.
Edited by Jamie Epstein