Flowmon ADS uses several detection mechanisms that combine into one versatile capability that can examine network traffic from several points of view and thus cover a wider array of scenarios.
An attacker is trying to brute-force their way past security. Using entropy modeling, Flowmon ADS picks up the repetitive nature of the attack and identifies it as a dictionary attack.
One device has exceeded the average for DNS queries several times over a short period of time. In other words, this device is an outlier to the rest of the devices in the network indicating it is being used for data exfiltration.
The system registers the following symptoms: a device has contacted a number of other devices worldwide, selected some of them, ran simultaneous downloads from them, all of which ended at the same time. The conclusion is that the device is using bittorrent.
Inbuilt intelligence which has learned standard traffic patterns for different network protocols red flags an ICMP communication normally used for diagnostic and control purposes. The packets in this communication are much larger than normal, indicating that a payload is being transferred. Further investigation reveals exfiltration of user credentials controlled by malware.
Flowmon threat intelligence keeps itself up-to-date with the latest reputation feeds and indicators of compromise. It uses the blacklist method to compare the network against reputation databases and community threat intelligence (MISP) and can detect a variety of behaviors, e.g. communication with a botnet command center.
Flowmon ADS incorporates Suricata IDS for signature-based detection. It can pick up suspicious patterns in the detection and operate with them in the ADS user interface as normal detected events
Report and Visualise
The analytical view provides context-rich visualization of attacks with drill-down analysis for a detailed understanding of what is happening.
Segmentation and Prioritization
Incidents are ranked according to your priorities with an easy-to-use customization wizard that builds upon battle-tested out-of-the-box configuration.
Flowmon ADS can be integrated with network access control, authentication, firewall or other tools for immediate incident response.
is a partner centric technology distributor that specialize
in secure IT networking solutions, services and support. Principals
and resellers partnering with us for proven expertise, enablement
resources and overall business execution. We are a preferred
distribution partner for many of today's leading and emerging
networking and security products including SOPHOS, Cyberoam,
Kemp, Paessler, Acunetix, Parallels, IP-guard, Altaro, AISHU,
SonicWall, Mushroom Network, Info Express & etc.