Next Previous




PRODUCTS > Flowmon > Flowmon ADS
Flowmon ADS - How It Works

How It Works 

Detection Process

Flowmon ADS uses several detection mechanisms that combine into one versatile capability that can examine network traffic from several points of view and thus cover a wider array of scenarios.
  • Machine learning

An attacker is trying to brute-force their way past security. Using entropy modeling, Flowmon ADS picks up the repetitive nature of the attack and identifies it as a dictionary attack.
  • Adaptive baselining

One device has exceeded the average for DNS queries several times over a short period of time. In other words, this device is an outlier to the rest of the devices in the network indicating it is being used for data exfiltration.
  • Heuristics

The system registers the following symptoms: a device has contacted a number of other devices worldwide, selected some of them, ran simultaneous downloads from them, all of which ended at the same time. The conclusion is that the device is using bittorrent.
  • Behavior patterns

Inbuilt intelligence which has learned standard traffic patterns for different network protocols red flags an ICMP communication normally used for diagnostic and control purposes. The packets in this communication are much larger than normal, indicating that a payload is being transferred. Further investigation reveals exfiltration of user credentials controlled by malware.
Flowmon threat intelligence keeps itself up-to-date with the latest reputation feeds and indicators of compromise. It uses the blacklist method to compare the network against reputation databases and community threat intelligence (MISP) and can detect a variety of behaviors, e.g. communication with a botnet command center.
  • Signature-based detection

    Flowmon ADS incorporates Suricata IDS for signature-based detection. It can pick up suspicious patterns in the detection and operate with them in the ADS user interface as normal detected events

Report and Visualise

The analytical view provides context-rich visualization of attacks with drill-down analysis for a detailed understanding of what is happening.

Segmentation and Prioritization

Incidents are ranked according to your priorities with an easy-to-use customization wizard that builds upon battle-tested out-of-the-box configuration.


Flowmon ADS can be integrated with network access control, authentication, firewall or other tools for immediate incident response.




SecureOne is a partner centric technology distributor that specialize in secure IT networking solutions, services and support. Principals and resellers partnering with us for proven expertise, enablement resources and overall business execution. We are a preferred distribution partner for many of today's leading and emerging networking and security products including SOPHOS, Cyberoam, Kemp, Paessler, Acunetix, Parallels, IP-guard, Altaro, AISHU, SonicWall, Mushroom Network, Info Express & etc.

Copyright © SecureOne Distribution Sdn Bhd. All Rights Reserved