Network Monitoring with Flowmon

Companies, organizations, and even daily life increasingly rely on complex IT networks, which is why the security of these networks has become a focal point. The exponentially growing amount of data flowing through these networks makes it essential to take proactive measures to ensure the integrity, availability, and confidentiality of information.

Network monitoring has proven to be a crucial tool in meeting these requirements. It not only enables real-time monitoring of networks but also early detection of potential threats that could cause security breaches and downtime.

In this article, we'll take a closer look at Flowmon.

Flowmon Makes Network Activity Visible

Flowmon, a mature network monitoring software from Progress, makes network activity visible, detects anomalies, and can respond automatically.

Flowmon has a modular structure and is suitable for networks of any size and complexity. A minimum setup requires at least one Flowmon Collector and the Flowmon Probe.

Flowmon Collector – Collecting Network Data

The Flowmon Collector gathers network data and forwards it as flow data to the Flowmon Probe. There can be multiple "Collectors" in a network, depending on the expected bandwidth and how isolated a network is built.
Ideally, data is forwarded directly to the "Collector" as raw data as it appears in the network. This is done through a SPAN or mirror port on the central network switches. Of course, Flowmon also works with well-known network monitoring protocols such as NetFlow or sFlow.

Flowmon Probe – Analyzing Network Data

The Flowmon Probe collects flow data from all Flowmon Collectors and stores it for further analysis. Various dashboards help visualize what's happening in the network. This allows network problems to be analyzed and isolated quickly and efficiently.

Flowmon ADS – Detecting and Responding to Anomalies

Flowmon ADS analyzes the flow data received by the Flowmon Probe in real-time, detects potential threats and attacks, and can respond fully automatically. Flowmon ADS utilizes the MITRE ATT&CK® Framework to recognize attack patterns of known attacks. Furthermore, ADS continuously learns which hosts communicate with whom and how (ports, protocols, times, etc.) in the network and thus detects anomalies that may indicate potential cyber attacks (lateral movement, data exfiltration, network scans, etc.).

Thanks to the configuration of Advanced Actions, Flowmon ADS can execute various user-defined actions when attacks are detected to ensure network protection. For example, scripts can be executed that isolate individual suspicious hosts or even entire subnets from the rest of the network via firewalls to prevent a cyber attack from spreading further.

Flowmon ADS also supports forensic analysis of attacks by summarizing and chronologically displaying all affected network connections.

Flowmon FPI – Analyzing Network Packets

Flowmon FPI helps analyze network packets, allowing communication problems in the network to be quickly and efficiently isolated and resolved. The use of tools like Wireshark or similar becomes unnecessary.

Flowmon APM – Monitoring Application Performance

Flowmon APM monitors application performance from the user's perspective. Thanks to information about the round-trip-time (RTT) of data packets, it's possible to monitor SLA (Service Level Agreement) compliance, and application performance problems become known before the first users contact the helpdesk.

NIST Cybersecurity Framework and Flowmon

Flowmon operates across all five functions of the NIST Cybersecurity Framework, making it ideal for significantly increasing the visibility and security of IT networks.

• Identify: Flowmon automatically detects new systems in the network and can generate an alarm. This ensures that new systems are correctly identified so they can be protected.
• Protect: continuous network monitoring ensures that anomalies are detected.
• Detect: attacks and network problems are detected in real-time and relevant parties are informed.
• Respond: Flowmon automatically responds to attacks and can - depending on configuration - isolate hosts and/or subnets from the network via firewall scripts to prevent attack spread.
• Recover: the attack can be quickly and easily analyzed forensically. This makes it easy to identify affected systems, which can significantly accelerate the recovery process.

Backup ONE and Flowmon

Backup ONE has evaluated Flowmon as the tool for network monitoring. We work with Flowmon to ensure the protection of our customers' data and can help you implement Flowmon in your network. Simply contact us.