What is FlowPro?¶
Overview¶
Complete visibility of network traffic is key to managing your network, protecting your assets, and investigating security incidents. Whether you need to monitor traffic in remote offices, in an isolated data closet, or in a data center, FlowPro provides the information you need to perform root-cause analysis of both network performance and security events.
FlowPro comes with several different licensing options. Explanations of each option are listed below.
FlowPro license¶
The basic FlowPro license allows for complete visibility of your network traffic by creating flow data to send to an IPFIX collector to monitor traffic where visibility is limited. FlowPro simply captures the network traffic and generates IPFIX records of the traffic without performing any additional processing.
More features and functionality are available with additional licensing as described below.
FlowPro APM (Application Performance Monitor) license¶
With the FlowPro APM (Application Performance Monitoring) licensing, the FlowPro captures network traffic and creates flow data to send to an IPFIX collector to monitor traffic where visibility is limited. In addition to network traffic, FlowPro APM passively monitors traffic and performs three operations depending on the configuration:
- Latency information on clients, servers, and Layer 7 applications through Deep Packet Inspection (DPI)
- Traffic metrics related to SIP/RTPs and voice quality
- Operates in both modes at the same time
Note
If additional interfaces will be added to the Virtual Appliance, that must be completed prior to requesting the FlowPro APM license.
FlowPro Defender license¶
The FlowPro with the FlowPro Defender licensing captures network traffic to provide additional visibility into the traffic within or transiting the organization. It passively monitors the traffic and can perform the following operation on the data:
Monitor DNS traffic to identify indicators of malware compromise, including BotNet detection, DNS lookups of domains that are likely associated with malware and identification of malware utilizing DNS for data exfiltration and / or command and control.
In this mode, FlowPro is processing the DNS traffic, comparing DNS Queries to a domain reputation list and matching DNS queries with responses to identify abnormal DNS traffic. Examples of traffic monitored include detection of no existing domain (NXDOMAIN) responses and identification of long and complete DNS names that do not properly resolve.
Additional Capabilities with the FlowPro Defender license¶
- Monitor other types of DNS messages, such as the use of DNS TXT messaging as a means to bypass firewall restrictions and allow direct communications between an outside host and an internal asset.
- Allows the user to create their own “white lists” to prevent allowed domains from triggering alerts, as well as their own “blacklist” to augment the Plixer-supplied domain reputation lists.
- Can be used in either or both modes simultaneously in any combination on any or all of the available monitoring ports. FlowPro is available as an appliance appropriately sized to the user’s network or as a Virtual Appliance download.
FlowPro APM-Defender license¶
This licensing option includes the licensing options listed below:
- FlowPro APM (Application Performance Monitoring) licensing
- FlowPro Defender licensing
Enabling and disabling any of the available features and functionality can be performed using the associated enable or disable command.