What is FlowPro¶
The FlowPro Series comes in a variety of flavors. Below is an explanation of the differences between each option available.
Complete visibility of network traffic is key to managing your network, protecting your assets, and investigating security incidents. Whether you need to monitor traffic in remote offices, in an isolated data closet, or in a data center, FlowPro provides the information you need to perform root-cause analysis of both network performance and security events.
FlowPro APM (Application Performance Monitor)¶
FlowPro APM (Application Performance Monitoring) captures network traffic and creates flow data to send to an IPFIX collector to monitor traffic where visibility is limited. In addition to network traffic, FlowPro APM passively monitors traffic and performs three operations depending on the configuration:
- Latency information on clients, servers, and Layer 7 applications through Deep Packet Inspection (DPI)
- Traffic metrics related to SIP/RTPs and voice quality
- Operates in both modes at the same time
FlowPro Defender Primary Operations¶
FlowPro Defender captures network traffic to provide additional visibility into the traffic within or transiting the organization. It passively monitors the traffic and can perform two operations on the data:
1. Creating flow data to send to an IPFIX collector to monitor traffic where visibility is limited. When operating in this manner, FlowPro Defender simply captures the network traffic and generates IPFIX records of the traffic without performing any additional processing.
2. Monitoring DNS traffic to identify indicators of malware compromise, including BotNet detection, DNS lookups of domains that are likely associated with malware and identification of malware utilizing DNS for data exfiltration and / or command and control.
In this mode, FlowPro Defender is processing the DNS traffic, comparing DNS Queries to a domain reputation list and matching DNS queries with responses to identify abnormal DNS traffic. Examples of traffic monitored include detection of no existing domain (NXDOMAIN) responses and identification of long and complete DNS names that do not properly resolve.
Additional FlowPro Defender Capabilities
- monitors other types of DNS messages, such as the use of DNS TXT messaging as a means to bypass firewall restrictions and allow direct communications between an outside host and an internal asset.
- allows the user to create their own “white lists” to prevent allowed domains from triggering alerts, as well as their own “blacklist” to augment the Plixer-supplied domain reputation lists.
- can be used in either or both modes simultaneously in any combination on any or all of the available monitoring ports. FlowPro Defender is available as an appliance appropriately sized to the user’s network or as a Virtual Appliance download.