Network control and management components communicate with one another through flows — information generated and collected in data's passage through the routers, switches, and other network components scattered throughout the network. Now, a company is putting flow information to a new use: protecting the network.
Netography has launched the open beta of a service it's calling Distributed IPS (Intrusion Prevention Service). The service uses multiple forms of flow data, including Sflow, NetFlow, and VPC flow, to analyze and act on network activity. "Switches, routers, and others are flow services," says Barrett Lyon, Netography's CEO. He explains that the flow data such items have generated traditionally has been telemetry data used for activities such as bandwidth management. "When we looked at it, you saw the you could use the information in there for other things," Lyon says.
Flow BeginsThe first flow format was NetFlow, introduced by Cisco in the mid-1990s to allow network administrators to analyze traffic sources and destinations, along with performance conditions and congestion causes. Roughly a decade later, the technology entered the IETF standards process. The standards-based flow is known as Internet Protocol Flow Information Export (IPFIX). IPFIX is used by a number of different network infrastructure vendors.
There are other flow services on the market, many of them proprietary services supported by a single vendor. One notable exception is Sflow, which is supported by more than two dozen vendors, including several — such as Cisco — that also have their own, proprietary flow formats.
Distributed IPS can be used to act on network flow information in several ways. "There are four ways you can do stuff ..
Support the originator by clicking the read the rest link below.
