BreachBytes

NetFlow data is ubiquitous and people other than network engineers are taking notice. Security analysts need to be aware that NetFlow data can be easily collected (odds are that your routers support some form of NetFlow) and analyzed for network security operations given the right tools. This CISCO-centric blog post has a good list of useful software solutions for NetFlow analysis relevant to security analysts. At their core, all the tools listed but one—Net/FSE by Packet Analytics—are not network security specific but can certainly be leveraged for this purpose.

Another good list of tools can be found at Network Uptime. There is some overlap with tools listed in the blog post but this list is clearly laid out with summaries, links and screenshots to the various download sites.

Lastly, it never hurts to check various open source software repositories like SourceForge for the latest in NetFlow software packages. A quick search on “NetFlow” returned 50 projects. Sorting by the number of downloads showed that ntop was the most popular by a long shot.

Since most of this software is written for network operations purposes, it can be challenging to find features and functionality relevant to security operations. In future posts we will be examining some of these software solutions and focusing on how they can benefit network security analysts.

This entry was posted on Friday, December 14th, 2007 at 11:09 am and is filed under NetFlow for Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.