Educause Security Discussion mailing list archives

Re: Netflow Analysis Software

From: "Avdagic, Indir" <indir_avdagic () WSU EDU>
Date: Wed, 4 May 2011 10:36:34 -0700

To collect NetFlow we use Scrutinizer NetFlow Analyzer and QRadar SIEM appliance. 

The strongest part of the Scrutinizer is their reporting solution called Flow Analytics. Flow Analytics  is able to 
report on top applications, conversations, flows, protocols, domains, countries, subnets, etc., across our switches and 
Cisco ASA appliances .

In addition, we use QRadar SIEM appliance to collect NetFlow from switches and logs from our servers and appliances 
across campus. Qradar is able to correlate  log events with the NetFlow data.

Using QRadar we are able to expands visibility into network activity, user and application activity, and we got an 
additional intelligence into potential offense sources across the entire network.

 

I hope this helps.

 

Regards,

 

Indir

 

______________________________

Indir Avdagic, CISSP, ACSA, TICSA, SEC+

Information Systems Security Manager

Washington State University  

indir_avdagic () wsu edu <mailto:indir_avdagic () wsu edu> 

Phone: (509) 335-3279



 

 

 

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of win-hied 
() bradjudy com
Sent: Wednesday, May 04, 2011 8:25 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Netflow Analysis Software

 

We use Lancope at Emory and have been pretty happy with the product.  We recently refreshed our hardware and are 
looking forward to the major version release 
(http://netflowninjas.lancope.com/blog/2011/02/announcing-stealthwatch-60.html).  It's supposed to add some interesting 
new features. 

 

We aren't using their sensors, just sFlow and Netflow out of our networking gear.

 

I haven't used the Fluke or SloarWinds products, but Lancope seems to have more of a security slant than those products 
(at least going by the webpages). 

 

Brad Judy

 

On May 4, 2011 at 11:13 AM Mike Iglesias <iglesias () UCI EDU> wrote:

On 05/04/2011 07:24 AM, Miller,James R wrote:

We are looking at adding Netflow analysis to our networking toolkit. Has
anyone had good or bad success with any particular vendors? Right now we are
looking at Solar Winds and Fluke. Any comments or suggestions would be greatly
appreciated.


Another one is Lancope.  I don't know much about them, I stopped by their
booth at Educause SPC last month.  The product looked nice.


--
Mike Iglesias                          Email:       iglesias () uci edu
University of California, Irvine       phone:       949-824-6926
Office of Information Technology       FAX:         949-824-2270

Current thread:

Re: Netflow Analysis Software, (continued)
- - Re: Netflow Analysis Software Miller,James R (May 04)
    - Re: Netflow Analysis Software Dr. Wole Akpose (May 04)
    - Re: Netflow Analysis Software Miller,James R (May 04)
  - Re: Netflow Analysis Software Bradley, Stephen W. Mr. (May 04)
  - Re: Netflow Analysis Software Justin Azoff (May 04)
    - Re: Netflow Analysis Software Jason Chambers (May 09)
- Re: Netflow Analysis Software Mike Iglesias (May 04)
  - Re: Netflow Analysis Software Joel Rosenblatt (May 04)
  - Re: Netflow Analysis Software win-hied () bradjudy com (May 04)
    - Re: Netflow Analysis Software Troy S. Jordan (May 04)
    - Re: Netflow Analysis Software Avdagic, Indir (May 04)
    - Re: Netflow Analysis Software Michael Jewett (May 04)
    - Re: Netflow Analysis Software Drews, Adam (May 04)
- Re: Netflow Analysis Software Greene, Chip (May 04)
- Re: Netflow Analysis Software Bob Doyle (May 05)