Educause Security Discussion mailing list archives
Re: Netflow Analysis Software
From: Michael Jewett <mgj () UNB CA>
Date: Wed, 4 May 2011 14:56:25 -0300
I can second the qRadar product. I've been using it long before it was called qRadar. It was developed here at UNB and was originally just just a netflow analyzer. Then the developers took it to market and have added so much more functionality, including SIEM.
It has saved us may hours/days of time over the years. Michael -- Michael Jewett Assistant Director, Information Technology Security Integrated Technology Services University of New Brunswick, Fredericton, NB mgj () unb ca (506) 447-3022 (506) 453-3590 (FAX) ITS@UNB - Services, Solutions, Strategies ITS is a scent-reduced workplace www.unbf.ca/its/policies On 2011-05-04 2:36 PM, Avdagic, Indir wrote:
To collect NetFlow we use Scrutinizer NetFlow Analyzer and QRadar SIEM appliance. The strongest part of the Scrutinizer is their reporting solution called Flow Analytics. Flow Analytics is able to report on top applications, conversations, flows, protocols, domains, countries, subnets, etc., across our switches and Cisco ASA appliances . In addition, we use QRadar SIEM appliance to collect NetFlow from switches and logs from our servers and appliances across campus. Qradar is able to correlate log events with the NetFlow data. Using QRadar we are able to expands visibility into network activity, user and application activity, and we got an additional intelligence into potential offense sources across the entire network. I hope this helps. Regards, Indir *______________________________* *Indir Avdagic, CISSP, ACSA, TICSA, SEC+* Information Systems Security Manager Washington State University indir_avdagic () wsu edu <mailto:indir_avdagic () wsu edu> Phone: (509) 335-3279 *From:*The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *win-hied () bradjudy com *Sent:* Wednesday, May 04, 2011 8:25 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Netflow Analysis Software We use Lancope at Emory and have been pretty happy with the product. We recently refreshed our hardware and are looking forward to the major version release (http://netflowninjas.lancope.com/blog/2011/02/announcing-stealthwatch-60.html). It's supposed to add some interesting new features. We aren't using their sensors, just sFlow and Netflow out of our networking gear. I haven't used the Fluke or SloarWinds products, but Lancope seems to have more of a security slant than those products (at least going by the webpages). Brad Judy On May 4, 2011 at 11:13 AM Mike Iglesias <iglesias () UCI EDU <mailto:iglesias () UCI EDU>> wrote: > On 05/04/2011 07:24 AM, Miller,James R wrote: > > We are looking at adding Netflow analysis to our networking toolkit. Has > > anyone had good or bad success with any particular vendors? Right now we are > > looking at Solar Winds and Fluke. Any comments or suggestions would be greatly > > appreciated. > > Another one is Lancope. I don't know much about them, I stopped by their > booth at Educause SPC last month. The product looked nice. > > > -- > Mike Iglesias Email: iglesias () uci edu <mailto:iglesias () uci edu> > University of California, Irvine phone: 949-824-6926 > Office of Information Technology FAX: 949-824-2270
Current thread:
- Re: Netflow Analysis Software, (continued)
- Re: Netflow Analysis Software Dr. Wole Akpose (May 04)
- Re: Netflow Analysis Software Miller,James R (May 04)
- Re: Netflow Analysis Software Bradley, Stephen W. Mr. (May 04)
- Re: Netflow Analysis Software Justin Azoff (May 04)
- Re: Netflow Analysis Software Jason Chambers (May 09)
- Re: Netflow Analysis Software Mike Iglesias (May 04)
- Re: Netflow Analysis Software Joel Rosenblatt (May 04)
- Re: Netflow Analysis Software win-hied () bradjudy com (May 04)
- Re: Netflow Analysis Software Troy S. Jordan (May 04)
- Re: Netflow Analysis Software Avdagic, Indir (May 04)
- Re: Netflow Analysis Software Michael Jewett (May 04)
- Re: Netflow Analysis Software Drews, Adam (May 04)