Re: Netflow Analysis Software

[Michael Jewett <mgj () UNB CA>]

I can second the qRadar product.  I've been using it long before it was 
called qRadar.  It was developed here at UNB and was originally just 
just a netflow analyzer.  Then the developers took it to market and have 
added so much more functionality, including SIEM.

It has saved us may hours/days of time over the years.

Michael

--
   Michael Jewett
   Assistant Director, Information Technology Security
   Integrated Technology Services
   University of New Brunswick, Fredericton, NB
   mgj () unb ca       (506) 447-3022       (506) 453-3590 (FAX)

   ITS@UNB - Services, Solutions, Strategies
   ITS is a scent-reduced workplace – www.unbf.ca/its/policies

On 2011-05-04 2:36 PM, Avdagic, Indir wrote:
> To collect NetFlow we use Scrutinizer NetFlow Analyzer and QRadar SIEM
> appliance.
>
> The strongest part of the Scrutinizer is their reporting solution called
> Flow Analytics. Flow Analytics  is able to report on top applications,
> conversations, flows, protocols, domains, countries, subnets, etc.,
> across our switches and Cisco ASA appliances .
>
> In addition, we use QRadar SIEM appliance to collect NetFlow from
> switches and logs from our servers and appliances across campus. Qradar
> is able to correlate  log events with the NetFlow data.
>
> Using QRadar we are able to expands visibility into network activity,
> user and application activity, and we got an additional intelligence
> into potential offense sources across the entire network.
>
> I hope this helps.
>
> Regards,
>
> Indir
>
> *______________________________*
>
> *Indir Avdagic, CISSP, ACSA, TICSA, SEC+*
>
> Information Systems Security Manager
>
> Washington State University
>
> indir_avdagic () wsu edu <mailto:indir_avdagic () wsu edu>
>
> Phone: (509) 335-3279
>
> *From:*The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *win-hied () bradjudy com
> *Sent:* Wednesday, May 04, 2011 8:25 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] Netflow Analysis Software
>
> We use Lancope at Emory and have been pretty happy with the product. We
> recently refreshed our hardware and are looking forward to the major
> version release
> (http://netflowninjas.lancope.com/blog/2011/02/announcing-stealthwatch-60.html).
> It's supposed to add some interesting new features.
>
> We aren't using their sensors, just sFlow and Netflow out of our
> networking gear.
>
> I haven't used the Fluke or SloarWinds products, but Lancope seems to
> have more of a security slant than those products (at least going by the
> webpages).
>
> Brad Judy
>
> On May 4, 2011 at 11:13 AM Mike Iglesias <iglesias () UCI EDU
> <mailto:iglesias () UCI EDU>> wrote:
>
>  > On 05/04/2011 07:24 AM, Miller,James R wrote:
>  > > We are looking at adding Netflow analysis to our networking
> toolkit. Has
>  > > anyone had good or bad success with any particular vendors? Right
> now we are
>  > > looking at Solar Winds and Fluke. Any comments or suggestions would
> be greatly
>  > > appreciated.
>  >
>  > Another one is Lancope. I don't know much about them, I stopped by their
>  > booth at Educause SPC last month. The product looked nice.
>  >
>  >
>  > --
>  > Mike Iglesias Email: iglesias () uci edu <mailto:iglesias () uci edu>
>  > University of California, Irvine phone: 949-824-6926
>  > Office of Information Technology FAX: 949-824-2270