Re: Netflow Analysis Software

["Drews, Adam" <adrews () JJC EDU>]

Chalk another one up for QRadar.

Adam
On May 4, 2011, at 12:56 PM, Michael Jewett wrote:

> I can second the qRadar product.  I've been using it long before it was called qRadar.  It was developed here at UNB 
> and was originally just just a netflow analyzer.  Then the developers took it to market and have added so much more 
> functionality, including SIEM.
>
> It has saved us may hours/days of time over the years.
>
> Michael
>
> -- 
>   Michael Jewett
>   Assistant Director, Information Technology Security
>   Integrated Technology Services
>   University of New Brunswick, Fredericton, NB
>   mgj () unb ca       (506) 447-3022       (506) 453-3590 (FAX)
>
>   ITS@UNB - Services, Solutions, Strategies
>   ITS is a scent-reduced workplace – www.unbf.ca/its/policies
>
> On 2011-05-04 2:36 PM, Avdagic, Indir wrote:
> > To collect NetFlow we use Scrutinizer NetFlow Analyzer and QRadar SIEM
> > appliance.
> >
> > The strongest part of the Scrutinizer is their reporting solution called
> > Flow Analytics. Flow Analytics  is able to report on top applications,
> > conversations, flows, protocols, domains, countries, subnets, etc.,
> > across our switches and Cisco ASA appliances .
> >
> > In addition, we use QRadar SIEM appliance to collect NetFlow from
> > switches and logs from our servers and appliances across campus. Qradar
> > is able to correlate  log events with the NetFlow data.
> >
> > Using QRadar we are able to expands visibility into network activity,
> > user and application activity, and we got an additional intelligence
> > into potential offense sources across the entire network.
> >
> > I hope this helps.
> >
> > Regards,
> >
> > Indir
> >
> > *______________________________*
> >
> > *Indir Avdagic, CISSP, ACSA, TICSA, SEC+*
> >
> > Information Systems Security Manager
> >
> > Washington State University
> >
> > indir_avdagic () wsu edu <mailto:indir_avdagic () wsu edu>
> >
> > Phone: (509) 335-3279
> >
> > *From:*The EDUCAUSE Security Constituent Group Listserv
> > [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *win-hied () bradjudy com
> > *Sent:* Wednesday, May 04, 2011 8:25 AM
> > *To:* SECURITY () LISTSERV EDUCAUSE EDU
> > *Subject:* Re: [SECURITY] Netflow Analysis Software
> >
> > We use Lancope at Emory and have been pretty happy with the product. We
> > recently refreshed our hardware and are looking forward to the major
> > version release
> > (http://netflowninjas.lancope.com/blog/2011/02/announcing-stealthwatch-60.html).
> > It's supposed to add some interesting new features.
> >
> > We aren't using their sensors, just sFlow and Netflow out of our
> > networking gear.
> >
> > I haven't used the Fluke or SloarWinds products, but Lancope seems to
> > have more of a security slant than those products (at least going by the
> > webpages).
> >
> > Brad Judy
> >
> > On May 4, 2011 at 11:13 AM Mike Iglesias <iglesias () UCI EDU
> > <mailto:iglesias () UCI EDU>> wrote:
> >
> > > On 05/04/2011 07:24 AM, Miller,James R wrote:
> > > > We are looking at adding Netflow analysis to our networking
> > toolkit. Has
> > > > anyone had good or bad success with any particular vendors? Right
> > now we are
> > > > looking at Solar Winds and Fluke. Any comments or suggestions would
> > be greatly
> > > > appreciated.
> > >
> > > Another one is Lancope. I don't know much about them, I stopped by their
> > > booth at Educause SPC last month. The product looked nice.
> > >
> > >
> > > --
> > > Mike Iglesias Email: iglesias () uci edu <mailto:iglesias () uci edu>
> > > University of California, Irvine phone: 949-824-6926
> > > Office of Information Technology FAX: 949-824-2270

Adam Drews
Information Security Analyst
Information Security Office
 
Joliet Junior College
1215 Houbolt Rd.
Joliet, IL  60431
P: (815) 280-2667
F: (815) 280-2668