Flowmon ADS

Network Anomaly Detection Software

Powered by an intelligent detection engine, Flowmon's Anomaly Detection Software (ADS) leverages behavior analysis algorithms to detect anomalies concealed within network traffic to expose malicious behaviors, attacks against mission-critical applications, data breaches and indicators of compromise.

Launch demo
A pictures presents a dashboard view from the Flomon’s Anomaly Detection Software (ADS)

Flowmon ADS Benefits

Seal the Gap

Between perimeter and endpoint protection.

Expose Breaches

Ransomware, malware, insider & unknown threats, etc.

Use Machine Learning

Leverage intelligent technology to detect threats others miss.

Key Features

Advantage at Every Stage of Compromise Automated Detection and Response (NDR) Leverage Flowmon IDS Probe Powered by Suricata Minimize False Positives and Stay Focused

Advantage at Every Stage of Compromise

Flowmon ADS adds the network-centric layer of defense to your security matrix (see SOC Visibility Triad) to detect the slightest network anomalies that indicate the activity of unknown and insider threats undetectable by perimeter and endpoint security. Context-rich incident visualization in the MITRE ATT&CK® framework keeps you briefed on the scope, severity and future development of the breach.

A picture presents a MITRE ATT&CK tab view from the dashboard of Flowmon’s Network Anomaly Detection Tool

Automated Detection and Response (NDR)

Threats are detected early, instantly and automatically thanks to 40+ AI-based methods and 200+ algorithms. Reveal unknown threats, malware, ransomware, Windows DNS SIGRed exploitation, Trojan attacks or threats hidden in encrypted traffic. The Flowmon’s Anomaly Detection Software (ADS) can be integrated with network access control, authentication, firewall and other tools for immediate incident response.

A picture presents a dashboard view from Flowmon’s Anomaly Detection and Response tool that collaborates with the MITRE ATT&CK Matrix and the Anomaly Detection Software.

Leverage Flowmon IDS Probe Powered by Suricata

Flowmon ADS includes a built-in IDS collector that receives events from Flowmon IDS Probe powered by Suricata and allows the system to cover more attack vectors by combining the best of the two signature-less and signature-based approaches.

A picture presents a dashboard of the Flowmon’s IDS Probe powered by Suricata

Minimize False Positives and Stay Focused

Center on relevant issues only. The Anomaly Detection Software distinguishes between anomalies and normal traffic and only alerts you when a real danger occurs. Detected security events are ranked by severity, and the solution’s built-in expertise enhances your situational awareness and speeds up triage and response.

A picture presents the Events log dashboard of the Flowmon’s Anomaly Detection Software

The Anomaly Detection Software Features

Configuration Wizzard

The system comes with pre-defined configurations for a variety of network types and automatically adjusts the settings after the initial configuration by using a simple wizard. Then, by managing false positives, maximize the relevancy of detected events.

Attack Evidence and Analysis

Understand every suspicious event in its complexity. Context-rich evidence, vizualisation, network data or full packet traces for forensics allow taking decisive actions promptly.

Prioritization and Reporting

Use out-of-the-box prioritization or apply your own severity rules at a global, group or user level. Create custom dashboards for security, networking, IT helpdesk or managers based on their interests.

Advanced Action Triggering

Respond to attacks automatically through script-based integration with network or authentication tools. When detecting an event, Flowmon can connect to, e.g. Cisco ISE through pxGrid, and quarantine the malicious IP address.

Attack Recording Automation

Trigger full packet capture automatically when detecting an event. Thanks to the Rolling Memory Buffer, the recorded packet trace includes network data, even from the period before the attack started. Use a filter to store the particular attack communication only.

User Defined Methods

Create custom detection methods flexibly. Red flag malicious, unwanted or otherwise interesting traffic specific to the client's network environment or policies. You only need to create a rule in an SQL-like syntax.

Behavior Patterns

Detect misuse and suspicious behaviour of users, devices and servers. By understanding protocols such as DNS, DHCP, ICMP and SMTP you can reveal data exfiltration, reconnaissance, lateral movement and other unwanted activity.

“Flowmon is an integral part of a complex system that collects network data from partner institutions and detects traffic anomalies, allowing us to enhance the interception capability of each organization with a global security perspective.”

Stanislav Barta

Head of the NTA Department

NCISA

Anomaly Detection and Response Explained

  • 1. Detection
    Machine learning, adaptive baselining, heuristics, behavior patterns, reputation databases, signature-based detection – all combined into one versatile capability that examines network traffic from multiple points of view and thus covers a wider spectrum of scenarios.
  • 2. Reporting
  • 3. Triage
  • 4. Response
1. Detection
2. Reporting
3. Triage
4. Response

Flowmon ADS Integrations

Flowmon ADS serves as a critical source of information to log management, SIEM, big data platforms, incident handling or response tools. You may integrate it via syslog, SNMP, email, REST API or custom scripts.

icon telemetry

Network Telemetry

Leverage your existing infrastructure as sensors that generate NetFlow, IPFIX, sFlow, jFlow or NetStream from network devices and other data sources such as load balancers, public cloud platforms, firewalls, virtualization platforms and packet brokers.

icon reporting

Logging and Reporting

Feed your log management or SIEM system with comprehensive logging with context-rich syslog or SNMP messages. Maximize visibility across the IT environment or log events into your ticketing tools automatically.

icon misp

MISP

Draw on community threat intelligence and detect threats using Indicators of Compromise shared by over 6,000 MISP participants.

icon users

User Identity

See which user or hostname has taken part in an attack by collecting authentication system log data and correlating it in Flowmon. Any syslog-enabled authentication service or vendor is supported, including Cisco ISE and AD/LDAP.

icon umbrella

Attack Blocking and Response

Integrate Flowmon with firewalls, SDN controllers or other technologies for network access control or incident response to fully automate the reaction to a security incident. Or just script your own mitigation scenario to be triggered when a security event occurs.

Read More About the Anomaly Detection System 

1673 KB
Contact

Get in Touch

Do you have question around the solution or want to schedule a call. Write us a message.

Contact us
Trial

Request Free Trial

Get no-obligation 30-day trial of Flowmon in your network.

Get your trial today