Netflow and IPFIX have been important elements of network security and network performance management for a long time, but as network speeds have increased, the typical sources of Netflow data, such as switches and routers, have not been able to keep up with the demand. This means that organisations are using more and more sampled Netflow and IPFIX data, sampling as high as 1 in 1000 in some cases. This is OK for long term trending of network usage, but it is very dangerous when looking at network security, as those organisations have reduced their chances of seeing a threat by the same amount. Any security tool that uses Netflow and IPFIX as a primary data source, such as NBAD or DDoS detection, is immediately devalued by this sampling.
EndaceFlow Netflow Generators remove this problem by producing unsampled Netflow or IPFIX records on high speed networks, protecting an organisation’s investment in flow analytic tools and providing certainty to the output of these tools.
EndaceFlow is available as a Virtual Machine for the EndaceProbes, or as a dedicated appliance that can ingest as much as 40Gbps of network traffic and output up to 16 million flow records per second, making it suitable for even the largest of networks.