SOLUTION FOR ISP

Regional internet providers

ARE YOU CONSIDERING WHAT THE FUTURE

OF NETWORKS WILL LOOK LIKE?

IF YOU’RE LOOKING IN THE SAME DIRECTION, FLOWCUTTER

IS FOR YOU!

Elements

One UI to rule them all

It’s quite often within NOC/SOC that admins are using multiple tools for different kinds of telemetries, each with its own user interface. The 21st century approach is to collect many data sources, but display them in one unified UI. 

Such an interface should be friendly, universal and open-source. Grafana + FLOWCUTTER Datasource allows for: 

  • Custom dashboards
  • Custom visualizations
  • Custom alarms

      Elements

      Alerting and network health

      Each network is unique, with different segmentation, traffic composition. In order to be able to observe change in network behavior, monitoring has to be fine tuned individually. Don’t assume that vendor’s approach is the best for your network.

      • Monitors – preventive indicators defined as any arbitrary cut of flow dataset
      • Custom fixed and adaptive threshold and detection rules

      Elements

      Vulnerability scan

      We regularly scan the assigned IP ranges, identify open ports (e.g., 80), determine which applications are providing services (e.g., Apache 2.4), and most importantly, identify the vulnerabilities associated with them (CVE). We assign a “severity” level to the findings on your behalf, making it easier for you to prioritize what needs to be addressed and what can be deferred.

      Each of our customers thus receives a detailed and auditable overview (e.g., of their infrastructure devices or company ranges).

       

      FEATURES

      WE HAVE SOMETHING EXTRA

      Fastest backend

      Nobody knows what the future brings. We don’t know where and what problem in network we are going to investigate tomorrow. Hence, the most important for any analyst is AD HOC query response speed.

      • FC queries raw dataset, no simplified aggregations
      • Thus you can make any query you think of

      Horizontal scaling of backend assures fast response even in huge datasets (1M+fps)

      Non-invasive network probe

      Physical installation of FLOWCUTTER’s network probe is non-invasive for the provider’s infrastructure, ensured by utilization of so-called network TAPs. In the rare case of monitoring breakdown, operation of the network isn’t influenced at all.

      Moreover, FC probe can simultaneously export IPFIX and sampled sFlow. It allow for very fast volumetric DDoS detection.


      FC Cloud

      All benefits of a physical FLOWCUTTER collector can be delivered as a service.

      This service runs on our cloud. We prepared utilities for easy and secure transport of your telemetry to our cloud.

      Openness

      A traffic analysis tool cannot live in isolation. It should play fair with other boxes in your NOC/SOC software stack. 

      • Support all formats: sFlow, Netflow, syslog, … 
      • Provide full access & control via API 

      Export to open-source telemetry databases (e.g. Prometheus, Zabbix, Citrix)

      Data enrichment

      Raw data enrichment helps any tool to serve “in your network’s image”. 

      FC enriches with following fields: 

      • GeoIP location
      • ASN for Peering 
      • Custom fields enrichment, e.g. ids of your services or end customers
      Anomaly and threat detection

      Our networks take place on the complex battlefield of today’s cyber warfare.

      Every new technology and update brings new vulnerabilities. Pro network operators and their customers is responsible to detect threat from network traffic, such as:

      • Volumetric DDoS
      • Communication with known malware C2C 
      • Lateral movement (e.g. open SSH/ Telnet port scans) 
      • Brute-force attacks
      • Exfiltration of sensitive databases via ICMP or DNS protocol
      • Anomalies in BGP routing
      Fast mitigation

      Example: My custom Monitor detects DNS packets flooding directed to your resolver. 

      What I need at that time is to quickly obtain context of a potential attack / issue. Only this way, I can mitigate the problem efficiently. 

      • A rule for firewall / shaping 
      • BGP FlowSpec
      Multi-tenant as a service for customers

      You can provide your most challenging customers with FLOWCUTTER as a service.

      Multi-tenant solution is a form of cloud architecture within which multiple clients share the same hardware resources.

      It means that several sub-networks or big customers of a service provider can utilize the one and the same FLOWCUTTER collector, each with his/her own credentials, setup, and dataset.

      Anomaly detection

      Effective data analysis

      Reliable source of forensic data

      Forensic data is fundamental

      WE KNOW THAT EVERY NETWORK HAS ITS SPECIFICS

      TOGETHER, WE WILL FIND A SOLUTION FOR YOUR PROJECT