FlowMatrix is Network Anomaly Detection and Network Behavioral Analysis (NBA) System, which in fully automatic mode constantly monitors your network using NetFlow records from your routers and other network devices in order to identify relevant anomalous security and network events.
In addition, new release of FlowMatrix, (ver.0.9.62 and later) supports Network Applications Behavior Analysis. This means you can define 3 groups of applications to monitor and FlowMatrix will automatically create a baseline for each of them, just like it does for network. When the baseline is crossed a security event is triggered. This allows you to catch many attacks, exploits and other security violations on more granular level giving you even better visibility to your network and network applications envoronment.
Características principales:
- Performs continuous 27x7 fully automatic behavioral analysis of your network traffic to identify relevant anomaly security and network events.
- Performs continuous 27x7 fully automatic behavioral analysis of your 3 groups of network applications traffic to identify relevant anomaly security and network events.
- Classifies each reported anomaly event (when possible) as belonging to proper class of security or network events (DDoS, Scans, Alpha flows, network outages etc.).
- Collects and presents relevant detailed information for each anomalous event so you can drill down to investigate each reported event to decide on proper set of actions.
- Utilizes NetFlow records collected by network devices such as routers and switches. This eliminates need for additional expensive network probes and as result substantially lowers price for building network security monitoring solution. Currently only NetFlow versions 1, 5, 7 are supported, more being added;
- Provides short response time — 1 minute, so you will know about events as they begin to happen.
- Builds multidimensional behavioral models of your network and network applications in order to lower false positive rate.
- Provides rule system for more interactive event identification so you can create rules to monitor for conditions you would like to know about (for example show host contacted by more then 100 unique hosts, show host that contacted more then 60 unique hosts etc.).
- We try to keep FlowMatrix very focused to its main goal of monitoring network for anomalous events without polluting it with unneeded features.
- Moderate hardware requirements for small and medium size networks. As an example on Pentium 4 2.4 GHZ system with 2 GB of memory: FlowMatrix is able to handle 10000 flows per second Up to 20000 flows per second is possible on more capable hardware.
En la web de sus autores publicaron lo siguiente en relación a la licencia de uso:
Starting on November 17, 2008 we are glad to grant the right to use our product in its full functionality at no cost for:Also, please understand that the product support for all free licenses may be limited and provided on a residual basis on forums or in email form only.
- any commercial organizations;
- educational institutions (universities, colleges, schools, etc);
- any non profit organizations (funds, charities);
- personal use;
New first official public release of FlowMatrix, (ver.0.9.75 and subsequent versions) is available for FULLY FREE downloads and comercial and non comercial use. FlowMatrix is first FULLY FREE version of NetFlow based Network Anomaly Detection and NetFlow based Network Behavior Analysis tool.
Minimum hardware requirements:
1. Small Networks (<100 hosts):
Intel Pentium 4 or compatible 2.4 GHz or higher processor;
1 GB of free disk space;
1 GB of RAM;
2. Medium Networks (<2000 hosts):
Intel Core 2 Duo or compatible 2.0 GHz or higher processor;
4 GB of free disk space;
2 GB of RAM
Minimum software requirements:
Windows 2000 (Server or Professional) or Windows XP (Home or Professional) or Windows 2003 Server.
NetFlow collectors:
NetFlow version 1, 5 or 7 compatible collector (example: any Cisco router)
FlowMatrix Download
No hay comentarios:
Publicar un comentario