London, UK – April 6, 2017 – SOC Prime presents new analytical content in Use Case Library – Netflow Security Monitor. Network activity monitoring is an important security task, and the Netflow protocol is one of the best options for network traffic monitoring at the IP level. Thus, we have created a tool for SIEM that provides security officers with a visual representation of traffic flows and enables real-time traffic profiling of most commonly used network services. Netflow Security Monitor generates historical trends for e-mail traffic (SMTP, POP3, POP, IMAP), console access (SSH), Web traffic (HTTP/S), DNS, FTP, database traffic (DB), remote desktop (RDP), time synchronization (NTP) and NETBIOS.
This analytical content helps determine whether the current traffic volume and protocol distributions are normal. Due to visualization, it becomes much easier to identify DDoS of services and detect potentially data leakage or misconfigurations. In addition, Netflow Security Monitor allows you to detect attacks without signatures and identify potentially compromised hosts.