DeepFlow for NBAD Vendors

Typical situation today

Network-Based Anomaly Detection (NBAD) solutions have traditionally been limited by the visibility of NetFlow, and few application attributes. Base-lining good behavior and looking for bad traffic can be difficult with only this limited level of visibility. 

Strengthening the solution with DeepFlow Probes

The NBAD vendor replaces their appliances with DeepFlow Probes. A new metadata stream is fed to the NBAD system. The NBAD system is enabled to query for metadata attributes in the interface.

Benefits

The NBAD vendor offers a richer dataset for his customers to find patterns of behavior, enabling better alerting and searching. Finding “needle in the haystack” type of data elements, like downloaded files, URLs in emails, or SQL transactions becomes a simple search from one console. The forensically accurate flows lead to faster response times when validating events or working through incidents.