Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, January 11 • 1:00pm - 1:30pm
Flow-Based Monitoring, Troubleshooting and Security using nProbe

Sign up or log in to save this to your schedule and see who's attending!

Flow-based network traffic monitoring plays a crucial role when it comes to troubleshoot application problems, investigate security incidents, and comply with industry and government regulations. However, most flow-based probes embedded in network devices are limited to basic counters such as packets and bytes. Alongside of this, probes embedded in security devices often produce 'event-driven' flows based on the firewall status (e.g. when a connection is created/deleted from the firewall table), making measurements complicated without adding any specific security information elements, beside DPI.

For years both research and industry have been focusing on how to overcome the limitations of flow devices. We have decided to focus on the 'augmented' flow generation using both raw packets and other sources of network data (e.g. sFlow- and NetFlow-capable devices), as we believe that rich flow generation is the first step towards the next-generation traffic monitoring. With this belief at the core our our mission, we created the nProbe family of flow-based traffic monitoring software, efficient enough to keep up with the latest 100 Gbit technologies, while being able to enrich flows with hundreds of new information elements.

nProbe is a family of software-based flow collectors and probes able to handle standard and extended flow formats (e.g. those produced by Cisco ASA devices and PaloAlto firewalls). It contextualizes and harmonizes heterogeneous data into 'augmented' flows enriched with information (almost 300 information elements are supported by nProbe) on Layer-7 applications, telemetry data, DNS queries, HTTP URLs, SSL/TLS certificates and more for real traffic troubleshooting and security analyses. Lua scriptability enables custom applications to leverage on the framework to create monitoring solutions directly on the probe, rather than using the classic flow-probe/flow-collector model that is less efficient
and cannot timely execute actions on monitored data. nProbe can also deliver augmented flow data in standard formats to simple text files and syslog, as well as to more sophisticated Apache Kafka clusters, MySQL, ElasticSearch and Splunk. This great flexibility allows companies to quickly, efficiently and seamlessly integrate the software in their existing infrastructures.

Speakers
avatar for Luca Deri

Luca Deri

Software Engineer, ntop
Luca is the leader of the ntop project, which is aimed at developing an open-source monitoring platform for high-speed traffic analysis. He shares his time between the ntop project, the Italian DNS Registry (Registro.it), and the University of Pisa where he has been appointed as a lecturer at the Computer Science Department. He worked for the University College of London and IBM Research prior to his PhD. He is well known in the open-source and... Read More →



Wednesday January 11, 2017 1:00pm - 1:30pm
Great Room V-VIII 7450 Hazard Center Dr.

Attendees (23)