Loading…
FloCon 2017 has ended
Back To Schedule
Wednesday, January 11 • 1:00pm - 1:30pm
Flow-Based Monitoring, Troubleshooting and Security using nProbe

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Flow-based network traffic monitoring plays a crucial role when it comes to troubleshoot application problems, investigate security incidents, and comply with industry and government regulations. However, most flow-based probes embedded in network devices are limited to basic counters such as packets and bytes. Alongside of this, probes embedded in security devices often produce 'event-driven' flows based on the firewall status (e.g. when a connection is created/deleted from the firewall table), making measurements complicated without adding any specific security information elements, beside DPI.

For years both research and industry have been focusing on how to overcome the limitations of flow devices. We have decided to focus on the 'augmented' flow generation using both raw packets and other sources of network data (e.g. sFlow- and NetFlow-capable devices), as we believe that rich flow generation is the first step towards the next-generation traffic monitoring. With this belief at the core our our mission, we created the nProbe family of flow-based traffic monitoring software, efficient enough to keep up with the latest 100 Gbit technologies, while being able to enrich flows with hundreds of new information elements.

nProbe is a family of software-based flow collectors and probes able to handle standard and extended flow formats (e.g. those produced by Cisco ASA devices and PaloAlto firewalls). It contextualizes and harmonizes heterogeneous data into 'augmented' flows enriched with information (almost 300 information elements are supported by nProbe) on Layer-7 applications, telemetry data, DNS queries, HTTP URLs, SSL/TLS certificates and more for real traffic troubleshooting and security analyses. Lua scriptability enables custom applications to leverage on the framework to create monitoring solutions directly on the probe, rather than using the classic flow-probe/flow-collector model that is less efficient
and cannot timely execute actions on monitored data. nProbe can also deliver augmented flow data in standard formats to simple text files and syslog, as well as to more sophisticated Apache Kafka clusters, MySQL, ElasticSearch and Splunk. This great flexibility allows companies to quickly, efficiently and seamlessly integrate the software in their existing infrastructures.

Speakers
avatar for Luca Deri

Luca Deri

Software Engineer, ntop
Luca Deri is the leader of the ntop project (www.ntop.org), aimed at developing an open-source monitoring platform for high-speed traffic analysis. He worked for University College of London and IBM Research prior to receiving his PhD at the University of Berne with a thesis on software... Read More →



Wednesday January 11, 2017 1:00pm - 1:30pm PST
Great Room V-VIII 7450 Hazard Center Dr.