Loading…
FloCon 2017 has ended
TT

Tom Taschler

Ziften
Director Sales
Washington DC
I wold like to discuss with Net Flow experts a capability that Ziften has developed to get their feedback on it value. Ziften ZFlow telemetry originates from the endpoint (desktop, laptop, or data center server) so its not reliant on the network infrastructure to generate. ZFlow provides traditional OSI layer 3/4 data such as source and destination IP addresses and ports, but also providesadditional valuable Layer 4-7 information such as:
• The executable responsible for the network
socket
• The applications’s hash
• PID and file path of the executable
• The user responsible for launching the executable
• Whether it was in the foreground or background
The latter are very important details that network based flows simply cannot provide.
ZFlow can provide Net Flow telemetry in cloud environments where physical access points are no longer available.