Ziften ZFlow

Last-Mile Network Visibility to Improve Existing NetFlow Telemetry Analytics

THE CHALLENGE

Limited Visibility, and Monitoring Blind Spots

Many IT organizations have adopted NetFlow telemetry for improved network monitoring and performance management. NetFlow is inexpensive to implement, easy to collect, widely supported by networking equipment, and relatively easy to analyze. However, NetFlow is often generated at key networking choke points which may leave monitoring blind spots.

Endpoint Based, Extended NetFlow from the Edge

ZFlow generates an extended version of NetFlow to uniquely provide last-mile network visibility for all endpoint network activity. ZFlow telemetry is collected at the endpoint – desktop, laptop, server, and virtual machine. It’s a simple way to upgrade existing network and/or security team NetFlow analytics. See what you are missing at the edge of your network, and in your data center and cloud.

Connecting the Dots from Network to Device, Application, Binary and User

Ziften ZFlow enhances traditional NetFlow data with additional contextual Layer 4-7 information such as:

  • The executable responsible for the network socket.
  • The application and its hash.
  • The process identifier (PID) and file path of the executable.
  • The user responsible for launching the executable.
  • Whether the application was in the foreground or the background.

Eliminate East-West Data Center Blind Spots

Since NetFlow is usually collected at network aggregation points you miss out on lots of east-west traffic at the edge of the network and in data center environments. Ziften ZFlow fills this gap by augmenting existing NetFlow analysis to provide instant visibility into existing blind spots like: local domain and wireless traffic at the edge of the network, and east-west traffic in the data center.

Eliminate Public Cloud Blind Spots

If you’ve never thought about using NetFlow to analyze network communications in your public cloud deployments, you are not alone. Ziften ZFlow generates NetFlow from virtual machines and even containers in enterprise cloud deployments letting you see what is happening in public cloud environments.

Key Features

  • Network intelligence in the Internet Protocol Flow Information Export (IPFIX) protocol
  • Combines standard IANA-defined fields with custom fields formatted as IPFIX Information Elements
  • Collected from any endpoint – desktop, laptop, server, virtual machine or cloud
  • Simple “no driver, no kernel, not reboot” agent installations
  • Supports Linux offering visibility into enterprise public cloud deployments that was previously non-existent

Key Benefits

  • Get dramatically more value from existing NetFlow
  • Connect the dots: network to device to application to binary to user
  • Minimize false positives inherent with traditional NetFlow analysis
  • Shortens the time required for attribution and remediation cycles
  • Eliminate east-west network traffic blind spots in the data center

Featured Resources

Trusted By Leading Organizations

  • “Enterprise security teams have limited visibility into cloud-based infrastructure making security operations difficult at best. Ziften ZFlow offers an increased level of visibility and intelligence that is essential for enterprises looking to maintain a secure cloud environment for their users, applications, customers and data.”

  • David Monahan
    Research Director
    Enterprise Management Associates

See How Ziften ZFlow Can
Work for Your Organization.

REQUEST A DEMO