Limited Visibility, and Monitoring Blind Spots
Many IT organizations have adopted NetFlow telemetry for improved network monitoring and performance management. NetFlow is inexpensive to implement, easy to collect, widely supported by networking equipment, and relatively easy to analyze. However, NetFlow is often generated at key networking choke points which may leave monitoring blind spots.
Endpoint Based, Extended NetFlow from the Edge
ZFlow generates an extended version of NetFlow to uniquely provide last-mile network visibility for all endpoint network activity. ZFlow telemetry is collected at the endpoint – desktop, laptop, server, and virtual machine. It’s a simple way to upgrade existing network and/or security team NetFlow analytics. See what you are missing at the edge of your network, and in your data center and cloud.
Connecting the Dots from Network to Device, Application, Binary and User
Ziften ZFlow enhances traditional NetFlow data with additional contextual Layer 4-7 information such as:
- The executable responsible for the network socket.
- The application and its hash.
- The process identifier (PID) and file path of the executable.
- The user responsible for launching the executable.
- Whether the application was in the foreground or the background.
Eliminate East-West Data Center Blind Spots
Since NetFlow is usually collected at network aggregation points you miss out on lots of east-west traffic at the edge of the network and in data center environments. Ziften ZFlow fills this gap by augmenting existing NetFlow analysis to provide instant visibility into existing blind spots like: local domain and wireless traffic at the edge of the network, and east-west traffic in the data center.
Eliminate Public Cloud Blind Spots
If you’ve never thought about using NetFlow to analyze network communications in your public cloud deployments, you are not alone. Ziften ZFlow generates NetFlow from virtual machines and even containers in enterprise cloud deployments letting you see what is happening in public cloud environments.
- Network intelligence in the Internet Protocol Flow Information Export (IPFIX) protocol
- Combines standard IANA-defined fields with custom fields formatted as IPFIX Information Elements
- Collected from any endpoint – desktop, laptop, server, virtual machine or cloud
- Simple “no driver, no kernel, not reboot” agent installations
- Supports Linux offering visibility into enterprise public cloud deployments that was previously non-existent
- Get dramatically more value from existing NetFlow
- Connect the dots: network to device to application to binary to user
- Minimize false positives inherent with traditional NetFlow analysis
- Shortens the time required for attribution and remediation cycles
- Eliminate east-west network traffic blind spots in the data center
Ziften and LiveAction Partner to Improve “Last Mile” Network Visibility
Ziften ZFlow™ Compatibility with Linux to Enable Cloud Visibility Initiative
Ziften Launches Ziften ZFlow™ Combining Network Visibility with Endpoint Context to Enhance Security
Trusted By Leading Organizations
“Enterprise security teams have limited visibility into cloud-based infrastructure making security operations difficult at best. Ziften ZFlow offers an increased level of visibility and intelligence that is essential for enterprises looking to maintain a secure cloud environment for their users, applications, customers and data.”
Enterprise Management Associates