NetFlow data is available from a wide variety of sources, including both traditional NetFlow-enabled networking and security devices and special-purpose NetFlow collection appliances.
TRADITIONAL NETFLOW
Although NetFlow was originally created by Cisco for use on their routers and switches, the networking community quickly adopted it as an Internet standard and many manufacturers now support NetFlow. Some of the major platforms that allow direct export of flow records include:
✓ Cisco routers and switches
✓ Cisco ASA firewalls
✓ Juniper routers and switches
✓ Citrix NetScaler
✓ Blue Coat PacketShaper
✓ Palo Alto Networks next-generation firewalls
✓ VMware vSphere
This is a small, representative list of the manufacturers and devices supporting NetFlow data collection. If you’re using different devices on your network, consult with the manufacturer(s) to determine whether they’re NetFlow compatible.
If you’re not running the current firmware on your network device, check whether upgrades are available. Many vendors added NetFlow support to their devices after the initial release, and a firmware upgrade may be all you need to get up and running.
NETFLOW GENERATION
In some cases, security analysts may not be able to gain access to NetFlow data from the organization’s network
devices. This might be because the devices aren’t capable of generating NetFlow exports, network engineers are unwilling
to provide access to those records, or concerns exist about the overhead introduced on the networking device.
If this is the case in your organization, you may wish to consider the use of dedicated NetFlow exporters to collect the same information — sometimes enhanced with application performance metrics. These devices can be attached to the network in the following ways:
✓ Switched Port Analyzer (SPAN)
✓ Mirror port
✓ Ethernet Test Access Port (TAP)
✓ Installed as a virtual machine on VMware ESX server
Although purchasing a NetFlow exporter will require an additional investment in hardware or software, you can gather the same NetFlow information without modifying your network configuration.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM