FlowMatrix – Free Network Behavior Analysis System

Outsmart Malicious Hackers


FlowMatrix is Network Anomaly Detection and Network Behavioral Analysis (NBA) System, which in fully automatic mode constantly monitors your network using NetFlow records from your routers and other network devices in order to identify relevant anomalous security and network events.

In addition, the new release of FlowMatrix, (ver.0.9.62 and later) supports Network Applications Behavior Analysis. This means you can define 3 groups of applications to monitor and FlowMatrix will automatically create a baseline for each of them, just like it does for network. When the baseline is crossed a security event is triggered. This allows you to catch many attacks, exploits and other security violations on more granular level giving you even better visibility to your network and network applications environment.

After initial learning period of (7-14 days) FlowMatrix builds multidimensional behavioral models of your network and network applications and later uses them to detect relevant anomalous security and network events. FlowMatrix provides short response time of 1 minute so you will know about anomaly right when it begins to happen.

How it works

The FlowMatrix receives NetFlow records from routers or other network devices you configure to send NetFlow to FlowMatrix. It processes NetFlow records and after learning period of 7-14 days builds detailed multidimensional behavioral models of your network. Later it compares measured parameters from incoming NetFlow records to built models and identifies relevant anomalous events which significantly deviate from what is expected by the models and logs an event.

To help you identify what each logged event means FlowMatrix performs (when possible) classification of each event to corresponding class of attack or network events.

In order to provide relevant possible information about each logged event FlowMatrix logs relevant filtered detailed information which can be used for more detailed investigation of the event.

Features

  • Performs continuous 27×7 fully automatic behavioral analysis of your network traffic to identify relevant anomaly security and network events.
  • Performs continuous 27×7 fully automatic behavioral analysis of your 3 groups of network applications traffic to identify relevant anomaly security and network events.
  • Classifies each reported anomaly event (when possible) as belonging to proper class of security or network events (DDoS, Scans, Alpha flows, network outages etc.).
  • Collects and presents relevant detailed information for each anomalous event so you can drill down to investigate each reported event to decide on proper set of actions.
  • Utilizes NetFlow records collected by network devices such as routers and switches. This eliminates need for additional expensive network probes and as result substantially lowers price for building network security monitoring solution. Currently only NetFlow versions 1, 5, 7 are supported, more being added;
  • Provides short response time — 1 minute, so you will know about events as they begin to happen.
  • Builds multidimensional behavioral models of your network and network applications in order to lower false positive rate.
  • Provides rule system for more interactive event identification so you can create rules to monitor for conditions you would like to know about (for example show host contacted by more then 100 unique hosts, show host that contacted more then 60 unique hosts etc.).

You can download FlowMatrix here:

FlowMatrix v0.9.75 (I’d grab it now if you can, I have a feeling it won’t be free forever)

Or read more here.

Posted in: Countermeasures, Networking Hacking, Security Software


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


One Response to FlowMatrix – Free Network Behavior Analysis System

  1. lars February 5, 2009 at 9:33 pm #

    wow, continous 27×7 monitoring! That should match the working hours of most admins :D