Chuck Leaver – Be On Top Of Cloud Activities With Our Advanced NetFlow

Written by Roark Pollock and Presented by Ziften CEO Chuck Leaver


According to Gartner public cloud services market exceeded $208 billion in 2016. This represented about 17% growth year over year. Not bad when you take into consideration the on-going concerns most cloud customers still have relating to data security. Another particularly intriguing Gartner finding is the common practice by cloud clients to contract services to multiple public cloud providers.

According to Gartner “most organizations are currently utilizing a combination of cloud services from different cloud providers”. While the business reasoning for using multiple vendors is sound (e.g., avoiding vendor lock in), the practice does create extra intricacy inmonitoring activity throughout an company’s progressively dispersed IT landscape.

While some providers support better visibility than others (for instance, AWS CloudTrail can monitor API calls throughout the AWS infrastructure) organizations have to understand and attend to the visibility problems connected with transferring to the cloud irrespective of the cloud provider or companies they deal with.

Unfortunately, the ability to track application and user activity, and networking communications from each VM or endpoint in the cloud is limited.

Irrespective of where computing resources reside, organizations must address the questions of “Which users, machines, and applications are interacting with each other?” Organizations need visibility throughout the infrastructure in order to:

  • Quickly recognize and focus on issues
  • Speed root cause analysis and identification
  • Lower the mean time to repair issues for end users
  • Rapidly determine and eliminate security hazards, reducing overall dwell times.

Alternatively, poor visibility or bad access to visibility data can minimize the effectiveness of current management and security tools.

Businesses that are familiar with the ease, maturity, and relative low cost of keeping an eye on physical data centers are likely to be disappointed with their public cloud alternatives.

What has actually been missing is an easy, common, and elegant service like NetFlow for public cloud infrastructure.

NetFlow, naturally, has actually had 20 years approximately to become a de facto standard for network visibility. A normal implementation involves the tracking of traffic and aggregation of flows where the network chokes, the collection and saving of flow data from several collection points, and the analysis of this flow information.

Flows consist of a basic set of source and destination IP addresses and port and protocol data that is typically gathered from a switch or router. Netflow data is relatively low-cost and simple to gather and supplies nearly common network visibility and allows for analysis which is actionable for both network tracking and efficiency management applications.

Many IT staffs, especially networking and some security teams are exceptionally comfortable with the technology.

But NetFlow was produced for resolving exactly what has actually ended up being a rather limited issue in the sense that it only gathers network data and does so at a restricted variety of prospective locations.

To make better use of NetFlow, two key changes are essential.

NetFlow at the Edge: First, we need to broaden the useful implementation circumstances for NetFlow. Instead of only gathering NetFlow at network points of choke, let’s expand flow collection to the edge of the network (clients, cloud, and servers). This would considerably expand the big picture that any NetFlow analytics supply.

This would permit companies to enhance and take advantage of existing NetFlow analytics tools to remove the growing visibility blind spot into public cloud activities.

Rich, contextual NetFlow: Second, we need to use NetFlow for more than basic visibility of the network.

Rather, let’s utilize an extended variation of NetFlow and take account of info on the user, device,
application, and binary responsible for each tracked network connection. That would allow us to quickly link every network connection back to its source.

In fact, these 2 modifications to NetFlow, are exactly what Ziften has actually achieved with ZFlow. ZFlow offers an broadened variation of NetFlow that can be deployed at the network edge, also as part of a container or VM image, and the resulting info collection can be taken in and examined with existing NetFlow analysis tools. In addition to traditional NetFlow Internet Protocol Flow Information eXport (IPFIX) visibility of the network, ZFlow supplies extended visibility with the inclusion of info on device, application, user and binary for every network connection.

Eventually, this enables Ziften ZFlow to provide end to end visibility in between any 2 endpoints, physical or virtual, getting rid of standard blind spots like East West traffic in data centers and enterprise cloud deployments.