Driven by internal compliance or industry regulatory requirements organizations often have a need to collect network metadata (flow data or NetFlow) from all their network devices (HP and Arista switches, Cisco and Juniper routers, Palo Alto Networks and Cisco firewalls)

While NetFlow is noisy, (okay, really noisy) it does enable organizations to drill down and identify:

  • Specific applications, users and protocols that consume most of the network bandwidth
  • Internal billings based on usage
  • Network bottlenecks which need reconfiguration
  • Anomalous traffic
  • Security risks and internal threats

And while Exabeam has always supported the ingestion of these packet flows, the onus has historically been on the customer to convert them to syslog format first.

With this announcement, Exabeam with NetFlow Logic as our preferred partner will, on behalf of the client manage the end-to-end capture, conversion, and ingestion of packet flows into Exabeam Data Lake and Exabeam Advanced Analytics


The new partnership will facilitate the collection, conversion and ingestion of flow data into Exabeam
Figure 1: The new partnership will facilitate the collection, conversion and ingestion of flow data into Exabeam.

Why NetFlow Logic?

NetFlow Logic specializes in real-time flow (NetFlow, sFlow, IPFIX, J-Flow, Netstream and others) processing and analysis tools that are easy to deploy and integrate with other network management and security products. Their core product – NetFlow Optimizer (NFO) – is used by commercial, government and educational institutions worldwide.

Able to process flow data up to 10 times faster than alternative products, NFO aggregates records, converts them into standard syslog format, and filters to eliminate redundant data. It can also simply translate flow data for storage and forensic analysis purposes to satisfy compliance requirements.

This partnership delivers the critical component for complete network visibility by extracting valuable data from NetFlow, enriching it with additional information (reputation, GEO IP and DNS data), and making it available for correlation with other machine data in Exabeam Data Lake and Exabeam Advanced Analytics.

Key Features in NFO

    • Provides multi-dimensional views of your network traffic by summing up-flow counts, bytes, packets and other flow characteristics per protocol, per application, per network host or per subnet over a period of time, and reports loads on network devices, top bandwidth consumers and servers’ response times.
    • Enables actionable virtual and physical network monitoring. Identifies VMs affected by physical network outages. Visualizes virtual and physical network data paths. Supports point-to-point communication tracing: VM–VM, VM–physical host, VM–VM over VXLAN.
    • Identifies the impact of physical network devices and interface failures on the virtual network.
    • Monitors network devices and interface loads. Measures bandwidth consumption for capacity planning. Identifies applications and users that consume bandwidth.
    • Enriches flow data with current reputation, GEO IP and DNS data.
    • Identifies security threats and traces current known threat sources.
    • Initiates alerts of anomalous network host behavior and anomalous network traffic including “low and slow” DDoS attacks.

Benefit to you

Given the voluminous nature of these logs, the ‘per byte’ pricing models from traditional SIEM vendors often force organizations to opt out from ingesting flow data. Exabeam is priced per user, meaning you receive full visibility at a predictable price.

We also make sense of all that log volume, presenting the logs as part of a user timeline in Advanced Analytics to facilitate investigations into risky behavior. 


Raw and parsed NetFlow logs are presented in Data Lake to aid threat hunting and investigations
Figure 2: Raw and parsed NetFlow logs are presented in Data Lake to aid threat hunting and investigations.

In summary

Adding flow technology to your network monitoring and analysis tools has never been simpler or more affordable.

  • NetFlow Logic is a software solution. No investment in expensive proprietary hardware is required.
  • 10 times faster than competitive products. It provides unmatched performance and can process up to 350,000 records per second on an 8-core machine with 16GB of memory. Millions of flow records per second can be processed if multiple instances of NFO are deployed.
  • Eliminates redundant data. Unique real-time consolidation and archiving technology optimizes the flow data sent to the SIEM, without losing the accuracy of the information.
  • Scalable and virtualized. NetFlow Logic can be deployed in a virtual environment and scales horizontally and vertically with the growth of the enterprise network.

Coupled with Exabeam, you will

  • Avoid any financial penalty for ingesting network flow data
  • Have access to out-of-the-box reports to satisfy audit and compliance requirements
  • Enjoy the benefits of having IT and security logs automatically converted into Exabeam Smart Timelines so analysts can quickly investigate and respond to incidents

Further Learning

How to Start Security Automation with Exabeam 

Advanced Analytics 101: Technology Overview

Senior Product Marketing Manager

More like this

If you’d like to see more content like this, subscribe to the Exabeam Blog

Subscribe