sycope FlowControl

The FlowControl Collector collects and analyzes data recorded with NetFlow v5 and v9, SFlow, IPFIX and NSEL protocols to determine network performance and capacity. It functions as both a data collector and analyzer. Its functionalities include: diagnosing problems in the network infrastructure, including network connection settings, or so-called bottlenecks in network communications. It provides detailed information about traffic generated by users, communication between servers and applications.

FlowControl provides a set of advanced indicators, reports and summaries based on the practical experience of engineers who have developed this solution over 20 years of work for the largest companies and institutions in the world.

FlowControl Collector can be extended with FlowControl Security module for security threat detection and analysis and FlowControl DDos module for DDoS attack detection.

The DDos module uses data from the NetFlow protocol to detect DDoS attacks on specific services performed by a monitored group of hosts, enabling using BGP FlowSpec to block the attacks.

The FlowControl Collector collects and analyzes data recorded with NetFlow v5 and v9, SFlow, IPFIX and NSEL protocols to determine network performance and capacity. It functions as both a data collector and analyzer. Its functionalities include: diagnosing problems in the network infrastructure, including network connection settings, or so-called bottlenecks in network communications. It provides detailed information about traffic generated by users, communication between servers and applications.

FlowControl provides a set of advanced indicators, reports and summaries based on the practical experience of engineers who have developed this solution over 20 years of work for the largest companies and institutions in the world.

FlowControl Collector can be extended with FlowControl Security module for security threat detection and analysis and FlowControl DDos module for DDoS attack detection.

The Security module is an extension of the FlowControl Collector system, which is used to detect and analyze security anomalies and threats in the context of the entire organization. It uses rules and algorithms built on the ATT&CK-MITRE methodology and two independent threat detection engines - Threat Intelligence and Threat Detection. The Threat Intelligence engine generates alerts based on correlations with reputation lists of IP addresses and suspicious countries. The Threat Detection engine detects threats based on correlation and aggregation of connections between values of various parameters and statistics from NetFlow and similar protocols.

The Security module is installed on the same device as the Collector system and uses the parameters it records and analyzes - in particular, TCP/IP parameters in layers 3 and 4 (source and destination IP address, protocol, port), traffic attributes, and interface numbers by traffic direction (inbound/outbound), including the IP addresses of NetFlow-generating network devices. Thanks to the full integration of both solutions, the results of applying the security rules can be analyzed quickly and in detail on the network side.

This license unlocks an additional user for the web interface