Charles Leaver – You Must Monitor Cloud Activities And Our Enhanced NetFlow Will Do This For You

Written by Roark Pollock and Presented by Ziften CEO Charles Leaver


In accordance with Gartner the public cloud services market surpassed $208 billion last year (2016). This represented about a 17% increase year over year. Pretty good when you consider the ongoing issues most cloud customers still have concerning data security. Another particularly interesting Gartner discovery is the typical practice by cloud consumers to contract services to several public cloud companies.

In accordance with Gartner “most organizations are already using a mix of cloud services from different cloud companies”. While the business rationale for making use of numerous suppliers is sound (e.g., avoiding supplier lock in), the practice does develop additional intricacy inmonitoring activity across an company’s increasingly dispersed IT landscape.

While some companies support more superior visibility than others (for example, AWS CloudTrail can monitor API calls throughout the AWS infrastructure) organizations have to comprehend and resolve the visibility problems associated with relocating to the cloud despite the cloud service provider or companies they deal with.

Regrettably, the capability to track application and user activity, and networking communications from each VM or endpoint in the cloud is restricted.

Regardless of where computing resources live, organizations must answer the concerns of “Which users, machines, and applications are communicating with each other?” Organizations require visibility throughout the infrastructure in order to:

  • Quickly determine and focus on issues
  • Speed origin analysis and identification
  • Lower the mean-time to repair issues for end users
  • Rapidly determine and eliminate security threats, reducing total dwell times.

Conversely, bad visibility or bad access to visibility data can lower the effectiveness of existing management and security tools.

Organizations that are comfortable with the ease, maturity, and relative inexpensiveness of monitoring physical data centers are going to be dissatisfied with their public cloud alternatives.

What has been lacking is a simple, ubiquitous, and sophisticated service like NetFlow for public cloud infrastructure.

NetFlow, naturally, has had 20 years approximately to become a de facto requirement for network visibility. A common deployment includes the tracking of traffic and aggregation of flows at network chokepoints, the retrieval and storage of flow data from numerous collection points, and the analysis of this flow information.

Flows include a basic set of source and destination IP addresses and port and protocol info that is generally collected from a router or switch. Netflow data is relatively low-cost and simple to collect and supplies nearly common network visibility and enables analysis which is actionable for both network tracking and efficiency management applications.

Most IT staffs, especially networking and some security groups are very comfy with the technology.

But NetFlow was developed for resolving exactly what has actually become a rather restricted issue in the sense that it just gathers network info and does so at a minimal variety of potential locations.

To make much better use of NetFlow, 2 key modifications are required.

NetFlow to the Edge: First, we need to expand the useful deployment situations for NetFlow. Instead of just collecting NetFlow at networking choke points, let’s broaden flow collection to the edge of the network (servers, clients and cloud). This would greatly expand the big picture that any NetFlow analytics offer.

This would permit companies to augment and leverage existing NetFlow analytics tools to get rid of the growing visibility blind spot into public cloud activity.

Rich, contextual NetFlow: Second, we need to utilize NetFlow for more than simple visibility of the network.

Instead, let’s utilize an extended version of NetFlow and take account of details on the device, application, user, and binary responsible for each monitored network connection. That would allow us to quickly link every network connection back to its source.

In fact, these two modifications to NetFlow, are precisely what Ziften has actually achieved with ZFlow. ZFlow provides an broadened version of NetFlow that can be released at the network edge, including as part of a VM or container image, and the resulting data gathering can be consumed and analyzed with existing NetFlow analysis tools. As well as conventional NetFlow Internet Protocol Flow Info eXport (IPFIX) visibility of the network, ZFlow provides greater visibility with the inclusion of info on device, application, user and binary for each network connection.

Ultimately, this permits Ziften ZFlow to deliver end-to-end visibility between any 2 endpoints, physical or virtual, removing traditional blind spots like east-west traffic in data centers and business cloud deployments.