Sales Engineer | Technical Sales | Pre-Sales at SUSE
Vendor
2021-01-13T16:30:31Z
Jan 13, 2021
First question should be, do have have a specific requirement or business need you need to address? From there you need to look at the solutions and how they answer your questions.
There are quite a few solutions out there, but the type of data they ingest and the type of data they present will determine if it is the solution for you.
Typically a SPAN or Monitor port should only really be used for troubleshooting purposes, so I always recommend either making use of Netflow or taps/packet brokers (Keysight/Ixia/Cubro/etc.).
Also SPAN/Monitor ports can add some issues to your environment or data - especially if you are trying to support voice/video environments.
Once you have identified that, you need to know if the solution can handle the data - 1Gb/5Gb/10Gb/50Gb/100Gb etc.
I can recommend the following solutions, but it will all depend on what your need is and what your budget is: Colasoft Capsa Sintrex Flow Module ExtraHop Reveal(x) Netscout nGeniusOne VoipMon - for voice only
There are even a few free options (ntopng for one) that can give you some basic insight - and it might be a great place to start if you are new to NTA.
Search for a product comparison in Network Traffic Analysis (NTA)
What is NTA? Network Traffic Analysis is a type of security product that uses network communications to detect and investigate security threats and malicious or anomalous behaviors within the network. NTA uses a combination of behavioral modeling, machine learning, and rule-based detection to create a baseline reflecting what the organization’s normal network behavior looks like. They then continuously analyze flow records and/or network telemetry, and alert your security team to a...
First question should be, do have have a specific requirement or business need you need to address? From there you need to look at the solutions and how they answer your questions.
There are quite a few solutions out there, but the type of data they ingest and the type of data they present will determine if it is the solution for you.
Typically a SPAN or Monitor port should only really be used for troubleshooting purposes, so I always recommend either making use of Netflow or taps/packet brokers (Keysight/Ixia/Cubro/etc.).
Also SPAN/Monitor ports can add some issues to your environment or data - especially if you are trying to support voice/video environments.
Once you have identified that, you need to know if the solution can handle the data - 1Gb/5Gb/10Gb/50Gb/100Gb etc.
I can recommend the following solutions, but it will all depend on what your need is and what your budget is:
Colasoft Capsa
Sintrex Flow Module
ExtraHop Reveal(x)
Netscout nGeniusOne
VoipMon - for voice only
There are even a few free options (ntopng for one) that can give you some basic insight - and it might be a great place to start if you are new to NTA.
FortiAnalyzer can give good reports on enterprise wide traffic analysis.