Sales Engineer | Technical Sales | Pre-Sales at SUSE
Vendor
Jan 13, 2021
First question should be, do have have a specific requirement or business need you need to address? From there you need to look at the solutions and how they answer your questions.
There are quite a few solutions out there, but the type of data they ingest and the type of data they present will determine if it is the solution for you.
Typically a SPAN or Monitor port should only really be used for troubleshooting purposes, so I always recommend either making use of Netflow or taps/packet brokers (Keysight/Ixia/Cubro/etc.).
Also SPAN/Monitor ports can add some issues to your environment or data - especially if you are trying to support voice/video environments.
Once you have identified that, you need to know if the solution can handle the data - 1Gb/5Gb/10Gb/50Gb/100Gb etc.
I can recommend the following solutions, but it will all depend on what your need is and what your budget is: Colasoft Capsa Sintrex Flow Module ExtraHop Reveal(x) Netscout nGeniusOne VoipMon - for voice only
There are even a few free options (ntopng for one) that can give you some basic insight - and it might be a great place to start if you are new to NTA.
Search for a product comparison in Network Traffic Analysis (NTA)
Network Traffic Analysis (NTA) involves monitoring and evaluating data packets traversing a network to identify patterns and detect anomalies that may indicate security incidents. It helps in maintaining network health and preventing unauthorized access. NTA is crucial for cybersecurity professionals.Network Traffic Analysis employs advanced machine learning and deep packet inspection techniques to provide insights into network behavior. By analyzing the data flow, organizations can detect...
First question should be, do have have a specific requirement or business need you need to address? From there you need to look at the solutions and how they answer your questions.
There are quite a few solutions out there, but the type of data they ingest and the type of data they present will determine if it is the solution for you.
Typically a SPAN or Monitor port should only really be used for troubleshooting purposes, so I always recommend either making use of Netflow or taps/packet brokers (Keysight/Ixia/Cubro/etc.).
Also SPAN/Monitor ports can add some issues to your environment or data - especially if you are trying to support voice/video environments.
Once you have identified that, you need to know if the solution can handle the data - 1Gb/5Gb/10Gb/50Gb/100Gb etc.
I can recommend the following solutions, but it will all depend on what your need is and what your budget is:
Colasoft Capsa
Sintrex Flow Module
ExtraHop Reveal(x)
Netscout nGeniusOne
VoipMon - for voice only
There are even a few free options (ntopng for one) that can give you some basic insight - and it might be a great place to start if you are new to NTA.
FortiAnalyzer can give good reports on enterprise wide traffic analysis.