Process Query Systems (ProQueSys) will ship its FlowTraq network flow monitoring product later this month. FlowTraq offers three major functions: monitoring the network to look for problems, performing forensics to determine whether the problem has occurred previously and anticipating threats by using baseline information to look out for problems in the future. Network flow data is generated by infrastructure devices such as switches and routers. The company, ProQueSys has been licensing the FlowTraq functionality for several years, but this is the first time it will be offered as a standalone product.
Brad Adwers, an enterprise network specialist the San Diego Community College District, has been beta testing the system and praises the product for its speed and capacity. The district has five sites connected by Metro Ethernet, supporting up to 50,000 clients and 3.5 million events hourly. "We've been using it to isolate and find users who have been infected by malware or taken over by a botnet," he says. The software lets him identify malicious hosts within 15 minutes and mitigate them within 20. He can also store up to 90 days of historical traffic in a flat text file of about a hundred gigabytes, with searches that take about 15 seconds. "You can zoom right in on a problem with an IP address, a port, or a service, and find any piece of information you need very quickly," he says. Previously, the district used the open source Splunk log management software, as well as packet shapers, but had no big-picture applications until FlowTraq.
FlowTraq competes with products such as Lancope's StealthWatch, Arbor Networks' Peakflow, Cisco's Cisco Security Monitoring, Analysis, Response System (CS-MARS and Carnegie Mellon University's System for Internet-Level Knowledge (SiLK). In addition to monitoring network flows, the company claims the software performs 90 percent of the functionality of network behavioral analysis products such as those from Q1 Labs.
Network flow technologies such as FlowTraq capture IP addresses, ports and protocol information, but they typically do not capture of packet payloads--for that you need a dedicated packet capture program such as tcpdump. However, flow monitoring can still be very useful for administrators, who can use flow information to get insight into network traffic, such as bandwidth consumption, applications in use and sudden changes in network activity that may indicate a problem.
ProQueSys FlowTraq is scheduled to ship later this month. Pricing starts at $9,600 for a small installation and ranges from $20,000 to $40,000 for large, distributed installations. It is a software product that runs on users' own hardware, with configurable amounts of disk space and RAM dedicated to the application. When the disk space set aside for the application fills up, records are deleted to make space for new data. FlowTraq supports NetFlow, sFlow, CFlow and JFlow.