Network Flow Monitoring
Monitoring network flows is an essential aspect of cybersecurity risk management for businesses because it allows for the identification of potential cyber threats, such as malware infections, data breaches, and unauthorized access attempts, before they can cause significant damage.
By monitoring network flows, you can be alerted on abnormal traffic patterns, unauthorized connections, and other suspicious activities, which can help identify and mitigate potential cyber attacks. This can enable you to respond more quickly to security incidents, potentially minimizing the impact of any security breach and reducing the overall risk to your business.
How Does It Work?
We collect your network flow data into DEFEND, our Cloud-based SIEM, where we use rules, threat data and our security experts to detect security threats that may impact your business.
We can collect flow data from a range of sensors.
Network devices & firewalls
The majority of network devices support the provision of logs via Syslog. As syslog is typically a cleartext protocol, these can be delivered to our cloud-native SIEM over an IPSec VPN.
The first step is to configure the VPN to the FoxTech Log Collector. Before joining us, you will need to share the subnet ranges and public IP addresses of your networks with us.
We will provide appropriate IPSec security profiles and configuration instructions depending on the specific firewalls you use.
AWS VPC Flow Logs
Through our AWS Security Monitoring, we can collect VPC flow data from an S3 bucket.
In addition to the DNS and Proxy logs, we can also collect Cisco Umbrella cloud-firewall logs through the native Cisco Umbrella support for exporting logs to SIEM solutions via an S3 bucket.