There is no efficient monitoring of an IT infrastructure without an in-depth analysis of network traffic. That’s why Energy Logserver has been supplemented with a high-performance network probe capable of collecting netflow and copies of network traffic.
For all traffic
Probe, on the basis of received data, helps to detect suspicious or dangerous behaviors in the network and at the same time helps to identify source of the problem. Network Probe provides analysis capabilities in the security context to automatically detect unauthorized transactions and communications. By comparing data with the IoC databases provided by the Energy Logserver, containing information on signatures, IP addresses, hashes of infected files, or domain and URL names, it is able to significantly accelerate security analysis. Based on behavioral analysis, Network Probe is able to recognize zero-day attacks and identify unusual network user behavior.
Analysis of traffic copies of layers L2-L7 also enables network performance testing, providing information about the proper operation of DNS services, DHCP, (SRT) Server Response Time and (RTT) Round Trip Time. Probe also provide information about the applications in use on the network and their usage by users, and therefore support the process of potential performance problems identification.