Back to Articles

Filter out unwanted NetFlow with PacketRanger

Optimize management application licensing costs by filtering out NetFlow traffic.

Security and operations teams are under heavy pressure to protect their networks against increasingly complex security breaches. Cyberattacks inflict trillions of dollars in damages per year, making network security a top priority and a continuing challenge around the globe.

Managing network security in this risky environment is no easy task and teams are drowning in security alerts of all kinds. It is not only becoming increasingly difficult to find the needle in the haystack, but with enterprises increasingly using subscription models to pay for their cloud based log collector / network management / Operational Support Systems (OSS) SIEM applications such as Splunk, Solarwinds, or Stealthwatch, it is equally important to ensure that those fees only pay for the data that is actually valuable to Security and Network Operations.

NetFlow traffic, for specific user groups, can be an example of such lower value traffic that clogs up these highly capable, but very costly, applictations causing a deterioriation in query response times, and inflating licensing costs as unwanted NetFlow traffic volume continues to accelerate almost exponentially.

Tavve just released its NetFlow filtering feature for PacketRanger, our intelligent UDP packet broker. Now, combined with its industry best in class throughput of 50,000 packets per second ingress and 200,000 packets per second egress, without limitation on destinations or quantity of forwarding rules per packet, enterprises can leverage PacketRanger to control NetFlow traffic by redirecting and/or replicating the traffic to a lower cost storage location (instead of retaining it for example in Splunk), or filter it out at the Flow Set level.

Other use case examples include:

  • Limitations on the Number of Collectors Supported: Networking devices can be limited in the number of NetFlow collectors, commonly limited to just two maximum. Centralizing NetFlow traffic into PacketRanger allows the user to create any number of filtering criteria to ensure that specific NetFlow records are forwarded to the appropriate management application(s) without limitations on the number of IP destinations.
  • Centralized Policy-Based Routing of NetFlow: Most implementations of NetFlow allow devices to filter on specific criteria (IP Address, Port, ToS, etc.). Consequently, NetFlow filtering and policy administration on a per-device basis can become problematic, especially in distributed networks. NetFlow filtering with PacketRanger provides centralized policy-based routing that simplifies NetFlow administration, ensures compliance and reduces complexity when troubleshooting.
  • Low-Bandwidth Remote Sites: Centralizing NetFlow collection reduces the number of collectors that are required, which optimizes the bandwidth at remote sites where link congestion can be problematic. Devices in low-bandwidth remote sites need only to forward NetFlow records to a single PacketRanger. PacketRanger will filter and route NetFlow records to the appopriate analyzer application; SIEM, NMS, Billing, etc.

Our new NetFlow filtering feature is another display of Tavve’s commitment to continue to develop PacketRanger and accelerate its separation with standard UDP packet brokers. Where traditional vendors treat their product as an afterthought, Tavve continues to invest in PacketRanger with more exciting features to be released in 2022 – 2023, including enhanced Anomaly Detection, handling RFC-invalid Meraki Syslogs, management application destination load balancing, and an embedded Kafka producer.

To learn more, contact us either via www.tavve.com or email at sales@tavve.com.