For integration of security and planning of network sizing, I'm going to use NetFlow/sFlow.
NaaS/E (Network as a Sensor / Enforcer)
Network as a Sensor / Enforcer
Because of IoT spreading, Security incident risks are increasing.
Entry and Exit internet security system can protect from limited thread.
For example, Entry/Exit Sec CANNOT block(protect) PC to PC, Server to Server illegal traffic.
Of course, PC to Server traffic is protected by Firewall, but it might be accepted if protocol and port number is correct.
The method of protection each Src/Dst is like below:
|Src/Dst||Attacker||Relation Server||Damaged PC||Domestic Server|
In the case of "X", by using NetFlow/sFlow with NaaS/E, it is going to be able to protect and detect.
Generally the security appliances like IPS/IDS, NG-FW are too expensive.
Therefore to introduce them is NOT easy.
Compared to them, NetFlow/sFlow are able to start with existing equipments(Switch, Router, Firewall, etc.).
Most of the companies have equipments that can use NetFlow/sFlow like Cisco Catalyst/ISR/ASA, Juniper SRX/SSG, PaloAlto, F5 BIG-IP, etc.
It can start to collect Flowdata with few additional configurations.
It is required to introduce software of traffic monitoring and method of blocking illegal traffic, but first step of analysis is collect data.
Difference and of NetFlow and sFlow
Rough difference and function comparison of NetFlow and sFlow is below:
|Protocol||IP||IP, IPX, Appletalk, XNS|
|Target Flow||All Flow||Sampling|
Typical difference is "Target Flow". Because of sFlow collects 1 flow in few flows, always missed occurs.
Nowadays, the spec of products are improving, therefore it should be used NetFlow aggressively.
I continue to choice Flow Collector, Analyzer, Management Console.