Jump to:

News

June 7, 2010
First public release of Linux based version of FlowMatrix, (ver.0.9.82) as a Virtual Appliance is available for FREE downloads for commercial and non commercial use. The FlowMatrix Virtual Appliance is FULLY FUNCTIONAL FREE version of NetFlow based Network Anomaly Detection and NetFlow based Network Behavior Analysis tool.
Read More

February 28, 2010
NetSim 0.9.129 - new updated version of network delay, packets loss and bandwidth simulator is available for free downloads. This version adds support for Windows 7 and some minor fixes.

Feb 19, 2010
New updated public release of FlowMatrix, (ver.0.9.81) is available FULLY FREE for downloads for commercial and non commercial use. FlowMatrix is FULLY FUNCTIONAL FREE version of NetFlow based Network Anomaly Detection and NetFlow based Network Behavior Analysis tool.
Read More

July 25, 2009
New updated public release of FlowMatrix, (ver.0.9.79) is available FULLY FREE for downloads and commercial and non commercial use. FlowMatrix is FULLY FUNCTIONAL FREE version of NetFlow based Network Anomaly Detection and NetFlow based Network Behavior Analysis tool.
Read More

May 27, 2009
New updated public release of FlowMatrix, (ver.0.9.78) is available FULLY FREE for downloads and commercial and non commercial use. FlowMatrix is FULLY FUNCTIONAL FREE version of NetFlow based Network Anomaly Detection and NetFlow based Network Behavior Analysis tool.
Read More

March 29, 2009
New updated public release of FlowMatrix, (ver.0.9.77) is available FULLY FREE for downloads and commercial and non commercial use. FlowMatrix is FULLY FUNCTIONAL FREE version of NetFlow based Network Anomaly Detection and NetFlow based Network Behavior Analysis tool.
Read More

March 4, 2009
New updated public release of FlowMatrix, (ver.0.9.76) is available FULLY FREE for downloads and commercial and non commercial use. FlowMatrix is FULLY FUNCTIONAL FREE version of NetFlow based Network Anomaly Detection and NetFlow based Network Behavior Analysis tool.
Read More

January 21, 2009
New updated public release of FlowMatrix, (ver.0.9.75) is available FULLY FREE for downloads and commercial and non commercial use. FlowMatrix is FULLY FUNCTIONAL FREE version of NetFlow based Network Anomaly Detection and NetFlow based Network Behavior Analysis tool.
Read More

November 17, 2008
New first official public release of FlowMatrix, (ver.0.9.73) is available for FULLY FREE downloads and use. FlowMatrix is first FULLY FREE version of NetFlow based Network Anomaly Detection and NetFlow based Network Behavior Analysis tool.
Read More

August 25, 2008
FlowMatrix - NetFlow based Network Behavior Analysis, Network Anomaly Detection System new version 0.9.65, improves network and network applications security, available for downloads
Read More

July 2, 2008
FlowMatrix - NetFlow based Network Behavior Analysis (NBA) System new version, 0.9.62, now supports network application level security and available for downloads
Read More

February 23, 2008
FlowMatrix - NetFlow based Network Behavioral Analysis (NBA) System new beta version 0.9.56 is available for downloads
Read More

January 19, 2008
Netsim - Network delay, packets loss and bandwidth simulator new version 0.9.127 is available for free downloads
Read More

November 1, 2007
FlowMatrix - NetFlow based Network Behavioral Analysis (NBA) System new beta version 0.9.47 is available for downloads
Read More


Links

FlowMatrix
Network Behavior Analysis System

FlowMatrix is Network Anomaly Detection and Network Behavioral Analysis (NBA) System, which in fully automatic mode constantly monitors your network using NetFlow records from your routers and other network devices in order to identify relevant anomalous security and network events.

In addition, new release of FlowMatrix, (ver.0.9.62 and later) supports Network Applications Behavior Analysis. This means you can define 3 groups of applications to monitor and FlowMatrix will automatically create a baseline for each of them, just like it does for network. When the baseline is crossed a security event is triggered. This allows you to catch many attacks, exploits and other security violations on more granular level giving you even better visibility to your network and network applications envoronment.


After initial learning period of (7-14 days) FlowMatrix builds multidimensional behavioral models of your network and network applications and later uses them to detect relevant anomalous security and network events. FlowMatrix provides short response time of 1 minute so you will know about anomaly right when it begins to happen.

How it works

The FlowMatrix receives NetFlow records from routers or other network devices you configure to send NetFlow to FlowMatrix. It processes NetFlow records and after learning period of 7-14 days builds detailed multidimensional behavioral models of your network. Later it compares measured parameters from incoming NetFlow records to built models and identifies relevant anomalous events which significantly deviate from what is expected by the models and logs an event.

To help you identify what each logged event means FlowMatrix performs (when possible) classification of each event to corresponding class of attack or network events.

In order to provide relevant possible information about each logged event FlowMatrix logs relevant filtered detailed information which can be used for more detailed investigation of the event.

FlowMatrix has following key features:

  • Performs continuous 27x7 fully automatic behavioral analysis of your network traffic to identify relevant anomaly security and network events.
  • Performs continuous 27x7 fully automatic behavioral analysis of your 3 groups of network applications traffic to identify relevant anomaly security and network events.
  • Classifies each reported anomaly event (when possible) as belonging to proper class of security or network events (DDoS, Scans, Alpha flows, network outages etc.).
  • Collects and presents relevant detailed information for each anomalous event so you can drill down to investigate each reported event to decide on proper set of actions.
  • Utilizes NetFlow records collected by network devices such as routers and switches. This eliminates need for additional expensive network probes and as result substantially lowers price for building network security monitoring solution. Currently only NetFlow versions 1, 5, 7 are supported, more being added;
  • Provides short response time — 1 minute, so you will know about events as they begin to happen.
  • Builds multidimensional behavioral models of your network and network applications in order to lower false positive rate.
  • Provides rule system for more interactive event identification so you can create rules to monitor for conditions you would like to know about (for example show host contacted by more then 100 unique hosts, show host that contacted more then 60 unique hosts etc.).
  • We try to keep FlowMatrix very focused to its main goal of monitoring network for anomalous events without polluting it with unneeded features.
  • Moderate hardware requirements for small and medium size networks. As an example on Pentium 4 2.4 GHZ system with 2 GB of memory: FlowMatrix is able to handle 10000 flows per second Up to 20000 flows per second is possible on more capable hardware.

The FlowMatrix is available in full functionality for free downloads for commercial and non-commercial use. At the moment FlowMatrix is available in 2 different distributions:
  • As a Windows based FlowMatrix (v0.9.81) installable application with all the required components included and installed;
  • As a Linux based FlowMatrix (v0.9.82) Virtual Appliance with all components installed and configured for operation;
The FlowMatrix Virtual Appliance runs Ubuntu Server 9.10 distribution. FlowMatrix is first fully functional FREE version of NetFlow based Network Anomaly Detection and NetFlow based Network Behavior Analysis (NBAD) tool.

Also, please understand that the product support for all free licenses may be limited and provided on a residual basis on forums or in email form only.