Xharru Ltd.

AKMA Labs

News
Feb 19, 2010

We are pleased to announce a new updated release of FlowMatrix version 0.9.81 available FULLY FREE for downloads and both, commercial and non-commerical use.

FlowMatrix is Network Anomaly Detection and Network Behavioral Analysis (NBA) System, which in fully automatic mode constantly monitors your network using NetFlow records from your routers and other network devices in order to identify anomalous security and network events.

Changes since 0.9.78

• optimized memory usage, now x3 times less memory is needed;
• fixed memory leak with data base connection handles;
• modifications for linux port;
• added functionality for IP address filtering and drill down;
• minor fixes;

Changes since 0.9.77

• improved database disk space management with proper vacuum of deleted records to prevent out of disk space condition;
• improved data loading and model construction, especially under heavy load conditions;
• improved alarm presentation when drilling down, shows most relevant information instead of everything;
• add name resolution for detail information to make presentation simpler to use;
• some fixes in statistical model building and data preprocessing;
• made consistent clickable fields IP, port in rules events same as in anomaly events;
• other minor fixes and improvements

Changes since 0.9.76

• improved database disk space management with proper vacuum of deleted records to prevent out of disk space condition;
• improved data loading and model construction, especially under heavy load conditions;
• improved alarm presentation when drilling down, shows most relevant information instead of everything;
• add name resolution for detail information to make presentation simpler to use;
• some fixes in statistical model building and data preprocessing;
• made consistent clickable fields IP, port in rules events same as in anomaly events;
• other minor fixes and improvements

Download the latest fully functional free version of FlowMatrix - Network Anomaly Detection System

Changes since 0.9.76

• resolved memory leak condition which eventually would cause out of memory.
• learning intervals now properly handle Local Time zone.
• changed default learning intervals.
• fixed rule events filter for newly created rules.
• fixed problem with JavaScript which caused summary and details pages position "jump" to top of the page when clicked on IP addresses, ports or "Show by IP count".
• other minor fixes and improvements

Download the latest version of FlowMatrix

Changes since 0.9.75

• added update functionality such that a user can check for updates from the Web GUI and if available fetch if from our site.
  the updates will not require to unistall version 0.9.75 and beyond so it means the valuable learned data will not be lost.
  users of 0.9.75 version are encouraged to update to 0.9.76 !
• improved anomaly IP's and ports identifications using experimental differential identification techniques (shown in details under experimental section);
• speedup some DB operations during anomaly classification, additional indexing etc.
• added generation of strong password for PostgreSQL service windows account;
• PostgreSQL DB accepts only connections from local host;
• added ability for the user to add/delete ports used by different monitored application classes;
• minor bug fixes;

Download the latest version of FlowMatrix

November 17, 2008

New first official public release of FlowMatrix, (ver.0.9.73) is available for FULLY FREE downloads and use. FlowMatrix is first FULLY FREE version of NetFlow based Network Anomaly Detection and NetFlow based Network Behavior Analysis tool. This release substantially simplifies user interface, improves on false positives and fixes other problems found during long beta testing period.

Download the latest version of FlowMatrix

August 25, 2008

New release of FlowMatrix, (ver.0.9.65) adds supports for network applications behavior analysis. That means you can define groups of applications by used ports to be monitor and FlowMatrix will automatically create a baseline for each of the group, just like it does for your network. This allows you to detect many attacks, exploits and other security violations on more granular level giving you even better visibility to your network and application envoronment. Additionaly number of existing funcionaly has been improved: simpler interface, improved classification, improved detection rate, improved false-positive detection rate and number of other minor issues.

Download the latest version of FlowMatrix

July 2, 2008

New release of FlowMatrix, (ver.0.9.62) supports application level behavior analysis. That means you can define groups of applications to monitor and FlowMatrix will automatically create a baseline for each of them, just like it does for NBA. When the baseline is crossed a security event is triggered. This allows you to catch many attacks, exploits and other security violations on more granular level giving you even better visibility to your network and application envoronment.

Download the latest version of FlowMatrix

February 23, 2008

FlowMatrix is Network Behavioral Analysis (NBA) System new updated beta version 0.9.56 is available for evaluation downloads for period of 60 days (please check license available at download link with more licensing details).

Download the latest version of FlowMatrix

Changes since 0.9.53 beta release:

• improved anomaly detection with major problem floating point bug under high load;
• other bug fixes;

Changes since 0.9.47 beta release:

• improved classification logic with an addition of a bayesian classifier to fuzzy logic set to better classify detected anomalies for known types of attack;
• improved anomaly events presentation in the user interface: detected anomalies can be viewed in the summary page first without need to go to details;
• fixed bug in rules where rules would trigger when some conditions are improperly reached;
• fixed duplicate IP addresses and ports information in details lists presented for each traffic cluster;
• improved setup to avoid problems with falsely detecting Apache installation on a system when none is installed;

Changes since 0.9.45 beta release:

• fixed classification logic so now anomaly events will be properly classified where applicable;
• speed improvements to processing engine such that on Pentium 4 2.4 GHZ system with 2 GB of memory FlowMatrix is able to handle 10000 flows per second. Up to 20000 flows per second is possible on more capable hardware.
• additional bug fixes;

Please check FlowMatrix details section for more information.

FlowMatrix is Network Behavioral Analysis (NBA) System, which in fully automatic mode constantly monitors your network using NetFlow records from your routers and other network devices in order to identify relevant anomalous security and network events.

After initial learning period of (5-7 days) FlowMatrix builds multidimensional behavioral models of your network and later uses them to detect relevant anomalous security and network events. FlowMatrix provides short response time of 1 minute so you will know about anomaly right when it begins to happen.

FlowMatrix has following key features:

• Performs continuous 27x7 fully automatic behavioral analysis of your network traffic to identify relevant anomaly security and network events.
• Classifies each reported anomaly event (when possible) as belonging to proper class of security or network events (DDoS, Scans, Alpha flows, network outages etc.).
• Collects and presents relevant detailed information for each anomalous event so you can drill down to investigate each reported event to decide on proper set of actions.
• Utilizes NetFlow records collected by network devices such as routers and switches. This eliminates need for additional expensive network probes and as result substantially lowers price for building network security monitoring solution. Currently only NetFlow versions 1 and 5 are supported, more being added;
• Provides short response time — 1 minute, so you will know about events as they begin to happen.
• Builds multidimensional behavioral models of your network in order to lower false positive rate.
• Provides rule system for more interactive event identification so you can create rules to monitor for conditions you would like to know about (for example show host contacted by more then 100 unique hosts, show host that contacted more then 60 unique hosts etc.).
• We try to keep FlowMatrix very focused to its main goal of monitoring network for anomalous events without polluting it with unneeded features.
• Moderate hardware requirements for small and medium size networks. As an example on Pentium 4 2.4 GHZ system with 2 GB of memory: FlowMatrix is able to handle 10000 flows per second Up to 20000 flows per second is possible on more capable hardware.
  This functionality was not possible in beta version before 0.9.045

February 7, 2008

FlowMatrix is Network Behavioral Analysis (NBA) System new updated beta version 0.9.54 is available for evaluation downloads for period of 60 days (please check license available at download link with more licensing details).

January 19, 2007

Network Delay Simulator utility new version 0.9.127 is available for free downloads (please check license available at download link with more licensing details).

Download the latest vesrion of Network Simulator

Since 0.9.126 release:

• Enabled full support for packet loss rate for each flow for each direction, packet loss rate can be enabled in the range: 1 - 100%;
• Fixes since 0.9.126 release;

Since 0.9.125 release:

• Windows Vista support has been added;
• Added support to configure simulation flow for send and receive directions so that asymmetric delays and bandwidth can be simulated;
• Fixes since 0.9.125 release;

This utility can be used to perform network bandwidth, packet loss and delay simulation (simulate slow congested links between connecting nodes) while running over network with high bandwidth (10/100/1000 Ethernet etc.). Network Simulator introduces delays according to provided criteria such as desired delay, wait queue depth, burst size and others. Usefull in this utility is that you can install it on your workstation on which you are performing development or testing and create bandwidth and delay simulation profile such that delay would only apply to connections according to your filter criteria (source and destination IP addresses, source and destination ports, protocols). All other connections that don't match your filter criteria will experience no delay, so you can continue surf web, go to file shares etc. at full speed of your network connection.

November 1, 2007

FlowMatrix is Network Behavioral Analysis (NBA) System beta version 0.9.47 is available for evaluation downloads for period of 60 days (please check license available at download link with more licensing details).

Download the latest vesrion of FlowMatrix

Changes since 0.9.45 beta release:

• fixed classification logic so now anomaly events will be properly classified where applicable;
• speed improvements to processing engine such that on Pentium 4 2.4 GHZ system with 2 GB of memory FlowMatrix is able to handle 10000 flows per second. Up to 20000 flows per second is possible on more capable hardware.
• additional bug fixes;

Please check FlowMatrix details section for more information.

FlowMatrix is Network Behavioral Analysis (NBA) System, which in fully automatic mode constantly monitors your network using NetFlow records from your routers and other network devices in order to identify relevant anomalous security and network events.

After initial learning period of (5-7 days) FlowMatrix builds multidimensional behavioral models of your network and later uses them to detect relevant anomalous security and network events. FlowMatrix provides short response time of 1 minute so you will know about anomaly right when it begins to happen.

FlowMatrix has following key features:

• Performs continuous 27x7 fully automatic behavioral analysis of your network traffic to identify relevant anomaly security and network events.
• Classifies each reported anomaly event (when possible) as belonging to proper class of security or network events (DDoS, Scans, Alpha flows, network outages etc.).
• Collects and presents relevant detailed information for each anomalous event so you can drill down to investigate each reported event to decide on proper set of actions.
• Utilizes NetFlow records collected by network devices such as routers and switches. This eliminates need for additional expensive network probes and as result substantially lowers price for building network security monitoring solution. Currently only NetFlow versions 1 and 5 are supported, more being added;
• Provides short response time — 1 minute, so you will know about events as they begin to happen.
• Builds multidimensional behavioral models of your network in order to lower false positive rate.
• Provides rule system for more interactive event identification so you can create rules to monitor for conditions you would like to know about (for example show host contacted by more then 100 unique hosts, show host that contacted more then 60 unique hosts etc.).
• We try to keep FlowMatrix very focused to its main goal of monitoring network for anomalous events without polluting it with unneeded features.
• Moderate hardware requirements for small and medium size networks. As an example on Pentium 4 2.4 GHZ system with 2 GB of memory: FlowMatrix is able to handle 10000 flows per second Up to 20000 flows per second is possible on more capable hardware.
  This functionality was not possible in beta version before 0.9.045

October 19, 2007

FlowMatrix is Network Behavioral Analysis (NBA) System beta version 0.9.45 is available for evaluation downloads for period of 60 days (please check license available at download link with more licensing details).

Download the latest vesrion of FlowMatrix

FlowMatrix is Network Behavioral Analysis (NBA) System, which in fully automatic mode constantly monitors your network using NetFlow records from your routers and other network devices in order to identify relevant anomalous security and network events.

After initial learning period of (5-7 days) FlowMatrix builds multidimensional behavioral models of your network and later uses them to detect relevant anomalous security and network events. FlowMatrix provides short response time of 1 minute so you will know about anomaly right when it begins to happen.

FlowMatrix has following key features:

• Performs continuous 27x7 fully automatic behavioral analysis of your network traffic to identify relevant anomaly security and network events.
• Classifies each reported anomaly event (when possible) as belonging to proper class of security or network events (DDoS, Scans, Alpha flows, network outages etc.).
• Collects and presents relevant detailed information for each anomalous event so you can drill down to investigate each reported event to decide on proper set of actions.
• Utilizes NetFlow records collected by network devices such as routers and switches. This eliminates need for additional expensive network probes and as result substantially lowers price for building network security monitoring solution. Currently only NetFlow versions 1 and 5 are supported, more being added;
• Provides short response time — 1 minute, so you will know about events as they begin to happen.
• Builds multidimensional behavioral models of your network in order to lower false positive rate.
• Provides rule system for more interactive event identification so you can create rules to monitor for conditions you would like to know about (for example show host contacted by more then 100 unique hosts, show host that contacted more then 60 unique hosts etc.).
• We try to keep FlowMatrix very focused to its main goal of monitoring network for anomalous events without polluting it with unneeded features.
• Moderate hardware requirements for small and medium size networks. As an example on Pentium 4 2.4 GHZ system with 2 GB of memory: FlowMatrix is able to handle 10000 flows per second Up to 20000 flows per second is possible on more capable hardware.
  This functionality was not possible in beta version before 0.9.045

Please check FlowMatrix details section for more information.

September 19, 2007

FlowMatrix is Network Behavioral Analysis (NBA) System beta version 0.9.42 is available for evaluation downloads for period of 60 days (please check license available at download link with more licensing details).

Download the latest vesrion of FlowMatrix

FlowMatrix is Network Behavioral Analysis (NBA) System, which in fully automatic mode constantly monitors your network using NetFlow records from your routers and other network devices in order to identify relevant anomalous security and network events.

After initial learning period of (5-7 days) FlowMatrix builds multidimensional behavioral models of your network and later uses them to detect relevant anomalous security and network events. FlowMatrix provides short response time of 1 minute so you will know about anomaly right when it begins to happen.

FlowMatrix has following key features:

• Performs continuous 27x7 fully automatic behavioral analysis of your network traffic to identify relevant anomaly security and network events.
• Classifies each reported anomaly event (when possible) as belonging to proper class of security or network events (DDoS, Scans, Alpha flows, network outages etc.).
• Collects and presents relevant detailed information for each anomalous event so you can drill down to investigate each reported event to decide on proper set of actions.
• Utilizes NetFlow records collected by network devices such as routers and switches. This eliminates need for additional expensive network probes and as result substantially lowers price for building network security monitoring solution. Currently only NetFlow versions 1 and 5 are supported, more being added;
• Provides short response time — 1 minute, so you will know about events as they begin to happen.
• Builds multidimensional behavioral models of your network in order to lower false positive rate.
• Provides rule system for more interactive event identification so you can create rules to monitor for conditions you would like to know about (for example show host contacted by more then 100 unique hosts, show host that contacted more then 60 unique hosts etc.).
• We try to keep FlowMatrix very focused to its main goal of monitoring network for anomalous events without polluting it with unneeded features.
• Moderate hardware requirements for small and medium size networks.

Please check FlowMatrix details section for more information.

September 17, 2007

Network Delay Simulator utility second beta version 0.9.126 is available for downloads free of charge (please check license available at download link with more licensing details).

Download the latest vesrion of Network Simulator

This version adds following features:

• Windows Vista support has been added;
• Added support to configure simulation flow for send andreceive directions so that asymmetric delays and bandwidth can be simulated;
• Fixes since 0.9.125 release;

This utility can be used to perform network bandwidth and delay simulation (simulate slow congested links between connecting nodes) while running over network with high bandwidth (10/100/1000 Ethernet etc.). Network Simulator introduces delays according to provided criteria such as desired delay, wait queue depth, burst size and others. Usefull in this utility is that you can install it on your workstation on which you are performing development or testing and create bandwidth and delay simulation profile such that delay would only apply to connections according to your filter criteria (source and destination IP addresses, source and destination ports, protocols). All other connections that don't match your filter criteria will experience no delay, so you can continue surf web, go to file shares etc. at full speed of your network connection.

September 9, 2007

Network Delay Simulator utility second beta version 0.9.124 is available for downloads free of charge (please check license available at download link with more licensing details).

Download the latest vesrion of Network Simulator

This version has number of fixes since last release;

This utility can be used to perform network bandwidth and delay simulation (simulate slow congested links between connecting nodes) while running over network with high bandwidth (10/100/1000 Ethernet etc.). Network Simulator introduces delays according to provided criteria such as desired delay, wait queue depth, burst size and others. Usefull in this utility is that you can install it on your workstation on which you are performing development or testing and create bandwidth and delay simulation profile such that delay would only apply to connections according to your filter criteria (source and destination IP addresses, source and destination ports, protocols). All other connections that don't match your filter criteria will experience no delay, so you can continue surf web, go to file shares etc. at full speed of your network connection.

April 4, 2005

Z1 Monitor Experimental utility first public beta version 0.1.9 is available for downloads free of charge (please check license available at download link with more licensing details).

Download the latest vesrion of Z1 Monitor

Z1 Monitor is Experimental Advanced Performance Monitoring utility with ability to model complex interdependencies between multiple monitored variables and monitoring result (combined meaning of all those variables that you monitor). This utility is useful when it is advantages to map multiple performance counter to some single value, which can take different meaning depending on combination of monitored inputs.
For example you can create single meaning like "SystemLoad", which would be result of monitoring of 6 inputs like (or anyother): CPU Utilization, System Queue Length, Available Memory, Pages/sec, Current Disk Queue Length, Avg. Disk sec/Transfer.
and give following meaning to "System Load" like: Low System Load, Medium System Load and High System Load.

What is so special about Z1 Monitor? There are thousand of performance monitoring utilities, what is different about Z1Monitor utility..?

Now lets explain briefly what this utility does by looking at simple example.

Say you would like to have single monitoring result to mean something like System Load about performance and load of your system possibly running some critical application. In this case we could achieve this by monitoring following performance counter (number of monitored parameters is limited to 6 for simplicity of example):

• CPU Utilization;
• System Queue Length;
• Available Memory;
• Pages/sec;
• Current Disk Queue Length;
• Avg. Disk sec/Transfer;

These variables represent main elements of system performance (CPU Load, Memory Subsystem Load and I/O Subsystem Load).

Now imagine that in your head you could say something like this about results of you monitoring of all these variables:

and second rule

These 2 (or could be little bit more) generic rules do really sound like the way most/many people would think about monitoring and interpreting meaning of what they get by looking at monitoring results in real time. Unfortunately with all available commercial or non-commercial monitoring tools they do not have a way to do it in the way we think in our head (like rules above). Usually user would be presented with many thresholds for every monitored parameter, time etc., which they must configure and which are hard to combine among themselves to have results as combination ofobservations of many variables exceeding thresholds etc.. Also these tools would have hard time to deal with time as part of observation (for how long certain value is above some threshold and why this long and not that long etc.).

If you find that monitoring must be much simpler then what is currently offered and think that two rules shown above (show in bold in red) is more logical and intuitive way to think about monitoring problem, then you should try using Z1 Monitor, which is fully functional experimental version at this time. Even so it is experimental version it can do most of what you would need to do to perform monitoring of real world applications and systems in the way expressed by two rules above. It is experimental because more functionality is coming to this tool in stages please visit our web site periodically.

In order to better understand how to use this tool please read Step by Step Examples section in this help where in very short time you will learn all the steps on how to use this simple tool.

November 28, 2004

Network Delay Simulator utility second beta version 0.9.123 is available for downloads free of charge (please check license available at download link with more licensing details).

This version has number of fixes since last release;

This utility can be used to perform network bandwidth and delay simulation (simulate slow congested links between connecting nodes) while running over network with high bandwidth (10/100/1000 Ethernet etc.). Network Simulator introduces delays according to provided criteria such as desired delay, wait queue depth, burst size and others. Usefull in this utility is that you can install it on your workstation on which you are performing development or testing and create bandwidth and delay simulation profile such that delay would only apply to connections according to your filter criteria (source and destination IP addresses, source and destination ports, protocols). All other connections that don't match your filter criteria will experience no delay, so you can continue surf web, go to file shares etc. at full speed of your network connection.

June 9, 2004

Network Delay Simulator utility beta version 0.9.120 is available for downloads free of charge (please check license available at download link with more licensing details).

Download the latest vesrion of Network Simulator

This version has number of fixes since last release;

This utility can be used to perform network bandwidth and delay simulation (simulate slow congested links between connecting nodes) while running over network with high bandwidth (10/100/1000 Ethernet etc.). Network Simulator introduces delays according to provided criteria such as desired delay, waitqueue depth, burst size and others. Usefull in this utility is that you can install it on your workstation on which you are performing development or testing and create bandwidth and delay simulation profile such that delay would only apply to connections according to your filter criteria (source and destination IP addresses, source and destination ports, protocols). All other connections that don't match your filter criteria will experience no delay, so you can continue surf web, go to file shares etc. at full speed of yournetwork connection. This makes unnecessary in many cases expensive delay simulators (there are still cases when you need them).

Please keep in mind this is still early beta version and some intended functionality is not present in current version, most notable among them is the fact that 802.11 is not supported and packet loss rate is not implemented in the driver and as result is grayed out in user interface such that GUI will not allow you to enter it in created simulation profile. If after using this utility you find that there is some other functionality that is missing and you find that it can be useful for you and others, please let us know by sending us e-mail:support@akmalabs.com and if we find it useful we will add it and make available for downloads.