Last year, Atomic Labs, the creator of the Pion web analytics tool, changed its name to Cloudmeter, raised some money, and set above to make its analytics tool more broadly useful for enterprises. Pion has been transformed into a broader tool called Stream, which runs on premises, and Cloudmeter has cooked up an adjunct …
A few of the potential problems with this sort of network traffic analysis:
1) where do you capture data in a resilient multi-path enterprise network.
2) how do you ensure precise timestamps to correlate a connection's packets on different in/out paths.
3) how do you correlate multiple TCP parallel connections belonging to the same client application/browser transaction.
4) how do you ensure correct interpretation of retries or load-balanced out-of-order packets.
5) how do you distinguish HTML requests that worked and those that were abandoned by the browser.
5) how do you "render" client displays composed of very dynamic content.
6) how do you recognise the application on browser HTTPS connections.
It would be interesting to know the confidence factor in a real world enterprise use.
Netflow meets Application Aware DPI
So, this is Netflow meets Deep Packet Inspection with a bit of application aware filtering built in?
Evolution, not revolution. And you will need sensors at every ingress and egress point., otherwise you won't get the full picture.
I have been doing similar things with snort for years. The only problem is I don't have millions to throw around at developers to write me a pretty interface...
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Boffins say they've got Lithium batteries the wrong way around
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed
- Review A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND