- Threat detection
- Flow-traffic monitoring
- Extended data retention
- Scalability
- Deduplication and stitching
The Flow Collector leverages enterprise telemetry such as NetFlow, IPFIX and other types of flow data from existing infrastructure such as routers, switches, firewalls, endpoints and other network infrastructure devices. The Flow Collector can also receive and collect telemetry from proxy data sources, which can be analyzed by the Global Threat Analytics (formerly Cognitive Threat Analytics), the multilayered machine learning engine, for deep visibility into both web and network traffic. Also, Stealthwatch Enterprise, using Encrypted Traffic Analytics, can use analytics to pinpoint malicious patterns in encrypted traffic to identify threats and accelerate response. Though this feature is built in to the system at no extra cost, it will need to be enabled upon deployment.
The telemetry data is analyzed to provide a complete picture of network activity. Months or even years of data can be stored creating an audit trail that can be used to improve forensic investigations and compliance initiatives. The volume of telemetry collected from the network is determined by the capacity of the deployed Flow Collectors. Multiple Flow Collectors may be installed.