Enriched Flow Intelligence for NetOps and SecOps
Observer GigaFlow transforms flow-based analysis by combining multiple traffic and infrastructure data sources to provide deep performance management and network security insight.
The growing number and variety of devices and applications across today’s hybrid IT environment are becoming increasingly difficult to manage — whether related to IoT, SD-WAN, cloud migrations or remote users at the network edge. Observer GigaFlow solves the pervasive end-user experience, performance, and security challenges in these dynamic environments by intelligently stitching traditional flow, SNMP, user identity, and session syslog data into an enriched flow record. It strengthens existing security measures by adding another layer of protection and peace-of-mind that your network infrastructure is well defended.
GigaFlow processes mountains of unstructured data and delivers enriched flow records that provide in-depth details on network device types, connectivity, traffic control, and usage patterns. This information is maintained at the individual user, over time across all communication traversing the environment from any point of view making it particularly valuable for NetOps and SecOps teams.
VIAVI brings the network to the table and exposes the infrastructure and traffic clearly to all business stakeholders serving as the go-to platform for every IT team.
End-User & Application Capacity Management
GigaFlow provides network traffic visibility on a per interface basis down to the layer 2 switch. Gain usage and utilization insight by individual user or in aggregate spanning the service delivery environment from core to edge and into the cloud. This is ideal for general assessments of end-user experience at points anywhere along the conversation route, and valuable for quantifying asset cost/benefit efficiencies. For example, assessing the cost effectiveness of cloud deployments and accurately attributing costs of underlying IT assets to the resource users (e.g. department, business unit).
End-User Flow Forensics
GigaFlow offers real-time and long-term historical perspectives of end-user status as a function of underlying service health at every traffic device interface. The enriched flow records of GigaFlow dynamically capture all relevant data including timestamp and location continuously over extended periods. Because of this, IT teams can navigate to a specific event or anomaly in the past to troubleshoot and solve the problem by answering who it impacted and when, where, and how the incident occurred.
Threat ID with Scope & Impact Context
Out of the box, GigaFlow will automatically call home to obtain the latest black lists IPs, then checks it against all enriched flow records over time. GigaFlow can also alert on syn only flow records, often associated with rogue activity. Incidents from other security solutions can be passed to GigaFlow providing search and identification capabilities. This helps answer questions like: What was the host or device communicating with earlier? Where is the rogue host/device now? Who was using the host/device? This aids SecOp teams in their investigations and enhances existing security solutions.
Advanced Traffic Profiling
A core capability of GigaFlow is the ability to build a traffic profile of devices on the network. Hosts are characterized by type, usage, application, and communication activity. This can be used to assess acceptable usage (e.g. white lists). Profiles are maintained in real-time with all future network generated device traffic evaluated against past behavior for unusual or anomalous activity. Ongoing SNMP polling has the added benefit of quickly detecting new and possibly rogue activity. For example, discovering compromised or bogus assets that serve as entry points for security threats (e.g. When is a printer not a printer?).
GigaFlow offers an extensible, easy deployment clustered architecture with carrier grade scalability and a “pay-as-you-grow” pricing model. Options are available as an appliance and in various software capacities based on number of flows supported and emitting sources to satisfy the needs of any size organization.
It integrates with Apex and GigaStor via workflows providing enriched flow record data for fast end-user experience troubleshooting and forensic security analysis.
Choose the right Observer GigaStor for your organization’s size and needs.
VIAVI offers multiple options in various form factors, network speeds, port counts, and capacities that range from 256 GB to more than a petabyte. For more information beyond the appliance summary shown below contact one of our sales experts.
An Elite Solution Partner
Elite Solution Partners consistently demonstrate the highest levels of achievement across a broad spectrum of VIAVI product lines including their more complex solutions. We provide advanced technical and commercial insights to ensure you get the right solution to meet your needs. We also manage first-level post-sales user support, including the ability to address basic product usage questions and managing in-warranty and out-of-warranty equipment returns for VIAVI repair.