Watching the computer network is composed of two main parts:

1. Monitoring service - is to use a system that constantly monitors a computer network, slow or failing components.
The network administrator receives an overview of:

  • availability of services and servers
  • occupancy lines, CPU, routers, switches, ....

Information for evaluation are obtained mainly through SNMP.
2. Data analysis - is to use a system of collecting and analyzing data in order to detect anomalies that indicate a potential attackers infiltrated into the internal infrastructure.

  • use NetFlow protocol
  • Network Behavior Analysis
  • Packet filtering

    Flow Monitoring-monitoring within the data infrastructure, data nodes,
    centralized and integrated into surveillance centers

  • Analysis at the level of communication - aggregate, but without losing important information
  • Distributed long-term monitoring to cover the entire network
  • Fast and efficient
  • Overview of what is happening across the network, as well as a detailed view of individual communication
  • It does not require expert knowledge
  • Effective even for encrypted traffic

Flow monitoring provide a quick diagnosis in terms of time and space for further analysis, such as. packet analysis:

  • Detailed analysis - at the level of individual packets and their application content
  • Monitoring a particular place at a particular time (which is a problem)
  • Very time consuming
  • Requires knowledge that "what I'm looking for" - otherwise it is necessary to analyze huge amounts of data
  • Especially for experts
  • Ineffective for encrypted traffic

     Network Behavior Analysis-detection of any security anomalies or threats
     undetectable risk within communication networks. The system is fully integrated in the
     SIEM solutions.

  • Detection of changes in behavior, suspicious behavior detection
  • Based on the analysis of statistics IP (L2, L3, L4)
  • Detection and yet undiscovered threats (APT, zero-day attacks, data leakage, denial ...)
  • Does not use attack signatures
  • Analysis perimeter, LAN and WAN, reveals and internal threats
  • Effective even for encrypted traffic
  • Passive - a basis for follow-up action on the net

NBA as standard security solutions such as Firewall, IDS and IPS, which are more dependent upon signatures and detect attacks prostrtedníctvom search application patterns in packets.


  • Monitoring network traffic in real time, improving network and the detection of external and internal attacks, analyzing long-term statistics with resolution to individual desktops, applications and conversations detailed tracking of users and services, effective capacity planning routes
  • Long-term storage of statistics on network traffic and compliance with regulations and laws on electronic communications
  • Fast and accurate troubleshooting the network, immediate identification of any anomalies through automated alerting
  • Through the acquisition of qualified reporting transparent reports on network traffic, easy scheduling and QoS monitoring, control and peering agreements on quality of service (SLA)

Solution detects any anomalies or an event in the time of occurrence of the net. Through the collector shall keep and store in an aggregated state for any length of time needed (surveillance, forensic investigations, etc..).

Reveals the following types of events:

  • Attacks (port scanning, dictionary attacks, DoS, Telnet)
  • Anomalies service (DNS, multicast, high variability of communication)
  • Anomaly behavior of IP addresses (change of behavior profiles)
  • Unwanted application (P2P, online communicators, TOR, TeamViewer)
  • Malware (viruses, spyware, botnets, communication with addresses on blacklistech)
  • Mail (outgoing SPAM illegitimate mail servers)
  • Operational problems (delay, congestion, reverse DNS records, service interruptions)
  • Potential data leaks (upload on public servers, web storage)
  • Violation of security policies (circumvention proxies unknown devices)
  • Specific methods (monitoring sensor networks)

More solutions


Skyfence Cloud Gateway is a cloud access security broker (CASB) that provides visibility and control over sanctioned and unsanctioned cloud apps.

Read more


DLPVivamus sagittis lacus vel augue laoreet rutrum faucibus dolor auctor. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Nullam quis risus eget urna mollis ornare vel eu leo. Praesent commodo cursus magna, vel scelerisque nisl consectetur et.

Read more


virtual private network (VPN) extends a private network across a public network, such as the Internet.

Read more


Solution Cluster-in-a-Box is a pre-configured and pre-installed IT environment with high availability for small and medium sized businesses in a single cabinet.

Read more