Ziften has announced the release of their Ziften ZFlow App and ZFlow Technology Add-on (TA) for Splunk at .conf2017: the 8th Annual Splunk Conference, to help customers maintain 24×7 network, data center, and cloud visibility. The Ziften ZFlow App and TA helps users of Splunk Enterprise and Splunk Enterprise Security (ES) use Ziften-generated extended NetFlow from endpoints, servers, and cloud VMs to see what they are missing at the edge of their network, in their data centers, and in their cloud deployments.
Download the Ziften ZFlow App and ZFlow TA for Splunk here.
NetFlow is pervasive in the enterprise. It provides a simple means of collecting network data for security monitoring and performance management. Recognizing there are limitations from what can be seen from NetFlow, ZFlow generates contextual network flow data from host devices including client devices, servers, and cloud VMs. The ZFlow App and TA enable Splunk users to consume ZFlow data, while helping to eliminate blind spots most network monitoring solutions leave behind such as:
- Visibility into public, private, and hybrid cloud deployment traffic
- Visibility into data center east-west traffic
- Visibility into local broadcast and wireless domain traffic
Additionally, with the improved visibility and context from ZFlow data, organizations can:
- Speed the identification and resolution of user impacting network performance issues
- Shorten attribution and remediation cycle times
- Reduce the time IT operations and helpdesk personnel spend on firefighting issues
All endpoint intelligence collected by ZFlow is sent to Splunk Enterprise and made available within the Splunk Common Information Model (CIM) app making it available for queries across the Splunk portfolio. “Enterprise security teams have limited visibility into cloud-based infrastructure, which can make security operations difficult at best,” said David Monahan, Security Research Director, EMA. “Ziften ZFlow offers an increased level of visibility and intelligence for Splunk users that is essential for enterprises looking to maintain a secure cloud environment for their users, applications, customers and data.”
About Ziften
Ziften delivers all-the-time visibility and control for any asset, anywhere – client devices, servers, and cloud VMs – whether on-network or remote; connected or not. Our unified systems and security operations (SysSecOps) platform empowers IT and security operations teams to quickly repair user impacting endpoint issues, reduce their overall risk posture, speed security threat response,and increase operations productivity. Ziften’s secure architecture delivers continuous, streaming endpoint monitoring and historical data collection for largeand mid-sized enterprises, governments, and managed security service providers (MSSP). And Ziften helps extend the value of incumbent tools, and fillthe gaps between fragmented, siloed systems.