Cloud Abnormal Traffic Analysis
Tailored for IaaS/PaaS departments, suitable for monitoring and analyzing abnormal traffic in large-scale cloud environments
1. Background of Requirements
Real time monitoring, statistical analysis, and backtracking of traffic data are important tasks for the IaaS/PaaS department, which can help engineers effectively deal with potential risks such as unknown features, traffic black holes, and configuration errors;
However, due to the lightweight, dynamic, and sensitive characteristics of cloud environments, the mature traffic analysis technologies and products
under traditional architectures are no longer suitable for cloud environments;
How to use the lightest and fastest method, with no interference to the business and no pressure on the cloud network, to monitor traffic data without blind spots, alert traffic anomalies, locate abnormal nodes, analyze the causes of anomalies, and trace accident data? It is a fundamental ability that must be possessed to continuously improve the quality of cloud network operation.
2. Functional characteristics
> Feature 1: Simple, fast, out of the box
With TiFlow's extreme capabilities and open and universal data structures, any user can quickly realize a rich, practical, easy-to-learn and easy-to-use but powerful cloud east-west traffic monitoring and analysis solution through TiCommander or ELK/Graylog/Opensearch/Splunk platforms;
> Feature 2: Customized fine-grained capability
Through RESTful, different parsing requirements from TCP/UDP,L7-header,body-XML/JSON/HTML are performed on each or each group of TiFlow, which greatly facilitates the parsing requirements of cloud/native east-west traffic for different customers and different scenarios;
> Feature 3: Flow analysis of related assets
whether it is a cloud or cloud native environment, TiFlow can associate every communication with a host/Host or Node/Pod without worrying about the short life cycle of these assets;
> Feature 4: more comprehensive abnormal traffic alarm
supports abnormal alarms for traffic indicators, performance indicators, communication flags, header content, and payload content of various assets or user objects. It can also drill and locate each communication log that causes alarms to quickly complete the analysis and judgment of performance and security risks;
> Feature 5: Support export of Packets and PCAP
prefers users to use TiFlow-JSON TiCommander schemes, Wukong also supports real-time export of Raw Packets and non-real-time PCAP export for specific requirements (such as sandbox, forensics, etc.), which fully meets the requirements of Packet fine-grained analysis.
> Feature 6: Support for cross-architecture, multi-cloud environments
TiFlow can easily cope with cloud/native, IaaS/IDC, public cloud, private cloud and other environments. More importantly, because TiFlow uses simplified JSON and encrypted UDP for data backhaul, there is no need to worry about bandwidth costs and security risks even in cross-domain and cross-cloud monitoring scenarios.
TCPIPlabs Tech., Inc. © 2022-2024 EULA,Infomation and Code Secunity Statement
| Product Center | Scene Centre | Company Related | |
| Cloud East-West Security | |||
| TiCenter-Multi Scene Center | Cloud Traffic Analysis | Our Insights | |
| TiScanner Baseline Probe | Data Behavior Monitoring | To Our Partners | |
| TiRunner Stress Platform |
|
Contact Us | |
