E X TR AHOP NETFLOW SENSOR

NetFlow Sensor
Extend flow-based security and
performance monitoring across
your network

Gain Comprehensive Visibility Across Your Organization Key Capabilities

Sometimes it isn't practical or necessary to put full-packet analytics at every Troubleshoot network incidents
and outages with NetFlow
tiny remote site, but you still want to monitor network status and application access within Reveal(x)
performance, so having zero visibility isn't an option. ExtraHop now offers a
new NetFlow sensor to provide the visibility you need at even the most remote Monitor network traffic patterns
and application performance
locations that may not have the equipment or staff in place to support a full including “Top Talkers”
network detection and response deployment. The ExtraHop NetFlow sensor
is a virtual deployment that supports NetFlow v5, NetFlow v9, and IPFIX. The Track NetFlow metrics and
examine traffic patterns over
NetFlow sensor works with both Reveal(x) 360 and Reveal(x) Enterprise and time for efficient planning
cannot be deployed as a standalone.
Discover devices and fire
ExtraHop’s dedicated NetFlow sensor provides scalable detection, efficient alerts on those devices
troubleshooting, and rapid problem resolution to efficiently allocate network
resources as well as to detect and monitor potential security threats and policy Collect data from NetFlow
v5, v9, and IPFIX
violations. Combined with Reveal(x), security teams can detect changes in network
behavior to identify anomalies indicative of a security breach including data Seamless user experience
exfiltration. NetFlow data is also a valuable forensic tool to understand and with Reveal(x) with integrated
full-spectrum investigation
replay the history of security incidents so security teams can learn from them. workflows

Reveal(x) brings all of your network visibility needs together. Backed by a dedicated modern
virtual sensor (1292v)
● Add NetFlow to your Reveal(x) deployment to cover remote sites that may
not support or require full NDR visibility.
● Troubleshoot application performance issues across the enterprise with Use Cases
NetFlow in a single interface. Performance
● Get to the root cause of performance and bandwidth issues in minutes, Top Talkers
not hours or days Application Mapping
Policy Management
With NetFlow data your security and monitoring tools will receive relevant,
summarized data including: Security

● Source and destination of network traffic flows Data Exfiltration

DDoS Attack Detection
● Statistics about such traffic flows
C2 Attack Detection
● Flow details, such as protocol information, class of service, causes of congestion
● Insights about applications
 E X TR AHOP NETFLOW SENSOR

VIRTUAL SENSOR

SPECIFICATIONS EFC 1292V

TRAFFIC ANALYTICS
Throughput up to 1 Gbps

up to 12,000 flows per second

NETWORK REQUIREMENTS
ExtraHop appliances can receive data via RPCAP, ERSPAN, VXLAN, and port mirroring.
RPCAP, ERSPAN, and VXLAN have a maximum throughput of 1 Gbps per management virtual interface.
Management virtual interface 1 or more
Capture virtual interfaces 1
Firewall requirements

ExtraHop Command Appliance (ECA)

ExtraHop requires thick provisioning on all virtual appliances. CPUs require hyperthreading,
RESOURCE REQUIREMENTS VT-x technology and 64-bit architecture.
vCPUs 4
Memory 8 GB
Disk 46 GB

VIRTUAL & CLOUD ENVIRONMENTS

KVM

VMware

v2, 96GB DDR3 RAM, and 1 TB of storage, and was running VMware ESX v5.1. Data was sent from physical port mirrors to two dedicated

A B OU T E XTRAH OP N E TWO RK S
ExtraHop is the cybersecurity partner enterprises trust to reveal the unknown and unmask the attack. The ExtraHop Reveal(x)
360 platform is the only network detection and response solution that delivers the 360-degree visibility needed to uncover the
cybertruth. When organizations have full network transparency with ExtraHop, they can see more, know more, and stop more
[email protected]
cyberattacks. Learn more at www.extrahop.com.
www.extrahop.com
© 2023 ExtraHop Networks, Inc. All rights reserved. ExtraHop is a registered trademark of ExtraHop Networks,
Inc. in the United States and/or other countries. All other products are the trademarks of their respective owners.