LogRhythm NetMon | Network Monitoring
Network monitoring plays an essential role in helping detect, stop, and recover from attacks. As threats can bypass perimeter defenses or originate from within, having visibility into your network traffic allows you to immediately recognize suspicious issues.
LogRhythm NetMon provides the real-time visibility and security analytics you need to monitor your organization’s entire network.
Top Network Traffic Analysis Use Cases
Surface data exfiltration activities:
Identify long-running sessions, “low and slow” sessions hidden in normal traffic, anomalous outbound network sessions, and other activities indicative of data exfiltration.
Discover operational anomalies:
Verify that you aren’t seeing protocols or traffic that you think you’ve blocked or traffic between systems that should be isolated from each other.
Find hidden security threats:
Catch security threats hiding in low-level chatty protocols like DNS, SNMP, or Kerberos.
Expose nuisance apps and bandwidth hogs:
Discover when apps that are against corporate policy are being used. Find out who or what is taking up the most bandwidth.
Detect botnets and beaconing:
Identify traffic using anomalous ports. View malformed packet headers. Recognize command and control callbacks.
See where your network traffic is going:
Identify outbound IP and URL destinations and classify traffic by ingress, egress, or lateral motion in your network.
Schedule a Live Online Demonstration with an Expert
Let’s find a time that is convenient for your team.
Get Maximum Network Visibility
- Automatically identify over 3,500 applications with True Application Identification’s advanced classification methods and deep packet inspection.
- Gain a rich set of packet metadata derived from each network session, appropriate to the type of application used with SmartFlow™.
- Automate threat detection by correlating against full packet payload and SmartFlow data using Deep Packet Analytics’ (DPA) out-of-the-box rules and customizable scripts.
- See every bit that crosses your network with Layer 2–7 packet capture stored in industry-standard PCAP format with full packet capture.
- Automatically capture sessions based on application or packet content to preserve the information you need with SmartCapture™.
- Drill down to critical packet and flow data on our Elasticsearch backend to streamline your investigation with unstructured search.
- Reconstruct email file attachments to support malware analysis and data loss monitoring.
- Surface continuous findings and fine-tune network visibility through saved searches with automated alerts and customizable dashboards.
- Provide third-party tools access to network data for custom integrations and automation with a full-featured REST API.
See More Activity on Your Network with Deep Packet Analytics
NetMon’s Deep Packet Inspection (DPI) engine gives you a deep understanding of your network activity in an easy-to-access format. It identifies and categorizes thousands of applications at wire speed and populates thousands of metadata fields. NetMon also analyzes and extracts Layer 2–7 network data using a variety of methods, including pattern matching, heuristic modeling, and signatures for session identification.
Deep Packet Analytics (DPA) builds upon DPI to provide a richer source of visibility into network traffic, including immediate recognition of PII, credit card information, port and protocol mismatch, and other key data revealing inappropriate data movement. DPA allows for continuous correlation against full packet payloads and metadata using prebuilt and custom rule sets and provides unprecedented control over alarming and response at the flow and packet level.. Through DPA rules, you can automate threat detection that was previously only possible via manual packet analysis.
Go Further with Network Detection and Response
When a threat crosses your network, time is of the essence. While NetMon helps you detect threats, a solution with centralized analysis and full response capabilities means you can remediate them at lightning speed.
LogRhythm NetworkXDR goes beyond network traffic monitoring to provide complete visibility, machine-based analysis, threat corroboration, and prebuilt response capabilities for real-time network detection and response. With NetworkXDR, broad-spectrum network data flows from NetMon sensors to the LogRhythm NextGen SIEM Platform. The SIEM further enriches this data with environmental and threat context and applies dynamic machine analytics, including known indicators of compromise (IOC) signature-based inspection, tactics, techniques, and procedures (TTP) scenario-based modeling and behavioral analysis to expose evolving threats more effectively.
The result is full coverage against known and unknown network threats without the need for heavy tuning or lengthy machine learning training periods.
Compare Network Monitoring Options
Features |
NetMon Freemium |
NetMon |
NetworkXDR |
Unstructured Search Across All Network Data | ✔ | ✔ | ✔ |
Deep Packet Analytics | ✔ | ✔ | ✔ |
Full Packet Capture & SmartCapture™ | ✔ | ✔ | ✔ |
Automatic Recognition of 3,500+ Applications | ✔ | ✔ | ✔ |
Continuous Search-Based Alerting | ✔ | ✔ | ✔ |
Data Forwarding via Syslog | Diagnostics and Alarms | ✔ | ✔ |
Data Processing Rate | Up to 1 Gbps | Up to 10 Gbps | Up to 10 Gbps per sensor |
Packet Capture Storage | 1 GB | Unlimited | Unlimited |
Metadata Indexing Retention | Up to 3 days | Up to 30 days | Unlimited SmartFlow metadata |
Correlation with Additional Data Sources | ✔ | ||
Automated Response Capabilities | ✔ | ||
Full Investigative Workflow | ✔ | ||
Support | Online only, through the Community | Enterprise-grade phone and chat support | Enterprise-grade phone and chat support |
Flexible Deployment Options
Choose the right NetMon deployment for your environment
NetMon’s passive sensors deploy via TAP, SPAN, GRE, or integration with a third-party network packet broker. Both perpetual and subscription licensing options are available.
Want to Learn More About Network Monitoring?
Check out these helpful blog posts and webcasts: