Fl0wer 1.6 introduces a new extremely powerful tool that will change your network visibility forever and improve hugely your cyber-security defense arsenal.

We all know how much tools like tcpdump are useful when you need to drill-down a problem to the packet level, but there are few tools doing the opposite: give you a bird's eye view of what is really happening inside your network.

A lot of security professionals think that protecting the perimeter by means of L3-L7 firewalls is the best that can be done and that the inside network is safe, so who cares what's happening there, NAT makes them inaccessible !

WRONG, WRONG, WRONG !!!

In 2019 (but even before, and surely even more in the future) most dangerous data breaches are coming from the inside, and not only because of "unloyal" employees.

First googled sources "data breach inside" reveal:

https://en.wikipedia.org/wiki/Data_breach
https://en.wikipedia.org/wiki/List_of_data_breaches
https://www.techrepublic.com/article/why-insider-security-threats-are-on-the-rise-and-so-difficult-to-detect/
https://hackernoon.com/5-most-vulnerable-industries-for-data-breaches-in-2018-87069dd6e35e

If you configure correctly your network infrastructure to monitor what is happening here, you can classify what it is expected to be correct and discover anomalies. And by means of Netflow, IPFix and sFlow (soon natively) protocols, you can know exactly what is happening in your network thanks to Fl0wer.

Fl0wer is now capable to aggregate by network and protocol/service all your flows, creating for you a traffic-flow matrix, that you can use to:

  • check that your firewall policy is ok
  • detect internal network scans
  • detect TOR traffic
  • detect malware/ransomware spreading internally over the network
  • detect traffic to C&C centers or if you are involved in a botnet
  • much more things

You can auto-magically have a flow-matrix like this:

Flow Matrix SampleFlow Matrix Sample


and then lookup for the detail (if you need it) in your ELK stack using Kibana. Or, even faster, get the matrix directly via command line for scripted processing.

The flow-matrix can be exported as a CSV file, so that you can import it in your favorite tool or work it out in your favorite spreadsheet.

Used in a big Italian telco to check traffic of over 20 firewalls, it helped to reveal unexpected (and sometimes legal) traffic in all of them, and also helped to stop an internal WannaCry infection.


It saved the customer from:


Can you quantify it economically ?

Common off-the-shelf netflow analyzer products are good (and probably better) to make manager-friendly charts, but Fl0wer does natively what is really useful to you.

For more info: https://fl0wer.me