In which contexts can it be useful?

The Fl0wer platform can be useful in all those contexts where you want to implement:

• a Zero Trust approach to IT security, which assumes the absence of a network perimeter considered trusted without investing huge amounts of capital;
• investigate and monitor a network infrastructure in a transparent manner while maintaining user privacy;
• controlling network traffic for security purposes by leveraging the network infrastructure itself for control;
• integration of the network traffic component with other control or analytics tools.

Why choose Fl0wer?

The Fl0wer platform enables several advantages over passive traffic analysis-based solutions (e.g. Darktrace or IDS/IPS like Suricata/Snort):

• Scalability :
  Fl0wer works on the metadata of the flows, not on the raw traffic. In this way, for example, a flow of 20Gb of traffic of a few million packets is synthesized into a single voice. Passive traffic analysis systems today struggle to exceed 40Gbit/second, reaching dizzying costs.
• Privacy :
  By analyzing only the metadata of the flows, the traffic content is not actually transmitted to Fl0wer, so the packet payload is not available, ensuring user privacy.
• Versatility :
  passive traffic analysis tools are useless in the analysis of TLS 1.3 encrypted traffic, making them in fact pleonastic and heavy, supporting only some cases where the encryption keys are available and subject both to slowdowns (if decryption works) and to easy obsolescence in the event of changes to the encryption criteria or protocols, as well as invasive of user privacy if decryption works.
• Ubiquity :
  being able to receive traffic generated internally to the networks by the switches via the sFlow version 5 protocol, it is able to control the entire perimeter of the internal network and not just the inputs or outputs like a traditional perimeter solution based on Firewall or IDS/IPS, significantly facilitating the Zero Trust IT security model.
• Ease of integration :
  through the REST APIs and the LUA engine, it is possible to create integrations that are unthinkable with traditional tools.
• Growth :
  Fl0wer is a solid but constantly evolving and improving platform, conceived with portability in mind (it has been successfully used on SPARC Sun Solaris platforms, IBM pSeries with AIX, and even Raspberry Pi-type ARM systems), has its own PEN (Private Enterprise Number) released by the IANA and a roadmap aimed at improving both its usability and applicability.

It’s simple!

Basically, you install the product (or you can use a ready-made VM) and configure all the network devices to send traffic metadata to it with the protocols previously listed. You describe to Fl0wer (via a configuration file) the various corporate networks and subnets and, if they are known but not essential, the expected traffic flows.

Depending on the complexity and the results you want to achieve, you can configure the data loading into the OLAP DB (or possibly into Elasticsearch or Splunk if these platforms are in use) and configure the production of hourly reports, as well as various LUA scripts in the case of more complex situations.

How it was born

Fl0wer was born in 2015 following a market analysis to verify the availability of tools to perform network traffic analysis in a simple and useful way. The scenario encountered showed very complex and sophisticated open-source tools that required a lot of work to be made useful, and this type of work changes from context to context.

On the other hand, the commercial offer proposed (and still proposes) equally complex tools but with the focus mainly on the network forecasting part, with price ranges that do not justify the majority of use cases.

Over the years, Fl0wer has progressively matured, grown and become an excellent tool to have in the arsenal of various defense tools within infrastructures, ideal for Zero Trust contexts.