Telnet Network News

Telnet Network News - We'll keep you up to date with what's happening in the industry.

3 minutes reading time (545 words)

Tolly validates Cubro's innovative Custos solution that cost effectively improves network performance, security posture, compliance and planning

Network Security

Sunday, 10 April 2022

2532 Hits

0 Comments

Cubro Custos Network Monitoring Functionality & Efficiency

Download the Report

Cubro Network Visibility commissioned Tolly, a leading global provider of third-party validation services for vendors of IT products, components and services, to evaluate the usability, storage efficiency and approach to data structure used in Custos. Tests were run by evaluating a live network simultaneously using Cubro Custos and legacy NetFlow/ IP Flow Information Export (IPFIX) files.

Tests showed that the Custos 3D-style user interface provided insightful, immediately actionable network information, stored network data significantly more efficiently than NetFlow/IPFIX, and implemented a human-oriented data structure that could be easily integrated into 3rd-party systems.

"The advantages of Cubro's Time-Window Based approach with the output of Custos are a drastic reduction of processing and storage requirements versus NetFlow while gaining insight into actual protocols and applications on the network as opposed to inferring them from port numbers and server addresses. Additionally, the output is platform-agnostic with flexible formatting, allowing a variety of tools and systems to take advantage of its network telemetry."

- Kevin Tolly, Founder, The Tolly Group

Key takeaways of Tolly Report

Powerful and intuitive network monitoring
Time-Window Aggregation (TWA) that dramatically reduces file size for network transfer and storage
Highly optimizable using custom collection window
Data structure designed with human-readability in mind
Discovery and visualisation of network devices, services & traffic

Time Window Based Monitoring Vs NetFlow (IPFIX)

Time-series data is compiled from a collection of data points collected over a specified time interval; the time window. Cubro employs a customizable time-window, often 1 or 5 minutes. During the given time-window events are combined (time-window aggregation) creating a record that consists of a collection of packet, client, location and application information. The time window based processing has a compression ratio of 1:30 (1 minute) to 1:60 (5 minutes), and retains all important information while having the advantage of discarding redundant data.

The same data point may be collected numerous times over the time window interval, but will result in only a single entry into the aggregated record. To gain the same level of data resolution from NetFlow would require unsampled flow records. In this case one flow record is produced per packet analyzed. This produces a constant traffic stream to transport flow records to a collector where they are stored, processed, and analyzed.

The main issue is that these records contain a lot of redundant data that a time-window based method would have aggregated together at the onset. Ironically, flow data is often aggregated in some way during analysis to produce useful output but this is after transporting and storing larger data volume. Flow data can be sampled to reduce the overall output volume, however this comes at the cost of losing much of the resolution necessary for monitoring and security applications thus limiting its usefulness.