All Progress Tech Talks

Monitoring Secure Networks with Flowmon & WhatsUp Gold

Progress Software is not a new name in the technology industry, but with the acquisition of Ipswitch in 2019 and Kemp Technologies in 2021, they became a lot more relevant in the network monitoring and visibility world. Key products from these acquisitions are WhatsUp Gold (Ipswitch) and Flowmon (Kemp), which also are a couple of longstanding good names in the network monitoring, network performance monitoring & diagnostics (NPMD) and network detection & response (NDR) solutions. With these platforms now under the Progress umbrella, let’s explore the capabilities that these solutions can provide.

Flowmon

Flowmon is at the heart of network and application visibility in the Progress portfolio of products. It is made up of two primary parts: Flowmon Collector and Flowmon Probe. The Flowmon Probe inspects a full packet mirror and converts what it receives into enriched IPFIX data that it then exports to the Flowmon Collector. Though you can export other sampled flow feeds from your network appliances (routers, switches, firewalls, etc) with sFlow, Netflow, & IPFIX directly into the collector, the Flowmon Probe is the ideal way to acquire this data as it adds additional metadata to achieve the highest resolution for analysis.

Other modules are available within the Flowmon Collector including Application Performance Monitoring (APM) & packet capture, but we are going to focus on NPMD & NDR for this article. There are many different deployment options available that can account for single-site, multi-site & high-capacity environments. There are hardware and virtual appliance options available for both the Probe and the Collector.

Outside of the networking analysis components, there is also a capability to integrate a Suricata IDS feed. Suricata is an open-source threat detection engine that can detect known network attacks and correlate that with the flow data. What is interesting about this is the capability to integrate network visibility and application performance monitoring with security monitoring all in one interface. The flow data that is ingested can be parsed and analyzed to present data to help with both network performance and security monitoring.

There are also IPS integration capabilities where high-level threats can be automatically blocked by security appliances like firewalls or by building ACLs in other strategic parts of the network. Though these are pretty cool capabilities, it’s not going to replace your SIEM or other security tools but rather augment them as another valuable security resource.

An interesting use case is integration with Superna (a ransomware defense solution) to send notification when there is a potential ransomware threat in the environment. Once notified, Superna takes a snapshot of data right away just in case the said threat ends up truly being a ransomware attack. This is next-level stuff to be able to take action to defend the organization against data loss on a potential threat as soon as an anomaly is identified.

The blend of network and security monitoring tools in this solution is really appealing, especially for those without this level of sophistication in their environment today. The modular approach employed in the Flowmon solution allows you to customize it to your needs.

WhatsUp Gold

WhatsUp Gold rounds out what I would consider the traditional infrastructure monitoring portion of the Progress portfolio; so your usual up/down, available resources (bandwidth, CPU, memory, storage), availability, packet loss, etc. WhatsUp Gold has been around for a while and I’ve had the opportunity to work with it a few times in my career. It’s good to see it’s lasted the test of time and continues to evolve, but the core of it is largely the same, a comprehensive infrastructure monitoring platform that leverages SNMP, WMI, vSphere API and other network protocols to poll one’s infrastructure. WhatsUp Gold can monitor not just network devices but also hypervisors, server hosts, public cloud infrastructure and even has REST API capabilities to build just about any integration you can imagine.

What really strikes me is all the different views and dashboards you can create in WhatsUp Gold to customize exactly what parts of the infrastructure one can see. When adding the endpoints you wish to monitor, there is a lot of predefined logic to map out exactly what you will likely want to see for many platforms. There is a lot of flexibility in how to map this out and group devices.

Wrapping Up

I’ll be honest, I had never heard of Progress Software before being reintroduced to Flowmon and WhatsUp Gold under their stewardship. It’s good to see these stalwarts in network visibility and monitoring have a good home. For those looking for fairly comprehensive NPMD, NDR & APM platforms that are on-prem, battle tested and won’t break the bank, both of these platforms could fit the bill.

For more information on Flowmon by Progress, check out the presentations on the Tech Field Day website or the Gestalt IT Showcase page.

About the author

Jason Gintert

Data networking professional since 1999, Jason Gintert started in the dial-up ISP world and spent time in the telecommunications service provider space for many of those years. Jason is Co-founder & CTO of WAN Dynamics, a managed and professional services firm focused on assisting companies to adapt to modern cloud connectivity models, and is also Co-founder & President of the Ohio Networking User Group and Technical Steering & Marketing Committee member of the Ohio IX. 

Leave a Comment