Hybrid Network Traffic Monitoring

Riverbed® NetProfiler provides network flow analytics that you can use to quickly diagnose network issues and identify security threats before end users ever know there’s a problem.


Riverbed NetProfiler combines network flow data with packet-based flow metrics to provide proactive monitoring, analysis, and reporting. Use NetProfiler to answer questions such as how much traffic do I have, who is using it, where is it going, and how is it prioritized?


IT organizations need to understand how degraded performance affects network and application performance, and ultimately business performance. NetProfiler uses behavioral analytics for proactive monitoring. It baselines normal performance and alerts on changes as soon as they occur—typically before users are even aware that performance is degrading.

Deploy anywhere and everywhere you need for on-premise, virtual, or cloud visibility. NetProfiler is designed to meet your hybrid and cloud needs, supporting both Azure NSG Flow Logs and AWS VPC Flow Logs.

NetProfiler automates the mapping of application transactions to their underlying infrastructure so that application definitions and interdependencies are accurate. This helps you create service maps that accelerate the identification of issues across complex application ecosystems, and plan for data center consolidation, cloud, disaster recovery, or virtualization initiatives.

NetProfiler Advanced Security Module optional security analytics software. It leverages flow data to detect, investigate, and mitigate advance threats. NetProfiler Advanced Security Module is especially suited for threat hunting, incident response and network forensics.

Key Benefits

The benefits of Network Traffic Monitoring

Proactive monitoring, not reactive

Network performance today is inextricably linked to business performance. IT Ops needs to understand how degraded performance and security incidents affect end users, and ultimately the business. NetProfiler is a NetFlow analyzer that leverages behavioral analytics to baseline normal network behaviors, then alerts on changes that could affect user experience or indicate a security breach.

Simplify migrations

Migrating applications to the cloud can be complex and time consuming. NetProfiler automates the mapping of application transactions to their underlying infrastructure so that application definitions and their interdependencies are easily identified and accurate. This simplifies a whole range of IT change initiatives, including cloud migrations.

Properly plan for capacity changes

Ensuring networks have adequate resources to handle current and expected future bandwidth needs is essential. With Alluvio NetProfiler network traffic monitoring, you can gain insight into network capacity, utilization, performance, and traffic composition to ensure high performing application delivery. Understand how network traffic flows change over time to prevent unwelcome surprises that could affect users.

Hybrid and multi-cloud visibility

Get the same easy-to-use network traffic monitoring across on-prem, virtual, and multi-cloud environments. Simplify your hybrid troubleshooting and reduce your network and application blind spots by up to 53%.


Key Features of Riverbed Solutions

• NetProfiler captures full-resolution network data—flow records (NetFlow, sFlow, IPFIX, etc.), and performance metrics—across all
internal and cloud network paths

• NetProfiler offers three ways to create a custom application definition. You can map:
– Hosts, host groups, protocols, ports to an application name
– Auto-recognized applications to an application name
– URLs to an application name


• Deep packet inspection of application traffic from Riverbed® AppResponse, Riverbed® NetShark and SteelHead for easy viewing and analysis in the NetProfiler dashboard to help you quickly and accurately distinguish business-critical from recreational applications that are running across your network including the optimized WAN

• One-click dashboard creation creates NetOps-centric, application-specific, SteelHead WAN optimization-specific, and VoIP-related dashboards that quickly surface relevant data and streamline troubleshooting workflows

• NetProfiler is deployable in


– AWS GovCloud West

– Azure

– Azure Government (non-DoD, no Iowa)

• Accurately detect volumetric, protocol and application-type DDoS attacks as soon as 10 seconds


• Act immediately to surgically redirect traffic to A10 TPS mitigation or Verisign CloudSign cloud scrubbing centers

• Uses baseline statistics and proactive monitoring to trigger an alert once a deviation is detected, without prior knowledge of specific applications, path dependencies, and number of users

• Includes a discovery wizard that creates application dashboards to automate the process of mapping transactions to their underlying infrastructure so that application definitions and interdependencies are accurate—including discovering through F5, Riverbed® SteelApp™ Traffic Manager and other application delivery controllers (ADCs)


• Creates service maps for accelerating troubleshooting across complex application ecosystems, and planning for data center consolidation or cloud, disaster recovery, and virtualization initiatives WAN Optimization Analysis


• Robust analysis of optimized Riverbed SteelHead and Interceptor environments enable you to easily plan your optimization deployments, assess the impact, and quantify benefits


• Cost-effective troubleshooting of branch issues using a single product for visibility, control and optimization


• Centralized reporting and monitoring of inbound and outbound quality of service (QoS) site and classes


• Rich application monitoring of 2000+ default applications and custom- defined apps

• Offers at-a-glance summary of key network and application KPIs and how they’ve changed; recent performance and security alert lists; Top Talkers sankey diagram; overall traffic charts; and watch list so you can monitor what’s important to you.

• The following flow telementry can generate and send flow for the cloud to NetProfiler in the cloud or on-prem.

– AppResponse Cloud

– AWS VPC Flow Logs

– Azure NSG Flow Logs

– Other external/third-party solutions

that can generate and send flow in

standard format (i.e., NFv5, v9, IPFIX

etc.) will also work.

• NetProfiler captures and stores all flow, so you have full-fidelity forensic analysis for threat hunting. Pivot and drill down to follow any lead and the data will always be there

• Ensure the success of your SteelConnect SD-WAN environment by validating policies are working as expected, troubleshooting problems quickly, and enabling better planning

• Monitor all network and infrastructure components involved in delivering an application service such as users, Web servers, load balancers, application servers, authentication and DNS servers, databases, and the links between them


• Advanced analytics changes in performance, providing proactive notification of brewing issues


• Service dashboards provide a quick view into the end-to-end health of a business service that is visually shown by red-yellow-green health status indicators


• Guided drill down reveals details of the most critical applications and essential data for fast troubleshooting

• NSX-aware IPFIX format enables Riverbed NPM products to provide detailed information about what NSX virtual overlay networks are running on the physical network, what applications are involved, and which hosts and virtual tunnel endpoints are generating the traffic

• Blacklists alert on known IP addresses, CIDRs, etc. that have been previously determined to be associated with malicious activity


• Threat feeds are analyst-generated information about potential threats. Threat feeds let you read more and investigate your network

• Have the data necessary to recover from a cyber incident with speed and precision to minimize business interruption

Security Analytics

Understand changing patterns of behavior in your network that indicate security threats:


  • Suspicious connection: when two hosts that do not normally communicate start talking
  • Worm: a pattern of scanning among hosts, where systems previously scanned suddenly become scanners themselves. Identification of patient zero, infected hosts, and means of propagation are reported
  • New host: a host that has not been previously identified has sent enough traffic to be regarded as having joined the network
  • New service: a host or an automatic host group is providing or using a service over a new port
  • Host scan: a series of hosts is being interrogated on the same port
  • Port scan: a host or series of hosts is being interrogated across a range of ports
  • Bandwidth surge: a significant increase in traffic that conforms to the characteristics of a DoS or DDoS attack

Have questions?
Ask a Xontech Systems Expert