|
|
|
|
|
|
by jawn-
3692 days ago
|
|
|
Judging from screenshots, RTM does a deeper level of packet inspection than netflow based system (silk/flowbat). As Silk/Flowbat are based on netflow records, which doesn't inspect the traffic passing across the network. It just records surface level information about the traffic. Source/Dest ports and addresses, UDP vs TCP and length and size of the conversation. Deeper packet inspection probably results in rtm being able to inspect less traffic. Though depending on how RTM is written and the network drivers being used and your network size, you still might be able to have this monitor your egress points. |
|
|
* regex matching * tcp state machine following * http * dns * bgp * smtp * icmp * pcap splitting by flows * ...
Using them will have an impact on performance, which is why there are no numbers regarding speed on this page. It's always a fit between: what one can see and what one wants to see. It's beeing sold as a privacy feature ;). Nevertheless a security expert has to configure the software so that it fits the environment.
In contrast to other projects, the general assumption is that RTM is not the 'one solution you implement and you're secure' but rather a platform on which you can build your security upon.
Sorry for the generic answer: I don't know Silk/Flowbat well enough in order to provide a in depth comparison.