Monday, May 8, 2017

Simulated VOIP NetFlow flows visualized with Kibana

When you have many branch offices with a VOIP telephone system, such
as any brick-and-mortar retailer, bank, or multi-national company,
you will have a monitoring system, likely based on NetFlow, to assure
smooth operations.

This system likely will require a lot of customization to fit into your
IT system. Thus, you will require development, testing and training of
these customizations.

This use-case documents the use of an ELK-based flow-monitoring solution
to monitor VOIP traffic. Instead of affecting the production network, a
simulator in a lab can recreate your network without impacting operations.

Kibana is visualizing simulated VOIP traffic between many phones and
a PBX through CUCM as is common in banks, retailers, brokers or any
brick-and-mortar branch office where there are a lot of phones. Intensity
of traffic can be customized at will to test detection of usage patterns
and security risks.

MIMIC NetFlow Simulator is generating realistic VOIP flows from many
branch-office phones to some external "outside" phone numbers. By
tailoring the flows to your needs, you can verify that your monitoring
system is reacting as expected.

For example, you can have many phones with expected usage, and a small
set of high-traffic phones, and see if they are detected.

No comments: