Kemp & Flowmon Join the Culture of Innovation at Progress

The recent acquisition of Kemp, including the team originally from Flowmon Networks, further expands Progress’ expertise and commitment to modernization. Joining Progress as part of the acquisition is Pavel Minarik, former CTO of Flowmon and Kemp. In this blog, Pavel describes his approach to product innovation through joint research and development with universities and academic institutions.

Flowmon Networks was started in 2007 by a team of researchers based on a technology transfer from CESNET. The transferred intellectual property was the foundation for our first product—Flowmon Probe for 1Gbps and 10Gbps networks. Later, this network sensor became the first device in the industry to process 100Gbps of network traffic at line rate and produce accurate network telemetry.

The second product—Flowmon Collector—was based on a popular open-source flow collection engine that we completely rebuilt and accompanied with an enterprise-grade analytics interface, role-based access model, and reporting and visualization capabilities. Flowmon Probe and Flowmon Collector were our NPMD (network performance monitoring & diagnostics) solutions that made their way to Gartner Magic Quadrant and Market Guide reports.

Our NDR (network detection and response) flagship product Flowmon ADS (anomaly detection system) has its origin in the CAMNEP research project.

In CAMNEP, we investigated novel algorithms for the detection of threat actors and indicators of compromise scaling beyond the capabilities of traditional statistical analysis. The project itself was funded by the European research office of the U.S. Army. The project resulted in a technology transfer from Masaryk University in 2008. Since 2010, we’ve offered the very first NetSecOps tooling in a single system—many years before NetSecOps was widely available.

And how do we approach innovations today? The dedicated experimental development team is responsible for incubating the research topics and bringing these ideas to life through projects with a defined scope, timeline, partners, results and funding. This was not always the case. Originally, research was a shared responsibility within the engineering team. The challenge was to prioritize properly, as urgent development tasks took most of the attention and the research agenda was always deprioritized for later. Therefore, we decided to create a dedicated team.

The second pillar of research strategy and practice is a long-term cooperation with our academic partners, including mutual sharing of visions and roadmaps. Project teams cooperate in an agile fashion and joint company and academia leadership groups meet twice a year to review project demos, discuss project progress and align on future plans. All our projects are directly connected to a long-term product roadmap and the team working on the projects overlaps with regular engineering and product management organizations. This ensures the proper technology is being built for the right use cases and project results do not deviate from the original intent.

We give an opportunity to students to bring their own innovations through company-sponsored bachelors and diploma theses accompanied with interim projects and part-time jobs during their study. And over the years, these students become our colleagues, such as developers or team leaders, responsible for their own research and development projects.

In our modern company history, we successfully expanded our product capabilities into ICS/SCADA networks where we help to monitor and protect critical environments such as energy distribution grids.

Another traditional area for network operations and forensics is packet capture, where the result of the capture, a packet trace, is being leveraged by network professionals for troubleshooting or providing proof of an activity on the network. This requires extensive knowledge and technical competencies that we were able to distil into a diagnostic engine.

Our diagnostic engine works like an experienced and extremely fast analyst, it can understand protocol stacks, discover issues in packet traces, correlate facts down to the root cause of identified issues and provide the human network analyst with an explanation and guidance on the issue. This results in shortening the time it takes to resolve the issue and supplements missing expert knowledge. That is how we evolved Flowmon Traffic Recorder into Flowmon Packet Investigator.

Recent research and development topics cover multiple areas. As hybrid infrastructure is the new reality and company infrastructure spans from a traditional on-prem data center through various private and public clouds, it brings a fragmentation of tools and an inconsistent picture of the network. The next Flowmon 12.0 release in 2022 will bring the most versatile cloud monitoring options for all the major public cloud environments leveraging the native FlowLogs telemetry.

A deep dive into full packet data streams in public cloud environments is already possible with current Flowmon Probes, and Flowmon appliances are available across Azure, AWS and Google marketplaces. This reaffirms the Flowmon position as the most flexible and capable network monitoring and traffic analysis solution on the market.

The next hot topic is algorithmized threat hunting using threat intelligence data and supporting the community to exchange this data in a secure, reliable and automated fashion. Flowmon Networks is part of a pan-European security focused research project CONCORDIA, where we leverage and build on top of the MISP platform to share the indicators of compromise. With our Flowmon ADS, we turned the MISP platform into a source of actionable intelligence that is pulled automatically to detect threats materializing in a customer environment.

Another research area of ours is privacy-preserving monitoring and analysis of the encrypted traffic, where metadata is extracted and analyzed to attribute that traffic to a specific service or recognize a threat in the network. We contributed to the standardization of QUIC protocol that is taking over the delivery of the web content and applications and may become a security risk due to lack of visibility in this protocol. Recently, we have published an analysis of QUIC protocol from the perspective of traffic visibility.

For our next round of projects, we are looking at visual analytics and playbooks for data analysts, as well as expanding beyond traditional Flowmon use cases. Next generation web application firewall that can learn the application traffic and tune itself for proper application hardening is the planned contribution to the LoadMaster product family. And we are looking forward to expanding the research and development program even further with all the new opportunities that Progress Software brings.