Unleashing Progress Flowmon 13: Speed, Smarts and Security Redefined

At Progress, we continue to develop and enhance the Progress Flowmon product family. The latest update brings the core Flowmon product to release 13.0, and it includes remarkable performance improvements, strengthened security and expanded protocol support.

Full details of what’s new and improved in the latest release are available on the Flowmon product page. In this blog, we’re excited to highlight the newest features and improvements to the Flowmon solution.

Supercharged Performance with Redesigned Backend Engine

Flowmon 13 features a completely revamped backend architecture that provides query speeds up to seven times faster than previous releases. This new engine enables more efficient flow data processing, quicker query responses and improved resource management.

Reduced Processing Time - The redesigned backend architecture is engineered for speed, enabling lightning-fast analytics even in data-heavy environments. Organizations processing large volumes of network telemetry will appreciate the performance improvements.

Enhanced User Experience - The redesigned backend enables faster UI responses, reducing administrator frustration and boosting productivity. Network administrators and security teams will spend less time waiting and more time analyzing data.

Accelerated Troubleshooting - Faster queries enable quicker root-cause analysis, helping IT and network operation teams resolve incidents in minutes. This results in reduced downtime and minimizes business risk when network issues occur.

From Clues to Clarity: The New Investigations Feature

Flowmon 13 introduces a powerful new Investigations feature that transforms how you conduct network analysis. Designed for speed, accuracy and teamwork, this feature provides interconnected steps and visual context that make complex network forensics easier to understand.

Visual Analytics with Interconnected Steps - You can now connect analysis queries in a tree view, starting from a root step and drilling down into related queries. When you modify a filter in a parent step, child steps automatically update and display new results. This tree view method enables you to track an investigation from initial detection to root cause. See image below.

Variables and References - You can set variables in filters and modify them in one place across your investigation. Reference variables can extract specific values from results and use them in filters for the next query (such as the Top 10 IP address). This variable flexibility speeds up investigation workflows.

Save, Share and Collaborate - Investigations can be saved to long-term storage, exported for documentation and shared with relevant stakeholders. This makes it easy to collaborate with team members, document security incidents or reuse analysis workflows for similar investigations.

Dedicated Investigations Tab - A new Investigations tab in the main menu shows a table of existing investigations. You can perform bulk or individual actions on investigations, with pagination, search and column sorting available.

From Static Rules to Dynamic Awareness

Flowmon 13 replaces the previous alert system with stream-based alerting that adapts to real-world scenarios. This new approach helps teams detect network anomalies earlier.

Traditional monitoring tools often miss anomalies that span across their fixed time windows. For example, if you configure an alert to trigger when a system makes 3 connections within a 5-minute interval, and a system makes 2 connections in the first window and the third connection at the beginning of the next 5-minute window, static rule-based systems fail to trigger an alert. As a result, the anomalous behavior falls through the cracks because it doesn’t fit neatly into the predefined time slots.

The stream-based alerting capability employs a sliding window method instead. You can configure a time interval (from 30 seconds to 1 day or custom) and an evaluation rate. The system reviews the specified interval at your selected rate to identify conditions that trigger alerts. This method helps reduce false positives and alert fatigue while still alerting on real anomalies.

You can configure whether alerts trigger immediately or after the system gathers all data. You can also set the blocking period before the next trigger, with options including no blocking or intervals ranging from 30 seconds to 1 day.

Troubleshooting with Precise Data Fidelity

Flowmon 13 enhances data visibility across multiple dimensions, giving you the complete picture for faster troubleshooting and better decision-making.

From Shortened URLs to the Full Picture - Variable string field lengths mean you see complete URLs instead of truncated versions. Instead of seeing a shortened URL in the UI, you now see the full path (See image below). This improved visibility helps you understand exactly which resources users’ access.

From Ambiguous Destinations to Precise Understanding - DNS enrichment translates IP addresses into domain names, offering explicit context about user activities. Instead of seeing traffic to an IP address as 219.13.24.154, you see the actual destination like “US.SRV02.INVOICES.COM” along with protocol details such as CIFS for data storage (see images below).

From Tunneled Traffic to All Layers - QinQ support provides insights into all layers of traffic encapsulation. Instead of only seeing a single VLAN tag, you now see both outer and inner VLAN tags. For example, you can identify traffic with outer VLAN “London” and inner VLAN “DEV01” reaching a specific IP address, providing you with precise visibility into complex network architectures (see images below).

Extended IP Indexing

IP indexing capabilities expand in Flowmon 13 to work on all real profiles. This upgrade enables faster query execution with more parameters and aggregations available. Combined with the redesigned backend engine, IP indexing enables you to locate specific IP address activity across your network in seconds. Read more about Accelerated search with IP indexing in this blog.

Monitor New OT and IoT Protocols

Organizations running industrial control systems and IoT deployments gain enhanced Layer 7 visibility with Flowmon 13 via support for key protocols:

• Modbus - A simple, widely used protocol for industrial devices

• MQTT - A lightweight, efficient protocol for IoT messaging

• S7COMM - A proprietary Siemens protocol for PLC communication

• DNP3 - A secure, reliable protocol for utility automation

This expanded protocol support helps industrial organizations and critical infrastructure operators monitor specialized traffic that traditional monitoring tools often miss.

Enhanced Flow Field Support

Flowmon 13 expands the types of flow data you can collect and analyze, providing you with deeper visibility into your network traffic.

• Full Biflow Support - Flowmon Collector now fully supports biflow processing and traffic analysis, making it easier to monitor bidirectional network conversations.

• X-Forwarded-For HTTP Header Support - Flowmon now analyzes and displays the X-Forwarded-For HTTP header field. Proxies and load balancers typically use this field to maintain the original client IP address. This addition makes it easier to determine the true source of web traffic in complex network setups.

• Observation Domain ID - Flowmon Collector now stores the Observation Domain ID (IPFIX element #49) in the source-id field. This helps you link flows to specific exporter instances, especially in setups with RSS queues and multi-core exporters.

For a full reference and more details about supported fields, visit the Flowmon Supported Flow Standards.

Redesigned Quota Manager

The Quota Manager in Flowmon 13 has received a significant redesign to resolve long-standing usability and performance issues. Changes include:

Improved User Interface - We revamped the interface to improve usability and responsiveness, especially when managing large numbers of quotas. The new design simplifies quota management, making it easier to view your storage allocation quickly.

Retention Visibility - You can now view the retention period for each quota and see how much time is left before the system exceeds it. This information helps you plan storage capacity more effectively.

Visual Feedback - The UI uses color coding to highlight valid and invalid quota changes. It summarizes adjustments in the Current and New disk allocation charts, helping you navigate configuration updates.

Runtime Behavior - The system now alerts users to quota issues and suspends modules that exceed their disk quotas, mitigating storage problems from affecting other functions.

Azure VNet Flow Logs Support

Flowmon 13 adds support for Azure VNet Flow Logs, enhancing our cloud monitoring features from previous updates. Organizations using Microsoft Azure can now ingest native flow logs alongside other flow logs, enabling comprehensive multi-cloud visibility on a single dashboard.

Enhanced Analysis Capabilities

Analysis workflows in Flowmon 13 feature several improvements that make data exploration quicker and more adaptable.

User-Changeable Granularity - You can now adjust the granularity of chart data dynamically, from 30 seconds to 1 day, giving you control over the level of detail in your analysis.

Show Not Applicable (N/A) Values - A new option allows you to show or hide flows with no value in the aggregation field (such as Hostname). This filtering feature helps you focus on relevant data during investigations.

Streamlined Chapters Feature

The Chapters feature receives backend improvements and simplified configuration options.

Improved Data Granularity - The last 24 hours of the top chapters now have 5-minute granularity, providing better visibility in Flowmon Dashboards and Reports.

Simplified Settings - We removed several legacy options to streamline the user experience, including user switching to view available chapters, business hours configuration and multiple language localizations. A new setting allows you to show or hide flows without value in aggregation fields (such as Hostname), providing cleaner results when needed.

Redesigned Topology Editor

We’ve redesigned the topology editor to make it easier to create and manage network topology visualizations. The improved interface simplifies the topology creation process and offers a more intuitive experience.

Flowmon ADS 13 Improvements

The Flowmon Anomaly Detection System (ADS) receives important updates in version 13.

New OT Detection Methods - Three new machine learning-based detection methods specifically target operational technology environments, helping organizations to monitor and protect industrial control systems.

Significant UI Speed Improvements - The Analysis Summary, Simple List, By MITRE and By Hosts pages now load two to seven times faster, streamlining security operations workflows and reducing the time security teams spend waiting for data to load.

Security Enhancements

Flowmon 13 incorporates key security updates to better safeguard your monitoring infrastructure.

FIPS Compliance Options - Support for Federal Information Processing Standards (FIPS) is available for organizations that need this level of cryptographic security. The latest release also provides warnings about security when FIPS mode is disabled.

Spectre and Meltdown Mitigations - Organizations can set up protections against Spectre and Meltdown CPU vulnerabilities based on their specific security needs and performance requirements.

Find Out More

To discuss how the Flowmon cybersecurity solution can improve your network visibility and security, contact us.

To try Flowmon for free and see how it can provide actionable insights for your organization in just minutes, visit our free trial page. Our support team is available to assist you during your trial.