What is Kentik Detect®?
Kentik Detect is a big data-based service for high performance network visibility, DDoS detection, and infrastructure optimization. Deployed as SaaS or on premises, Kentik Detect scales to any volume of traffic, catches issues in moments, and informs your response with data-driven insights.
Who started Kentik, and why?
Kentik was founded by network, data, and systems technologists and executives who have built and operated some of the world’s largest and most complex infrastructure. Kentik Detect represents the unified, efficient visibility and alerting service that they’ve always wanted but couldn’t find. Kentik Detect addresses immediate and pressing network visibility and control issues, deploys in minutes, and is quick to deliver value.
Who can benefit from using Kentik Detect?
Kentik Detect benefits everyone whose technical and/or managerial responsibilities involve network infrastructure, including:
- Anyone who works in or around network operations, such as network managers, network engineers, and network operators.
- Anyone responsible for planning and optimizing networks, including network architects, network engineers, network systems analysts, and peering coordinators.
- Anyone responsible for assuring network resilience against DDoS, such as network security operators, network security managers, and reliability engineers.
What kind of data can I send to Kentik Detect?
Kentik Detect unifies several types of network data into a single, continuous-ingest datastore that’s queryable within moments of data receipt. The following data types are currently supported:
- All common flow data formats, including NetFlow v5 and v9, sFlow, JFlow, cflowd, RFlow, and IPFIX.
- SNMP data: interface names, descriptions, and octets.
- BGP routing data.
We are adding other types over time, such as enriched metadata or security data streams, based on demand from customers.
How many network devices can I send data from?
An unlimited number of devices can be configured to send data to Kentik Detect.
How do I send data from my devices to Kentik Detect?
Kentik Detect supports several different ways to send your network data:
- Send flow, and optionally SNMP and/or BGP directly from network devices to Kentik’s servers.
- Send data to a local instance of Kentik Agent software, which will encrypt and proxy the data to Kentik’s servers via HTTPS.
- Use the Kentik agent to generate flow data from packets.
How many flows per second can I send to Kentik Detect?
Kentik Detect currently handles millions of flows per second (tens of billions per day) across our many customers, supporting networks whose aggregate capacity exceeds 30 Terabits. Flow from individual organizations is supported at the following rates:
- Unlimited aggregate flows per second per customer.
- 4,000 flows per second per flow source (greater as needed, with configuration assistance).
Do I have to learn a new search language to view or query my data?
No. The Kentik Detect portal enables many views of your data using simple on-page controls specifying time range and filters. For more specific queries, whether in the portal, the API, or a SQL client, you’ll use the syntax of industry standard PostgreSQL.
How long does Kentik Detect store my data?
With Kentik Detect you do not need to guess in advance which aspects of flow you will later want to examine in detail. By default, Kentik Detect retains all ingested network data at full resolution, along with reports and summaries for at least 90 days. For information about optional longer-term retention, please contact firstname.lastname@example.org.
What enables Kentik Detect to ingest so much data, store it so long, and query it so fast?
Effective network visibility requires data ingest at massive volume, near-instant availability of new data, and low-latency ad hoc queries. Off-the-shelf big data platforms can’t meet those requirements. Kentik developed the Kentik Data Engine (KDE), a custom, distributed column-store database. KDE, which powers Kentik Detect, was designed from the ground up to be massively-scalable, multi-tenant, and open, allowing easy integration.
Can I generate reports within Kentik Detect?
Yes! You can save any query as a report and use it yourself, share with a co-worker, or add it to a custom dashboard.
How does Kentik secure my data?
Kentik takes data security extremely seriously. Kentik Detect has been built around the following general security guidelines:
- All data sent to us can be encrypted in transit.
- All access to our system is protected.
- No customer has access to the data of another customer.
The above precautions allow Kentik to store data unencrypted (except by customer request) on our internal datastore, thereby enabling exceptional performance for ingestion and querying. For additional details about Kentik’s approach to data security, see our Knowledge Base article.
What integration options (e.g. APIs) does Kentik Detect support?
Kentik Detect supports multiple integration options:
- Kentik’s full-featured REST API exposes both querying and system configuration (devices, users, alerts, and tags).
- The Kentik Data Engine™ (KDE™) datastore can be queried directly from any client that supports PostgreSQL. With a scriptable client, querying and configuration may be fully automated.
- Configuration and management of users, devices, tags, and other portal elements can be performed via API as well
Can Kentik Detect protect me from DDoS attacks?
Yes, Kentik Detect’s built-in anomaly detection offers the industry’s most comprehensive and sophisticated baselining capability, offering 30% more accurate detection of DDoS attacks when compared to traditional approaches. Kentik Detect also offers integrated support and automated triggering of mitigation via RTBH and leading DDoS mitigation solutions such as Radware DefensePro and A10 Thunder TPS.
Does Kentik Detect mitigate DDoS attacks?
Kentik Detect does not mitigate attacks directly, but Kentik Detect’s alerting system supports multiple notification modes that make it easy to integrate with a variety of mitigation options. Syslog and push to external URL can both be used to automatically trigger ACL generation on routers, to inject BGP black hole routes, or to activate a hardware mitigation device or cloud-based DDoS mitigation service. Kentik is currently working with multiple providers of mitigation services to develop fully automated detect-and-mitigate functionality.
Can I push alerts from Kentik Detect to my own monitoring system?
Yes, Kentik Detect generates alert notifications not only via email, but also via syslog and/or JSON post to external URL, which means that you can easily integrate notifications into your existing monitoring system(s), such as Graphite, OpenTSDB, Nagios, and Zenoss.
How do I share network intelligence from Kentik Detect with others in my organization?
Kentik Detect’s portal lets admin users create custom dashboards that graph traffic by any of over 20 metrics (geo, ASNs, IPs, ports, interfaces, etc.) and allow you to apply unlimited filters based on more than 20 different parameters. Saved dashboards can function as dynamically updated reports that are accessible by all of an organization’s authorized users. Snapshots can also be saved from the Data Explorer as image files (PDF, JPG, PNG, or SVG) to share directly with any individual. Expanded reporting options are on our product development roadmap.
How many users in my organization can use Kentik Detect?
Kentik Detect supports unlimited registered users per customer, so you can authorize any number of team members to access your network data via the system. Why do we do this? Because we want you to be able to share the value of Kentik Detect as you see fit throughout your organization, without barriers.
Can I deploy Kentik Detect on premises?
For very large or sensitive deployments, Kentik Detect can be provisioned on a private cluster within a customer data center. For further information about on premises deployment, please contact email@example.com.
How much does Kentik Detect cost?
Kentik Detect is a service that is offered on a subscription basis. The annual subscription fee is based solely on the number of sources (routers or hosts) sending flow to the system. Subscribers pay no installation fees, no per-seat fees, no storage fees, and no data volume fees. The efficiency of our SaaS model allows us to deliver exceptional performance at a fraction of the cost of alternative approaches, from traditional appliance-based systems to custom tools that are built and/or maintained in house. For pricing information that’s specific to your system, please contact firstname.lastname@example.org.
Is the Kentik Data Engine just Postgres?
No – the KDE uses Postgres as a “data API” but stores data on its own clustered backend, with built-in query caching, rate-limiting, auto-thinning, policy-based expiration, and compression.
I’d like to try Kentik Detect on a trial basis. How do I get started?
Get an invitation to sign up for a free trial by clicking the Get Started button at the top right of this page.
If you don’t see your question above, please contact us.