Peered with edge or internal routers, Kentik Detect gets live eBGP/iBGP routing updates that include source, destination, path, and AS (next hop, 2nd hop, 3rd hop). Each flow record is matched against the BGP RIB and enhanced with both BGP (community, route, next hop IP/CIDR, etc.) and GeoIP (city, region, and country). These fully indexed BGP and GeoIP fields tell you where and how each flow is going.
Kentik Detect doesn’t box you into a single flow protocol or device supplier. Instead we support flow data — NetFlow (v5, v9), sFlow, IPFIX, RFlow, J-Flow, cflowd, etc. — from every major brand of router or switch. We also support traffic data from devices like firewalls, load balancers, and network packet brokers. To correlate flows to devices and interfaces, we also poll SNMP.
Kentik’s kprobe software agent runs on hosts or sensors to produce enhanced flow records containing application-layer details and performance metrics derived directly from live traffic. With measurements like latency and TCP retransmits, kprobe makes Kentik Detect a powerful NPM solution. And unlike traditional probe appliances, kprobe is cloud- and container-friendly, ready to deploy wherever your applications live.
Without you knowing it, your network may be carrying traffic for botnets or compromised hosts, diverting your resources toward malicious activity that puts your reputation at risk. Using continuously updated feeds from world leaders in threat intelligence, Kentik Detect correlates threat information with every flow, enabling you to rapidly identify and respond to unauthorized or malicious use of your network.