Technologies and Trends

  • Home
  • Technologies and Trends
Technologies and Trends

June 9th: Join us for the ntop AI Webinar
Artificial intelligence is now a mature technology that is changing everyday life. Observability and cybersecurity are not an exception. This webinar explains the ntop vision on using AI, what we have done, and what is the direction we have in mind. Main topics include: We’ll open with a short session on running LLMs locally — why it matters for ops teams, and how local open models like Qwen make this possible without sending your network data to third-party clouds. This is network intelligence that stays on your infrastructure and explains …
Announce

AI-Powered Network Monitoring: Introducing ntopng MCP Server
AI-Powered Network Monitoring: Introducing ntopng MCP Server for Headless Security Connect your network monitoring directly to AI assistants. Query ClickHouse flows, pull live host stats, and automate security investigations—all through natural language. Table of Contents What is MCP? Why Headless Network Security? Generate Your API Token Add ntopng to Claude Code Available Tools Use Cases: SOC Analysts Use Cases: Network Managers Security Best Practices Troubleshooting FAQ What is MCP? The Model Context Protocol (MCP) exposes ntopng’s network data and tools to AI assistants like Claude Code, Cursor, and VS Code …
Technologies and Trends

May 21st: You’re invited to Observability and Large-Network Monitoring Webinar
Is your network a “black box,” or do you have the granular clarity needed to stay ahead of modern traffic demands? We are excited to announce an upcoming two-part webinar focused on the latest enhancements to nProbe and ntopng. These updates are designed to push the boundaries of what’s possible in network monitoring, moving beyond simple statistics into the realm of true, high-fidelity observability. Here is what we will cover: Part 1: High-Resolution Observability Standard monitoring often misses the “micro-bursts” and transient issues that cause performance bottlenecks. We’ll demonstrate how our new enhancements …
Cybersecurity

Merging ntopng Asset Inventory with Wazuh
Wazuh is a free, open-source security platform that combines SIEM (Security Information and Event Management) and XDR (Extended Detection and Response) capabilities. It is primarily used to monitor endpoints, cloud workloads, and containers to detect threats, ensure compliance, and respond to incidents in real-time. Integrating Wazuh with ntopng creates a powerful security layer by bridging the gap between host-based and network-based monitoring. The core value of this integration lies in comprehensive visibility. While Wazuh excels at monitoring what happens inside a machine, ntopng excels at monitoring what happens between machines. …
ntopng

Single Sign-On on ntopng with OpenID Connect (OIDC)
ntopng has always supported multiple authentication methods to fit different environments: local accounts, LDAP, RADIUS, HTTP basic auth, etc. Now it also supports OpenID Connect (OIDC), bringing native Single Sign-on (SSO) support for any standards-compliant Identity Provider (IdP), including Keycloak, Okta, Auth0, Azure AD / Entra ID, Google Workspace, and more. Why SSO? Managing separate credentials for every tool in a network operations centre is a maintenance burden and a security risk. Passwords get reused, accounts get forgotten, and off-boarding a staff member means hunting down every application they had …
Technologies and Trends

ntopng Just Got Faster — Here’s What Changed
We’ve been quietly working on something that most users won’t notice at first glance — but will feel immediately. Starting with the latest dev ntopng version, the entire UI build pipeline has been improved from the ground up. The result: the UI loads in roughly half the time, and data from the backend arrives faster too. Here’s the full picture of what changed and why it matters. From Webpack to Vite: A New Build Pipeline For years, ntopng’s frontend was generated using Webpack — a tool that served us well, but was …
Cybersecurity

Slow DoS Detection and Prevention
A slow DoS (Denial of Service) attack is a type of cyberattack designed to overwhelm a server or web application by exploiting protocol weaknesses—not through high-volume traffic, but by sending requests very slowly or keeping connections open as long as possible. This consumes server resources (like concurrent connection limits, memory, or threads) with minimal bandwidth usage by the attacker. Instead of flooding the target with huge amounts of data, the attacker sends legitimate-looking requests at an extremely slow pace, or sends partial requests and delays completing them.The server keeps these connections open, waiting for …
cento

nProbe Cento at Scale: Flow Offload Acceleration on Napatech
High-speed networks continue to push the limits of software-based monitoring and security applications. As link speeds grow and traffic patterns become more complex, efficiently analyzing packets while maintaining per-flow state, for updating stats and running Deep Packet Inspection, is increasingly challenging. By leveraging on our long term experience with high-speed packet processing, modern architectures, and state of the art data structures, during the past years we developed nProbe Cento, a high-performance NetFlow probe able to keep up with 100+ Gbit/s on adequate servers. However, this requires quite some resources (mainly …
ntopng

ntopng Direct Dump Mode for High-Speed Flow Collection
When ntopng receives flows from nProbe (NetFlow collector) or nProbe Cento (100 Gbit probe) over ZMQ or Kafka, each flow must go through several processing stages before it is finally stored in the database. These stages include metadata enrichment, classification, analytics, behavioural checks, and additional internal operations. While this processing pipeline is essential for ntopng’s real-time monitoring, it naturally adds latency between the moment a flow arrives and when it becomes queryable in the (ClickHouse) storage backend. In large deployments ingesting thousands or hundreds of thousands of flows per second, …
Technologies and Trends

ntop License Sizing Guide
A popular question we receive from users is the type of ntop license that should be used in projects. Below we try to answer this question to ease your choice. Packet Processing For use cases where you need to capture raw packets and analyze them. Note that up to 1 Gbit you can use PF_RING (no ZC), however above that speed PF_RING ZC is required. Network Speed ntopng (Standalone) ntopng + nProbe ntopng + nProbe Cento < 1 Gbit ✓ ✓ < 5 Gbit ✓ ✓ ✓ < 10 Gbit …
nScrub

nScrub 1.8: Performance, Flexibility, and Hardware Support
We are excited to announce the release of nScrub 1.8, the latest version of our high-performance DDoS protection and traffic scrubbing solution. This update brings significant improvements to the engine, new configuration options, expanded hardware support, and broader packaging availability. Engine Enhancements The 1.8 release introduces several performance optimizations and functional upgrades across the nScrub engine: New Options API Improvements The REST API has been extended to give administrators finer control over traffic mirroring: Tools and Packaging Updates Miscellaneous Improvements nScrub 1.8 is now available! We recommend all users upgrade to …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe