Those who attended our latest 2021 webinar, had a feeling of what are ntop plans for this year. In summary we keep focusing on cybersecurity and visibility, planning to further enhance our existing tools as follows:
- nDPI: we plan to improve detection new threats and make it more configurable by end users. The idea is that endusers can further extend the core via configuration files in order to catch malware or contacts to suspicious/infected hosts. We do not want to turn nDPI into a rule-based tool such as many IDS that search very specific events (if X and Y and Z and … then K) but stay more general leveraging on flow risks. Note that post 4.0 release we have also significantly reduced memory usage and made nDPI faster, that are benefits for all users.
- PF_RING: as we did with packets many years ago, we want to extend packet metadata and simplify system introspection by providing a simple and lightweight layer for observing processes, sockets, connections and users without using eBPF, that is not present in all Linux distro and overwhelming in many cases as designed to be general contrary to what we plan to achieve. Done this we can integrate system introspection in tools such as ntopng and nProbe to further provide visibility and thus security.
- nProbe: we are completing syslog support for turning syslog entries (a sneak peak of non-NetFlow/IPFIX collection was demonstrated with AWS VPC log support) as some devices (e.g. Fortinet) provide more information via syslog than with NetFlow. In addition we want to turn nProbe into a timeseries tool able to create timeseries from flow records (for instance from sFlow counter samples) that will be sent to Timeseries databases such as InfluxDB. As already announced we continue to address cybersecurity needs by integrating new features for turning nProbe into a lightweight network EDR tool. Finally, in particular for Windows, we are enhancing local system monitoring capabilities to have a clue what process accesses what system/network resources.
- ntopng: we are targeting 5.2 release in spring that will bring better performance and reduced resource usage (memory and CPU) as well replace flow indexing based on nIndex with a full-fledge and scalable solution based on ClickHouse (stay tuned that we will announce it next week). We are modifying the web GUI to make it less table-oriented as it is today and more graphical to implement better reports and greatly enhance analytics that didn’t change since long time. We also have plans for creating a query language for accessing ntopng information so that users can create new traffic checks and custom timeseries in seconds. This should pave the way to turning finally ntopng on a tool (also) for non-programmers that can extend it as needed in order to address super-custom needs (how much traffic host X has sent to hosts located in the EU using HTTPS that was not for a CDN?).
- n2disk: we want to implement on-the-fly pcap encryption (i.e. during packet dump) as well enhance indexing capabilities perhaps exporting metadata to ClickHouse to be more integrated with ntopng.
This is not our complete roadmap for 2022, but what we plan to do for the coming months. Please feel free to contact us on Discord or Telegram to interact with the ntop team and provide feedback and directions.
Finally, we need to enlarge the ntop core team and we’re hiring. You can read more here: please apply if you like what we do and would like to be part of our team.