The Scrutinizer System
Scrutinizer™ is
at the foundation of the Plixer incident response and behavior analysis
architecture. It is available as a physical or virtual appliance, or as
a windows download. Scrutinizer performs the collection, threat
detection, and reporting of all flow technologies on a single platform.
It delivers real-time situational awareness into the applications and
their historical behaviors on the network.
- Massive scalability, supporting dozens of distributed collectors
- Capable of archiving and analyzing several million flows per second
- Topology mapping with active links
- Deduplication and stitching across collectors
- A single flow collection system supporting over 2000 flow sources
- Collect up to 200,000 flows per second
- All flow technologies supported on a single system (i.e. NetFlow, sFlow, IPFIX, J-Flow, NetStream, etc.)
- Forensic audit trail reporting
- Threat Detection of odd traffic patterns
- Threat reputation support
- Threat Index™ indicates weighted threat severity over time.
- Archiving of raw data for decades
- Additional reports for Cisco, Palo Alto, Citrix and dozens of other vendors
- Behavior Baselines and alerting based on abnormalities, compared to historical trends
- Custom threat detection algorithms
- Integration with Cisco ISE, RADIUS, or Microsoft for end user name identification
- Design and build custom reports for exports from any vendor (e.g. Cisco NBAR, AVC, etc.)
- Support for hundreds of unique login accounts with access limited to specified data
- Billing and invoicing support
- Extends flow support in areas where NetFlow, sFlow, or IPFIX are not available
- Detailed metrics on applications, response times, and usernames
- Exports NetFlow and IPFIX
- Eases the forwarding of flows from routers, switches, or servers to multiple collection systems
- High speed architecture capable of 10GbE wire speeds
- Leaves the originator address in tact
- Available as in hardware or as virtual appliance
Third Party Support and Cross Check is part of Advanced Reporting. It consolidates application alerts or errors and helps alleviate device naming inconsistencies between applications. The status of 3rd party applications is reflected in the Scrutinizer network maps.
Flowalyzer™: Real-Time Tool Kit for testing and configuring hardware or software for sending and receiving flow data.
Failover: For mission critical 100% availability.
Endace Packet Capture Integration
The next version of our incident response system, Scrutinizer, will include a groundbreaking integration with Endace packet capture. Using Scrutinizer’s award winning interface, you can now download the packets related to an observed issue from the Endace probe. This helps you reduce the overall time to research and remediate issues. For those of you out there […]
The post Endace Packet Capture Integration appeared first on NetFlowKnights.com.Salesforce Data.com Used as Conduit to Push Malware
Companies using Data.com which is maintained by Salesforce could be in for an infection if they aren’t careful what they click on. These days attack vectors can come from anywhere, even the trusted resources we use. Many would consider data.com a trusted resource, but I’m starting to evaluate exactly what we consider a trusted resource […]
The post Salesforce Data.com Used as Conduit to Push Malware appeared first on NetFlowKnights.com.A10 Networks IPFIX support
We are one of the first vendors to add A10 Networks IPFIX support. Apparently the AX Series hardware that includes support for dual stack lite also provides support for NetFlow v10 (IPFIX). If you want to try it out, it is available as of ACOS 2.6.6-P4. Thunder TPS IPFIX Support was added as well. This […]
The post A10 Networks IPFIX support appeared first on NetFlowKnights.com.How a Rogue DHCP Server Works
I’d like to take the time to go through the steps on how a rogue DHCP server works. The more you know about man-in-the-middle attacks, the better you will be at uncovering the infections. Scott wrote a blog a few weeks ago that went into some more detail about detecting a rogue DHCP server and symptoms that you may […]
The post How a Rogue DHCP Server Works appeared first on NetFlowKnights.com.
Recent NetFlow Analysis Blog Entries
"We
have used Scrutinizer on multiple troubleshooting opportunities to
isolate what type of traffic was causing the heavy utilization and also
what offending devices were doing it. Scrutinizer has more than lived up
to its expectations."
Danny, Pension Benefit Guaranty Corp
No comments:
Post a Comment