Forensic Investigation with Flow Data
The Scrutinizer System
Scrutinizer™ is at the foundation of the Plixer incident response and behavior analysis architecture. It is available as a physical or virtual appliance, or as a windows download. Scrutinizer performs the collection, threat detection, and reporting of all flow technologies on a single platform. It delivers real-time situational awareness into the applications and their historical behaviors on the network.
- Massive scalability, supporting dozens of distributed collectors
- Capable of archiving and analyzing several million flows per second
- Topology mapping with active links
- Deduplication and stitching across collectors
- A single flow collection system supporting over 2000 flow sources
- Collect up to 200,000 flows per second
- All flow technologies supported on a single system (i.e. NetFlow, sFlow, IPFIX, J-Flow, NetStream, etc.)
- Forensic audit trail reporting
- Threat Detection of odd traffic patterns
- Threat reputation support
- Threat Index™ indicates weighted threat severity over time.
- Archiving of raw data for decades
- Additional reports for Cisco, Palo Alto, Citrix and dozens of other vendors
- Behavior Baselines and alerting based on abnormalities, compared to historical trends
- Custom threat detection algorithms
- Integration with Cisco ISE, RADIUS, or Microsoft for end user name identification
- Design and build custom reports for exports from any vendor (e.g. Cisco NBAR, AVC, etc.)
- Support for hundreds of unique login accounts with access limited to specified data
- Billing and invoicing support
- Extends flow support in areas where NetFlow, sFlow, or IPFIX are not available
- Detailed metrics on applications, response times, and usernames
- Exports NetFlow and IPFIX
- Eases the forwarding of flows from routers, switches, or servers to multiple collection systems
- High speed architecture capable of 10GbE wire speeds
- Leaves the originator address in tact
- Available as in hardware or as virtual appliance
Third Party Support and Cross Check is part of Advanced Reporting. It consolidates application alerts or errors and helps alleviate device naming inconsistencies between applications. The status of 3rd party applications is reflected in the Scrutinizer network maps.
Flowalyzer™: Real-Time Tool Kit for testing and configuring hardware or software for sending and receiving flow data.
Failover: For mission critical 100% availability.
Recent NetFlow Analysis Blog Entries
Over the last five years or so, I have noticed that one of the major topics we get requests for is Bluecoat NetFlow support. While it may surprise many, we have supported Bluecoat exports for quite some time; in fact, if you look back, and that’s what I intend to do, you will see that […]
The post Bluecoat NetFlow Support Recap appeared first on NetFlowKnights.com.
Good News! Plixer is growing and we have several positions open in Sales, Support and Software Development. Plixer International is one of the fastest growing malware incident response companies in the industry. Founded in 1999, Plixer works with some of the largest networks in the world. Our solutions provide a holistic view of the entire enterprise […]
The post Plixer is Growing and Hiring: Jobs in Southern Maine appeared first on NetFlowKnights.com.
A rogue DHCP server on a network is one that is not under the administrative control of the network staff. It can be a network device such as a modem or a router connected to the network by a user who may be either unaware of the consequences of their actions, or may be knowingly […]
The post Detecting Rogue DHCP Servers appeared first on NetFlowKnights.com.
Did you ever consider that using Flexible NetFlow, specifically an NBAR NetFlow configuration, could provide another aspect of network security for you? Exporting NBAR (Network Based Application Recognition) in Flexible NetFlow records provides the opportunity for deep packet inspection visibility in NetFlow reporting. Once you have that visibility, you’re just a half step away from […]
The post Flexible NetFlow: NBAR NetFlow configuration appeared first on NetFlowKnights.com.
"We have used Scrutinizer on multiple troubleshooting opportunities to isolate what type of traffic was causing the heavy utilization and also what offending devices were doing it. Scrutinizer has more than lived up to its expectations."
Danny, Pension Benefit Guaranty Corp