The following article, “Scrutinizer Brings Flow Analytics to SMBs“, written by David Diaz, was recently featured on TechCrunchIT.

David points out that with the low initial cost for Scrutinizer NetFlow & sFlow Analyzer, it is a very affordable Flow Analytics solution for small and medium-sized businesses.

This flow analysis tool can also be deployed centrally and accessed globally via the web interface.  What this means is that one install of Scrutinizer can provide network management information for your entire network and accessible by everyone on the network management team, regardless of geographical location.

Read more »

Well it looks like our run of nice weather has ended here in Southern Maine. Saturday we had our first snow of the year. It was kind of a nice touch to be at a holiday party and have the snow falling outside. And then to wake up Sunday morning to find that the view outside your window is like that of a Currier and Ives winter print.

A couple of weeks ago I began a series of blogs that introduces you to the new Flow Analytic tools that are available with Plixer International’s latest NetFlow and sFlow analysis tool, Scrutinizer v7.3.

Today I will be introducing you to the third of the four new analytic tools now available with Scrutinizer v7.3. The Breach Attempt Violation looks for many small flows from one source to one destination. This can indicate things such as a “brute force” or “dictionary” attack. 

Read more »

Many companies are primarily concerned with Internet security threats.  I feel that majority of security threats are derived internally. According to Forrester Research, the majority of security breaches involve internal employees, with some estimates as high as 85 percent. Read more »

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter

With the release of Scrutinizer v7.2 last month we offered an upgrade/migration path for those customers running Scutinizer v6. I have had some customers ask, “Why should we upgrade” or “What will we gain from Scrutinizer v7 that we don’t have now?”

The updated release of Plixer’s network traffic analyzer last week made the answer to that question very clear.

Read more »

After a lot of work, we have support in Scrutinizer v7.3 with Flow Analytics for NBAR with Flexible NetFlow.  My contact at Cisco Jean-Charles <below> gave us some help. I wish we had him as a resident Cisco NBAR and NetFlow expert.  Read more »

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter

Plixer International, developers of a market leading NetFlow and sFlow analysis tool set, today released Scrutinizer NetFlow & sFlow Analyzer version 7.3, bringing network traffic analysis software to the next level.

With the latest release of their NetFlow analyzer, Plixer has introduced several new report types, including NBAR reports. Cisco’s NBAR technology does deep packet inspection into the traffic moving through the router to identify the applications being used by hosts. For example; H323, Telnet, RTP, Exchange and Skype are identified and exported in NetFlow.

“We feel, and have felt for some time, that Flexible NetFlow has the potential to expand greatly on the level of information that can be reported on by standard NetFlow,” says Plixer CTO, Marc Bilodeau. “With Scrutinizer NetFlow & sFlow Analyzer version 7.3, Plixer is leading the pack in not only the adoption of Flexible NetFlow, but in the implementation of its key advantages over other versions of NetFlow.”

Read more »

Jon Mills
Marketing & Public Relations Manager
Follow Me On Twitter

“What do I get with the enterprise version of Scrutinizer?”

I’ve been getting this question frequently, so I figured: Why not write a quick blog?

Since Flow Analytics and Scrutinizer v7 have a fantastic symbiotic relationship, lets consider seven reasons to upgrade your free version to include a licensed copy of Flow Analytics.

Read more »

If you are running Scrutinizer v7.01, the Cisco ASA interfaces don’t show up in the Status tab yet. It was a philosophical decision. Here’s why:

The ASA running v8.2.1 exports bidirectional NetFlow!  This is unlike anything else we’ve seen.  In nearly all NetFlow exports v5, v9, IPFIX etc. flows are exported in one direction (i.e. A -> B and then a separate flow for B -> A).   This is true for ingress or egress NetFlow. For Example: lets say A -> B creates a flow of 200KB.  Then in return:  B -> A causes a 2nd flow of 40KB. Well, the developers of the ASA decided to be unique and add the two flows together and export A -> B 240KB!!!!  The two added to each other is called a bidirectional flow.

Because of this, when we calculate the percent utilization using NetFlow (i.e. not SNMP) by adding the total flows together we overstate InBound/OutBound utilization in the Status tab. We are talking with Cisco about this unconventional export method. We have no definitive news yet.

NOTE: The ASA also doesn’t support an Active Timeout causing huge spikes in the graphs and thus making network traffic analysis kind of tricky when traffic that occurred over several minutes shows up in a single minute!

If you are seeing some screwy results with ASA and NSEL, the above is why. Anyway, everyone can blame Mike for not sticking the data in the Status tab!

Here is a pic of our  ASA:

Need help configuring NetFlow export from the ASA?  You can also setup NetFlow exports up using Cisco ASDM. Make sure you have watched the Cisco ASA and NetFlow training video.

____________________________________
Jim Dougherty aka "Jimmy D"
Lead PreSales Support Engineer and
Netflow Evangelist for Plixer International!

Follow me on Twitter
http://twitter.com/jimmydnet
____________________________________

Is your network compromised? Network scans, illegal applications? Want to view the top ten Conversations across your network? How about setting DNS resolution to occur automatically on a regular basis? Or send a syslog when a set threshold is exceeded based on criteria set in a saved report?

With Scrutinizer v7 and Flow Analytics as your network management tool, all of the above can easily be managed and reported on.

Read more »

The Russian Business Network (commonly abbreviated as RBN) is a multi-faceted cybercrime organization, specializing in and in some cases monopolizing personal identity theft for resale.

Family Business Robbed On-Line
Patco Construction a family owned company was impacted by a cyber crime that may have involved the RBN. Read more »

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter