I don’t remember where we saw it, but there was a report that stated there were 102 unique vendors that released a NetFlow tool in 2008.
I don’t know how accurate that is, but I can definitely confirm that if you go to Google.com and search the key word NetFlow, you’re going to get a LONGGGGGGGG list.
So with a plethora of options and little time to evaluate, what does Scrutinizer offer that might make it worth…scrutinizing? (Sorry, couldn’t help it)
Here’s five compelling reasons to take a look at my product:
I took a call the other day from a customer who asked, “How do I set up my router to send NetFlow to Scrutinizer?” This is a question that I get on a pretty regular basis, so I strapped on my router config hat and got ready to throw out the typical IP FLOW commands to get the flows going. But then I asked for the model of the router. “It’s a Cisco Nexus 7000,” the customer told me. I found that this device does not run the usual IOS that we have all come to know and love. It runs Cisco’s NX-OS. And Cisco’s NX-OS CLI is completely different.
Cisco NX-OS supports a flexible architecture that allows a user to collect different data for different applications per interface. It allows you to define an optimal flow record for a particular application by selecting the keys from a large collection of predefined fields, whereas the Cisco IOS Software supports one flow mask and export pair for the entire chassis.
Well it looks like our run of nice weather has ended here in Southern Maine. Saturday we had our first snow of the year. It was kind of a nice touch to be at a holiday party and have the snow falling outside. And then to wake up Sunday morning to find that the view outside your window is like that of a Currier and Ives winter print.
Today I will be introducing you to the third of the four new analytic tools now available with Scrutinizer v7.3. The Breach Attempt Violation looks for many small flows from one source to one destination. This can indicate things such as a “brute force” or “dictionary” attack.
Let me start by saying, I hope that everyone had a great Thanksgiving. At our house, we fried two turkeys this year. It was the first time that we attempted this, and after reading all the warnings that came with the new fryer, I guess the fact that no one got hurt means that the holiday was a success.
With the release of Scrutinizer v7.2 last month we offered an upgrade/migration path for those customers running Scutinizer v6. I have had some customers ask, “Why should we upgrade” or “What will we gain from Scrutinizer v7 that we don’t have now?”
The updated release of Plixer’s network traffic analyzer last week made the answer to that question very clear.
Apparently the Cisco ASA is becoming a popular appliance for securing today’s businesses from the uglies that plague the Internet. More specifically, the ASA running v8.2.1 or newer exports Flexible NetFlow (a variant of NetFlow v9). Why is this so cool?
The Key Advantages of using Flexible NetFlow on Routers:
A) User configurable ability to monitor a wider range of packet information which produces new information about network behavior: In other words, we can specify exactly what we want. This is useful if you are trouble shooting and looking for very specific information that isn’t exported in traditional NetFlow (e.g. MAC addresses, VLAN IDs, NBAR, etc.).
B) Enhanced network anomaly and security detection: Basically, Flexible NetFlow can monitor more deeply inside packets. What could these mean to the market for NBAD solutions?
C) Convergence of multiple accounting technologies into a single mechanism: This is basically reinforcing the above feature of collecting on any specific information but, using it for different purposes. For example, maybe the NetFlow volume is so high that you have to use sampling. This could throw a wrench into your accounting and billing plans as they likely won’t be accurate without 100% traditional NetFlow capture. Flexible NetFlow allows you to have a sampling export as well as other exports specific to traffic type (e.g. IP subnet) occurring simultaneously.
Hello, my name is Scott Robertson, I am the newest member of the Technical Support team here at Plixer International. I come to Plixer after working as a Software Support Specialist at Xerox.
This is an exciting time for me as delve into the world of network diagnostics & bandwidth monitoring and I begin my support role at Plixer. There are new processes to learn and new people to meet. And so far things are progressing nicely. And just as I am new to the Plixer family, there is a new Scrutinizer v7 update available today. I invite you to check www.plixer.com/support/availableupdates.php for the latest software that Plixer International has to offer. Read more »
“Let us so live that when we come to die even the undertaker will be sorry.” – Mark Twain
I’ve always known that my boss was a fierce businessman. He has that drive that is essential in making a company successful, and I’ve found that admirable, since I’m not much that type of person. But my mistake was in assuming it was just with his business alone…
For the sake of protecting the innocent, *cough* I will call my boss “Jack” and our coworkers “Scott” and “Sally”.
Yesterday Jack and I ran out of the office for a brief meeting across town. As we were wrapping up our business and getting ready to pull out on to Main St., we noticed some co-workers driving by, heading back to the office. So we did what was natural…we honked and waved.
Jack pulls out and we’re heading back to the office. As we find ourselves gaining on our colleagues, Jack begins to gun it in an attempt to pass them, since they were still at a dead stop at a traffic light that just turned green. Our co-workers Scott and Sally were not oblivious to Jack’s plan. There was a chirp to Scott’s tires and the race began.
Guys, it was Lemans in downtown Sanford, Maine – I kid you not.
About 1/4 of a mile down the road from the light, which I would call the starting line, was a newly installed rotary. This rotary is already deadly, since it’s small, and nobody seems to be able to wrap their heads around how it works.
So we’re barreling down the road and I can see in Jack’s eyes that he wants to pass Scott at the rotary. I’m just really glad that Scott didn’t leave any room for him to do so. As we come out of the rotary and the lanes merge into one, Scott is ahead, with Jack in close pursuit.
At this point, I thought the race was over.
I’m such an idiot…
Our office is part of a commercial community made up of a shipping company, an architectural firm and a secular college, so we have a considerable parking lot to accommodate all of us.
In order to gain access to the building, you have to first enter from a side street. Scott was already at a stop and signaling his left turn onto this side street, but waiting for some oncoming traffic to pass. To Jack, this race was NOT over; so while stopped behind Scott, Jack decides to cut him off and beat him to that side street. Jack makes the sharp left and gets to the side street first.
There, Jack is the winner. There’s no way that Scott could pass us now.
However, that’s where I underestimated him too.
As Jack and I are coasting our way to the parking lot in victory, we are surprised to see Scott’s grey Honda Accord barreling across this open field, which was a mud pit by the way. If his car made it through that field, Scott could win.
To my dismay, Jack floors it. Realizing how close this race was going to be, Jack made the decision that he would have to ignore the median up ahead. Sure enough, we did a Dukes of Hazard jump over the median in his Sport Trac.
So here comes both vehicles like bats outta hell. Both cars beaten, one muddied and both definitely overworked for their class, come barreling into the parking lot. Both drivers presented some pretty impressive parking skills… well, more like… jackknifing into their respective park spots.
Finally, the contest ended with three grown men all running to make it to the top of the steps. I was embarrassed. But at the same time, it was really funny. To end it all, Jack sealed the win by making it to the top of the steps first and doing his Rocky dance.
Which leads me to my moral of the week: Let the Boss win.
Plixer International Inc. today announces the release of Flow Analytics version 2.0, an add-on module for their Scrutinizer NetFlow & sFlow Analyzer tool. Flow Analytics works to ensure network health and stability by analyzing NetFlow data and alerting IT administrators on potentially hazardous traffic patterns.
Plixer has utilized various resources to create a pool of known compromised hosts on the internet, which no host on the network should be communicating with. The list is updated within Flow Analytics every single hour. Flow Analytics scrutinizes every flow, as it comes in, to ensure that there is no communication with any of these potentially dangerous hosts.
Version 2 of the Flow Analytics module brings a host of new in-depth network traffic reports, found in easy to configure Scrutinizer gadgets.
New gadgets include:
• Top Inter-network Traffic, which shows subnet to subnet traffic.
• Top Applications, with the ability to alert for applications which should not be on the network.
• Top Transport, with the ability to alarm for protocols (e.g. TCP, UDP, IGMP, etc.) which should not be on the network.
• Top Sending and Receiving Countries
• Top Sending and Receiving Domains
• Network Volume, which reports on the number of unique hosts or applications in the last 5 minutes versus the last 30 hours.
Each report runs across potentially hundreds of routers after deduplication, not just per interface/per router.
There are also new network behavior analysis algorithms, which sift through network traffic looking for illegal scans such as NULL, FYN, SYN, Invalid Subnets, XMAS Tree, and more; all of which can lead to worm attacks.
In support of the new Flow Analytics module, Plixer has also released Scrutinizer NetFlow & sFlow Analyzer version 6.0.5. This new version includes minor bug fixes, user interface enhancements and improved support for Flow Analytics.
Does your curiosity ever extend to how Plixer International began? When the company was formed, why it was named Plixer, where the idea of the company was born?
NetFlow tool in 2008.
Today I will be introducing you to the third of the four new analytic tools now available with Scrutinizer v7.3. The Breach Attempt Violation looks for many small flows from one source to one destination. This can indicate things such as a “brute force” or “dictionary” attack.
