Across hundreds of flow exporting routers and switches, Flow Analytics™ delivers on:
The top Conversations
The top Applications
The top Source and Destination Hosts by bytes
The top Source and Destination Hosts by flows
The total number of unique Hosts
The total number of unique Applications
Internal threats overview and dashboard
Several other informative statistics
The NBA portion of Flow Analytics™ delivers on:
Which assets are under attack?
What threats are being missed?
Users which may not be following corporate policy.
Helpful information to determine if the business is in compliance with regulations.
Fast searching through massive amounts of data
Monitoring to ensure that the existing infrastructure investments are adequate.
Details so that you can target areas to improve the security posture.
(click to enlarge)
Network Behavior Analysis
Scrutinizer NBA is an expert system that interrogates every conversation from every host for traffic behavior pattern anomalies. Imagine all conversations across your enterprise being monitored at all times for traffic that shouldn't be there.
(click to enlarge)
Quickly sort on peculiarities of the problem and narrow down on the culprit to a specific interface.
Scrutinizer NBA continually tallies and sizes up the conversations from all flow sending devices and helps identify:
Zero-day worms, SYN Floods and DoS attacks
ICMP Destination Unreachable
Bleeding Edge Attacks
Policy violations and internal misuse
Poorly configured and unauthorized devices
Suspicious NetBIOS-based services
Excessive Multicast Traffic
Machines/users running P2P applications (even if encrypted)
All IP communications to/from tens of thousands of user accounts
Serious vs. trivial network incidents
Root causes of network slowdowns
Product Overview
Simply counting protocol volumes, user traffic levels or for interface thresholds is helpful, but many anomalies exist in a realm where typical counter detection systems don't look. Scrutinizer Flow Analytics™ complements existing security measures.
No agents need to be installed or deployed anywhere
Works by collecting NetFlow, sFlow, IPFIX and NetStream from existing routers/switches
Works differently than a typical IDS, because its focus is on numerous conversation patterns and not on individual packets
Looks at all traffic, not just periodic snap shots
Useful at the network perimeter, as well as across highly switched internal networks
Requires almost no initial configuration; however, it has a flexible modeling architecture to create additional behavior monitors
Since typical NetFlow exports don't contain the detail necessary for more involved IDS functions, such as parsing applications, Scrutinizer NBA makes forwarding decisions by utilizing proprietary algorithms that watch patterns of behavior.
Mitigation
Scrutinizer knows the ingress interface of nearly every threat, it can take action by disabling ports or making changes to the firewall and/or necessary routers to assist in mitigating and stopping the virus.
(click to take the behavior analysis tour)
Contact us to learn more about Scrutinizer Flow Analytics™.
"Before implementing Scrutinizer we would analyze IP accounting data from the routers collected for 24 hours. The biggest problem with this is your overnight traffic is mixed with your daytime traffic. Of course when an end user calls stating 'it's slow' and you ask them 'what's slow?' their normal response is 'everything'. So we did a 30 day evaluation of 5 different WAN monitoring tools and chose Scrutinizer from Plixer International. Now we can see exactly what's going on in our WAN with a few clicks of the mouse. Of course your end users will also say it was slow yesterday. Well Scrutinizer keeps history for as long as you tell it to, so you can go back and see exactly what the bottleneck was. You can view top conversations, hosts, protocols, applications; show router or switch interfaces via SNMP; view inbound or outbound WAN utilization real-time, drill in and get details of same. To sum it up, it's great to have a software tool like Scrutinizer to resolve problems quickly."
)
)
