D.C. Douglas Watch the Videos
Alarm Conditions

Scrutinizer Helps Answer Tough Questions

	Which assets are under attack?
	What threats did I miss?
	Are users following corporate policy?
	Is my business in compliance with regulations?
	How do I get through this mountain of data?
	How can I deal with all of these point products?
	Are my infrastructure investments adequate?
	How do I improve my security posture?

(click to enlarge)

Intrusion detection and prevention has gone beyond the firewall
When two days on-site professional services are purchased with Scrutinizer, our team will configure behavorial watches that help identify internal viruses and possible denial of service attacks. Contact us for details.

Network Behavior Analysis: Coming Q1 of 2008
Scrutinizer NBA is an expert system that interrogates every conversation from every host for traffic behavior pattern anomalies. Imagine all conversations across your enterprise being monitored at all times for traffic that shouldn't be there.

(click to enlarge)

Quickly sort on peculiarities of the problem and narrow down on the culprit to a specific interface.

Scrutinizer NBA continually tallies and sizes up the conversations from all flow sending devices and helps identify:

	Zero-day worms, SYN Floods and DoS attacks
	ICMP Destination Unreachable
	Bleeding Edge Attacks
	Policy violations and internal misuse
	Poorly configured and unauthorized devices
	Suspicious NetBIOS-based services
	Excessive Multicast Traffic

Product Overview
Simply counting protocol volumes, user traffic levels or for interface thresholds is helpful, but many anomalies exist in a realm where typical counter detection systems don't look. Scrutinizer NBA complements existing security measures.

	No agents need to be installed or deployed anywhere
	Works by collecting NetFlow, sFlow, IPFIX and NetStream from existing routers/switches
	Works differently than a typical IDS, because its focus is on numerous conversation patterns and not on individual packets
	Looks at all traffic, not just periodic snap shots
	Useful at the network perimeter, as well as across highly switched internal networks
	Requires almost no initial configuration; however, it has a flexible modeling architecture to create additional behavior monitors

Since typical NetFlow exports don't contain the detail necessary for more involved IDS functions, such as parsing applications, Scrutinizer NBA makes forwarding decisions by utilizing proprietary algorithms that watch patterns of behavior.

Mitigation
Since Scrutinizer knows the ingress interface of the threat, it can take action by disabling ports or making changes to the firewall and/or necessary routers to assist in mitigating and stopping the virus.

(click to take the behavior analysis tour)

Contact us to learn more about Scrutinizer NBA.

"Before implementing Scrutinizer we would analyze IP accounting data from the routers collected for 24 hours. The biggest problem with this is your overnight traffic is mixed with your daytime traffic. Of course when an end user calls stating 'it's slow' and you ask them 'what's slow?' their normal response is 'everything'. So we did a 30 day evaluation of 5 different WAN monitoring tools and chose Scrutinizer from Plixer International. Now we can see exactly what's going on in our WAN with a few clicks of the mouse. Of course your end users will also say it was slow yesterday. Well Scrutinizer keeps history for as long as you tell it to, so you can go back and see exactly what the bottleneck was. You can view top conversations, hosts, protocols, applications; show router or switch interfaces via SNMP; view inbound or outbound WAN utilization real-time, drill in and get details of same. To sum it up, it's great to have a software tool like Scrutinizer to resolve problems quickly." Name & Company Name Withheld

Home > Products > Scrutinizer Enterprise > Alarm Conditions