scrutinizer logo

Forensic Investigation with Flow Data

The Scrutinizer System

Scrutinizer™ is at the foundation of the Plixer incident response and behavior analysis architecture. It is available as a physical or virtual appliance, or as a windows download. Scrutinizer performs the collection, threat detection, and reporting of all flow technologies on a single platform. It delivers real-time situational awareness into the applications and their historical behaviors on the network.

Enterprise Visibility

  • Massive scalability, supporting dozens of distributed collectors
  • Capable of archiving and analyzing several million flows per second
  • Topology mapping with active links
  • Deduplication and stitching across collectors

Individual Appliance

  • A single flow collection system supporting over 2000 flow sources
  • Collect up to 200,000 flows per second
  • All flow technologies supported on a single system (i.e. NetFlow, sFlow, IPFIX, J-Flow, NetStream, etc.)

Flow Analytics

  • Forensic audit trail reporting
  • Threat Detection of odd traffic patterns
  • Threat reputation support
  • Threat Index™ indicates weighted threat severity over time.
  • Archiving of raw data for decades

Advanced Reporting

  • Additional reports for Cisco, Palo Alto, Citrix and dozens of other vendors
  • Behavior Baselines and alerting based on abnormalities, compared to historical trends
  • Custom threat detection algorithms
  • Integration with Cisco ISE or Microsoft for end user name identification
  • Design and build custom reports for exports from any vendor (e.g. Cisco NBAR, AVC, etc.)

Multi Tenancy

  • Support for hundreds of unique login accounts with access limited to specified data
  • Billing and invoicing support

FlowPro Defender™

  • Extends flow support in areas where NetFlow, sFlow, or IPFIX are not available
  • Detailed metrics on applications, response times, and usernames
  • Exports NetFlow and IPFIX

Flow Replicator

  • Eases the forwarding of flows from routers, switches, or servers to multiple collection systems
  • High speed architecture capable of 10GbE wire speeds
  • Leaves the originator address in tact
  • Available as in hardware or as virtual appliance

Additional Functions
Third Party Support and Cross Check is part of Advanced Reporting. It consolidates application alerts or errors and helps alleviate device naming inconsistencies between applications. The status of 3rd party applications is reflected in the Scrutinizer network maps.

Flowalyzer™: Real-Time Tool Kit for testing and configuring hardware or software for sending and receiving flow data.
Failover: For mission critical 100% availability.

    Recent NetFlow Analysis Blog Entries

    • In my previous blog, I discussed what Cisco IWAN is, and the benefits it brings to multi-branch offices connected to an MPLS WAN. Today’s topic continues that discussion by explaining the process of configuring Cisco Dynamic Multipoint VPN (DMVPN). To recap my previous post, DMVPN is an efficient solution for dynamic secure overlay networks. DMVPN combines […]

      The post Cisco DMVPN Configuration appeared first on

    • The Barracuda IPFIX configuration is very easy, and the subsequent flow exports offer network administrators enhanced visibility into the traffic moving in and out of highly dynamic, and security-critical network environments. The Barracuda NG Firewall gives administrators granular control over applications and data streams, allowing them to define rules for forwarding data traffic using the […]

      The post Barracuda IPFIX Configuration appeared first on

    • Every day we see more and more stories about security breaches across the globe. With there being so many new cyber security threats coming out the need for traffic analysis and a strong Cyber Incident Response plan has never been so high. In part one and part two of this series, we demonstrated that by combining […]

      The post Cyber Incident Response Plan (Part 3) appeared first on

    • After analyzing their export, Ziften ZFlow reporting support or Ziften IPFIX support is now supported by our flow collection system. Per their announcement recently at the RSA conference, Ziften joins the ranks of dozens of other vendors who are supporting IPFIX with extensions. Keep in mind that ZFlow is not a new version of IPFIX, […]

      The post Ziften ZFlow Reporting Support appeared first on


    "We have used Scrutinizer on multiple troubleshooting opportunities to isolate what type of traffic was causing the heavy utilization and also what offending devices were doing it. Scrutinizer has more than lived up to its expectations."

    Danny, Pension Benefit Guaranty Corp