(January 06, 2016) — Plixer, the leader in scalable NetFlow and IPFIX analysis for incident response, announced the release of Scrutinizer v16. This update includes more extensive integration with other vendors such as Cisco, Gigamon, Splunk, VMware and Ziften. It also includes several feature enhancements such as Wildcard mask filters which can be applied in the middle of IP addresses and subnets. Multipliers are now applied to NetFlow samples and sFlow packet samples to help better reflect traffic rates. Additional enhancements have been made in the Flow Analytics engine to better identify Sentinel, NetBIOS NS and Sun RPC DDoS reflection attacks. A new index search allows terabytes of records to be searched in a fraction of a second to find a specific IP address.
“This release demonstrates our continued commitment to work with all vendors who have engineered the ability to export NetFlow or IPFIX from their hardware and virtual appliances,” Marc Bilodeau, Founder of Plixer said. “We’ve added several new features that have been requested by customers. Also, the Cisco nvzFlow and Ziften ZFlow IPFIX exports from laptops and personal devices demonstrate an interesting approach to threat detection and end system awareness.”
Splunk: Scrutinizer unifies the collection of millions of flows per second and then provides summarized details in the Splunk dashboard where the data is also searchable.
VMware: full support for 100% of all VMware VDS, DFW, ESX, VXLAN and related flow exports. Extensive reporting of all encapsulated and un-encapsulated traffic in order to follow the path connection is taking across the switched fabric.
Cisco nvzFlow: support has been added for the new IPFIX export coming Cisco AnyConnect 4.2. This new agent exports flow details directly from desktops and allows Scrutinizer to report on operating system, process name, process hash (SHA256), fully qualified domain name, GPS location and much more.
Gigamon: full collection and reporting support of Gigamon’s context-aware metadata information such as URL, TCP Sequence Number, TCP Urgent Pointer, Fragment Offset, Flow End Reason and more. These rich details allow advanced security appliances such as Scrutinizer to provide deeper insight into the traffic generated by end systems and selected applications.
Ziften: ZFlow reporting has been added and all reports are included as part of the free version of Scrutinizer.
“As a visibility platform, Gigamon is ideally placed to access, manipulate and package a wide variety of data from the network and deliver it to tools like Plixer Scrutinizer,” Ananda Rajangopal, Vice President of Product Line Management at Gigamon said.
“As we expand the contextual metadata we can generate from any stream of captured traffic, Scrutinizer can handle and search massive amounts of data quickly while also being flexible enough to utilize the new data elements. This is highly valuable to our customers in reducing investigation times and gaining new insights.”
Plixer International, Inc. is a leading threat detection and flow forensics provider focused at engineering the incident response system for uncovering unwanted communication behaviors. Rather than depending on packet signatures, their strategy uncovers unwanted communications by leveraging NetFlow, IPFIX, sFlow and other derivatives. The company was built by network and system engineers who understand the need for scalable distributed collection solutions that meet the dynamic demands of security and network professionals. Customers include Walmart, CNN, The Coca-Cola Company, Lockheed Martin, IBM, AT&T, Raytheon and Xerox. To learn more, please visit https://www.plixer.com.
Published in Press Releases 2016