The healthcare industry has been on red alert for more than a year now. Workloads have doubled and the amount of time required to maintain the network is in direct relation with this trend. Now, more than ever, beyond-perfect response times are a requirement, otherwise lives are on the line. Plixer’s healthcare customers use Scrutinizer to ensure they have a constant, real-time source of truth for the most common and most frustrating issues. This blog will focus on how to mitigate network slowdowns, improve overall visibility, and improve DNS visibility, one of the top challenges the healthcare industry faces today.

Checking the pulse

SNMP is likely the first stop for anyone checking on the health of a network. This makes a ton of sense: when you need to know surface-level information at a glance, SNMP gives you all of the details on utilization on a per-port basis. But what if you need to know what the makeup of that traffic is? Perhaps by protocol or by where it is originating from?

Using flow data, users can peer into the make-up of that traffic in a dozen different ways, which provides immense utility to the network and security teams. Let’s take a look at two examples.

Below we can see some of the basic details that SNMP gives us: interface names and utilization of each interface as a percentage of its maximum capacity.

SNMP details

Comparing this to a report that uses flow, we can look at a 24-hour view of all traffic on interface 11, broken out by the total volume for each connection. Here we can see that SMB (server message block) makes up over 11% of the total traffic in a 24-hour period. QoS policies, artificial bandwidth caps, and raw volume are the top three causes of network slowdowns and using our “Connections by bytes” report allows NetOps users to quickly investigate the root cause of these problems.

Flow report

Improving visibility

In nearly every network, the idea of visibility to and from the edge (also called north/south visibility) is common practice. If we know what’s coming in, we can put rules in place to stop what we don’t want; the same is true about data leaving the network. But what I find much less common is a well-implemented lateral traffic monitoring strategy, also called east/west monitoring. To use a common example, the most numerous devices on most medical networks are infusion pumps. These pumps need to communicate to their local server(s) over specific ports. So to understand how to better monitor lateral movement, we use Plixer Scrutinizer to report on unique connections to and from the servers from a defined range of IPs, using specific ports. From there, Scrutinizer allows users to drill into each individual connection to troubleshoot challenges in communication.

Scrutinizer report
In this example, “Internal Address” would be replaced by custom IP group labels. It has been anonymized for the purposes of this blog.

Another overwhelming visibility gap is DNS traffic monitoring; this comes up very frequently in IT healthcare environments and Plixer FlowPro paired with Scrutinizer delivers the solution in the form of 21 curated reports for DNS visibility. These reports are generated by Scrutinizer but FlowPro is needed in order to convert the raw packets into enriched IPFIX data.

Scrutinizer DNS reports

While these concepts are deceptively simple, in practice it can be much more challenging to implement a solution. This is where Plixer’s team of engineers come in; from the pre-sales proof of concept through the post-sales support, our team ensures that customers are successful. Plixer’s solutions consistently outperform the expectations of our customers because we are vendor-agnostic and have the most comprehensive support for NetFlow and IPFIX in the industry. If this has touched on an area that resonates with you, visit our page on Gartner peer insights to see why customers choose Plixer for their network operation’s needs and start using Scrutinizer to ensure the fastest resolution time for the most common network problems today.

Stephen Tutterow

Stephen is a Field Engineer with Plixer based in Atlanta, GA. He especially enjoys breaking down complex subject matter into simple steps and working with customers on implementation strategy and design. When he’s not on the job, Stephen spends his time listening to podcasts, making puns, and enjoying the company of friends and family.