AI: The simulation of human intelligence processes by machines, especially computer systems that can reason, learn, and act in such a way that would normally require human intelligence or that involves data whose scale exceeds what humans can analyze. It includes expert systems, natural language processing (NLP), speech recognition and machine vision. It ingests large amounts of labeled training data, analyzes that data for correlations and patterns employing advanced analysis and logic-based techniques, including machine learning, deep learning, predictive modeling to interpret events, support and automate decisions, and take actions.
Alerts: A notification that can be sent to inform of system outages, changes, cyber events, attacks or emergencies. An alert is generated by a device (SIEM, firewall, DLP) based on the predefined, policies and rules you have programmed. IT alerts can be sent via cell broadcasts, email, or other communication methods. Alerts are the first line of defense against system outages or changes that can turn into major incidents, breaches or attacks. Alert monitoring minimizes risk of service degradation, outages, ransomware, and high-cost outcomes.
Anomaly Detection: A process for identifying unusual data points or patterns in a dataset. In IT, the process leverages AI, machine learning, and analytics to identify rare occurrences in network behavior patterns that may indicate a security threat or the potential for a network outage.
D
DDoS Attacks : Known as Distributed Denial of Service, malicious network events or requests/connections intended to flood a website or network with unwanted traffic to the point that the targeted resources become overwhelmed and inaccessible. Executed from a distributed network of compromised devices formed by the attacker, the attack floods the target with requests from many different IP addresses, slowing the network and consuming capacity until websites, externally facing systems, or servers are unreachable. Cybersecurity tools like DDoS appliances, firewalls, NDR tools, and Network Observability and Defense platforms are designed to detect and defend against DDoS attacks.
E
East-West Traffic : Traffic that occurs within an internal network, such as within the boundaries of a data center or cloud. The opposite of north-south traffic that is also known as lateral network traffic, or the traffic between internal systems. The traffic includes communication between servers, workstations, or other devices and can consist of communication between different data centers within an organization. East-west traffic does not cross perimeter security devices like firewalls or gateways.
F
Flow Data: Aggregated packet data containing 5-tuple fields within a flow, and characterizing network connections or communication channel with details including source IP, destination IP, timestamp of first and last packets, the total number of bytes and packets exchanged, and a summary of the flags used in TCP connections. IPFIX/NetFlow tools like Plixer One and Scrutinizer are used to receive and analyze Flow data to monitor the network for performance and security issues.
I
IPFIX (Internet Protocol Flow Information Export): Evolving from Cisco NetFlow Protocol version 9, IPFIX is a monitoring protocol used to collect not only the general information collected by NetFlow but a broader range of data types and volumes. IPFIX formats NetFlow data and transfers the information using UDP as the transport protocol. IPFIX was first launched in early 2008 when the relevant RFCs (RFC 5101 and RFC 5102) were published as Proposed Standards by the IETF and has since become the official industry standardization of NetFlow for all flow-based monitoring protocols. Plixer leverages IPFIX in Scrutinizer and Plixer One to gather detailed network traffic information, including metadata like TCP flags, packet timestamps, and other custom fields, like application-layer data, giving it a higher degree of extensibility to enhance observability.
Incident Response : A process that involves preparing for, identifying, containing, eradicating, and recovering from a security event or an unplanned activity. The goal is to manage and reduce the potential for adverse impact, restore normal operations, and prevent future incidents.
L
Latency: The delay in communications or network data transmission between devices, often impacting performance and user experience. It shows the time that data takes to transfer across the network. Networks with a longer delay or lag have high latency, while those with fast response times have low latency.
Logs: A collection of digital records that document events occurring on a computer network, system, application or device, providing valuable insights into system health, user actions, potential security threats, and troubleshooting information by recording details like login attempts, file access, network traffic, system errors, and configuration changes across the network and its devices. Logs essentially act as a “journal” of everything happening within a system or environment. The most common types of logs include Network Logs, Application Logs, Security Logs, System Logs and Firewall Logs.
Lateral Movement : Movement within the boundaries of a data center or cloud, between servers, workstations, or other devices. It can include movement between data centers connected and maintained by a single organization.
M
ML: This is the backbone of AI, where algorithms learn from data without being explicitly programmed. It involves training an algorithm on a data set, allowing it to improve over time and make predictions or decisions based on new data.
MTTR (Mean Time To Respond) : A key metric to building an efficient incident management process and measuring the average time it takes to address incidents. The ‘R’ is often interpreted as ‘Respond’, ‘Recovery, Repair’ or ‘Resolve’ each centered on specific tactics to drive efficiencies. At Plixer, we have centered MTTR on ‘Response’ and providing customers with the means to ensure prompt and efficient response to incidents, improving incident response procedures, and enhancing cross-functional communication.
N
NetFlow: A network monitoring protocol developed by Cisco and widely used for collecting metadata about IP traffic flows across network devices such as switches, routers, load balancers, hosts, etc. NetFlow captures metrics about the volume and types of traffic traversing a network device. NetFlow functionality is built into network devices to enable devices to collect and export data to other systems for analysis or storage. The details of flow data captured with NetFlow include the timestamp of a flow’s first and last packets, the total number of bytes and packets exchanged, and a summary of the flags used in TCP connections. With network traffic analysis from solutions like Plixer One or Scrutinizer, NetFlow gives you deep visibility into the network and application performance without the load on the network that deep packet monitoring or active traffic monitoring causes.
Network Visibility: The next level in a network monitoring strategy which is centered on proactive awareness of everything moving through the IT network. Network visibility goes beyond monitoring data flow, device performance, and system security to ensure everything works seamlessly in the network. It is a critical IT process to discover, map, and monitor IT networks and network components, including routers, switches, servers, firewalls, and more to see across the entire digital footprint and be aware of everything in and moving through the infrastructure. Network Visibility uses a combination of network tools, each with specific purposes and limitations, to help monitor network activity, performance, traffic, data analytics, and managed resources. Visibility is often limited to data absorbed from select points on the network that offer the most visibility. Plixer One and Scrutinizer provide a 360-degree view into the network, receiving data from all network infrastructure components at the perimeter, through the data center, at the edge, and in the cloud.
Network Observability : The ability to gain deep insights into network performance, security, and behavior through telemetry, flow data, and analytics.
Network Performance Monitoring and Diagnostics (NPMD): A set of processes and tools that IT operations uses to understand and visualize the performance of applications, the network, and infrastructure components. Capabilities enable effective monitoring, analysis, and diagnosis of network performance issues and potential for service degradations related to applications and infrastructure components, as well as identifying and resolving issues affecting end-user experience and optimizing overall line-rate performance. Plixer delivers network performance management and diagnostics solutions to ensure network health, improve efficiency in diagnosing issues, conduct root cause analysis, and guarantee scalability and availability.
Network Detection and Response (NDR): A cybersecurity technology that utilizes advanced analytics, machine learning, and behavioral analysis to detect suspicious or malicious network activity. NDR tools examine network packets or traffic metadata, to identify anomalies signaling the potential for threats or attacks on the network, enabling proactive threat response. An NDR is often used as a complementary tool within a broader Security Operations Center (SOC) strategy. essentially, and goes beyond traditional signature-based detection to identify unknown threats through behavioral analysis of network traffic, artificial intelligence and machine learning. Plixer AI-driven Network Observability defense capabilities allow SOC teams to detect, investigate, and respond to hidden threats and malicious activity active in the network and stop data exfiltration and ransomware before impact to business and customers.
NetOps: An operational strategy commonly known as Network Operations that focuses on rapid deployment agility and establishing and maintaining the standard operating procedures for the digital infrastructure.
North-South Traffic : Traffic that enters and leaves the boundaries of the data center and the cloud. The opposite of east-west traffic. Commonly referred to as vertical traffic, it is communication between internal networks and external entities. It is essential for accessing external resources like websites, email, and cloud services. North-south traffic crosses the network perimeter and thus requires firewalls, VPNs, IDS or gateways to secure and control the traffic.
P
Packet Capture (PCAP) : A method of intercepting and recording network data packets passing through the network for troubleshooting and forensic investigation. The data packets recorded (or captured) are downloaded, stored or analyzed to identify trends, security issues, troubleshoot networks, and more.
Plixer Replicator: A high-performance UDP packet distributed designed to serve as the single point of data distribution within a network, ingesting packet data and replicating it to any number of collectors, such as an XDR, SIEM, SOAR, Flow Collector, or analysis engine.
Plixer One: A Network Observability and Defense platform, designed to optimize visibility and security at every point in your network infrastructure. The unique platform combines network.performance monitoring with AI-powered network observability, threat detection, and response capabilities, leveraging source-enriched data from your hybrid environment. It unveils the most intricate details of hidden attacks, nefarious events, and indicators of network stress affecting service quality and reliability.
S
SecOps: The strategy that combines security and IT operations to improve an organization’s cybersecurity. Different from the SOC (security Operation centers) which serves as a team that works in isolation, it represents the holistic approach to security an organization adopts that helps security and IT operations teams work together to protect an organization effectively.
T
Telemetry: Collected and enriched network data from various network components, applications, endpoints, logs and traces that when analyzed allow for effective network monitoring, management, and security across an IT infrastructure. It is often referred to as a technology or process that automates the measurement, collection, and transmission of data from remote, inaccessible, or distributed sources to centralized IT systems.
Throughput : The amount (or volume of data that passes through a network in a given time period. It is usually measured in bits per second (bps), megabits per second (Mbps), or gigabits per second (Gbps), and represents the actual rate at which data is transferred over the network.
Traces: A record of the flow of requests and transactions in a system to provide a comprehensive view of the system’s components and overall behavior. It provides numerical data on system performance to analyze trends and monitor the system’s current state.
Threat Intelligence : Data or information that has been aggregated, transformed, analyzed, interpreted, or enriched to provide the necessary context for the IT and security decision-making processes. Information that helps organizations effectively identify risks to an organization’s core asset and respond to cyber threats.
Z
Zero Trust : A cyber security model based on maintaining strict access controls. It requires continuous verification of user, device, and other factors rather than assuming trust. Key principals of the strategy require multi-factor user authentication before granting access; data protected in transit, use, and at rest; Networks segmented and monitored for unauthorized access; applications restricted to only what is essential.