NetFlow has been around for a long time, which doesn’t mean tools that leverage it can’t be honed.
That’s what the founders of Plixer International thought over five years ago when it looked at the technology (first developed by Cisco systems Inc.) for collecting IP traffic information for monitoring.
This month the company released version 11 of its Scrutinizer flow analyzer, which it says has enhanced capabilities to identify cyber threats, refined reporting tools and a more flexible pricing mechanism.
“You can use our solution to not only troubleshoot application performance but also, when it sitting there, it’s doing its job looking through the flows and checking for abnormal behaviours,” said Plixer founder and CEO Michael Patterson.
Added to this version is support for Cisco’s new Application Visibility and Control (AVC) capability, which lets administrators prioritize business applications on the network, Patterson said. AVC also can find alternate paths on congested networks to ensure quality of service.
AVC gives metrics on latency, re-transmits of data, packet loss, jitter and the HTTP host of Web sites and other useful Layer 7 information.
At Cisco’s request, Patterson said, Plixer built a new set of AVC monitoring and reports into Scrutinizer 11.
There’s also integration with Cisco’s ASA firewall and its ICE identity engine — or any authentication engine — which allows Scrutinizer to map user names to IP addresses. That way it can identify who authenticated a problem IP address.
In addition, Scrutinizer can leverage ASA’s ability to export ACL (access control list) identifiers. Those come in HEX codes, which are baffling to many IT staff. Scrutinizer can now download user-friendly definitions of the ACLs.
Another new feature is a four-quadrant threat heat map to better give administrators a graphic idea of which problems are most important.“Normally when you get alarms you get a list,” Patterson said, “and the ones with the highest count go to the top. We created an index and use that with the list” to plot points on the quadrants. If you’re high and to the right, the index and count is high.”
Scrutinizer is sold as a physical or virtual appliance, the last certified for VMware. The virtual version handles about 40,000 flows a second, while the physical device collects 150,000 fps. Pricing starts at US$4,995 for Windows version for up to five routers.