Keeping tabs on the performance of an SMB’s network is a necessary, and often laborious, task. System admins need to be able to know if and where problems are occurring on their network. Network monitoring tools are useful because they can alert a user when a pipe is clogged; however, receiving an alert will not help a system admin identify the source of the clog. Packet analyzers solve this problem when used for specific links, but deploying and monitoring them throughout an entire network would exceed most SMB’s resources given the overhead. As a result, many companies are turning to flow analyzers, which capture and process data from flow technologies, such as Cisco’s NetFlow and sFlow, to monitor their network.
Plixer International, a company devoted to measuring network performance, is deploying significant updates to its SaaS flow analysis tool, Scrutinizer. The updates are designed to save system administrators time by creating a new reporting tool, the matrix, as well as by correlating data across the routers and switches; instead of simply giving views from individual routers. Additionally, the updates will provide statistics from Cisco ASA firewalls and have full support for NBAR definitions.
Scrutinizer, entering version 7.5, gives a holistic view of what is happening on a company’s network by correlating the data from different flow technologies. Other flow analysis products simply give this high end view; however, with Scrutinizer 7.5, system admins are able to then drill down into specific parts of the network, such as hosts, applications, and protocols, in order to identify what is consuming network bandwidth. In addition to alerting an admin of a problem, Scrutinizer alerts the user to any changes in utilization. System admins can save unlimited amounts of previous NetFlow data, which include top traffic flows and raw flows, for as long as necessary. Admins are able to set traffic thresholds for specific areas and applications based on these saved reports.
Every hour, Scrutinizer will connect to a database and get a list of compromised IP addresses. Because of NBAR support, Scrutinizer only has to receive data, instead of polling the network, which saves time. Furthermore, Scrutinizer gathers information from Cisco ASA firewalls and as a result is able to find out which IP’s are generating traffic on a network; without the need for flow capable switches.
Scrutinizer 7.5 also monitors network behavior activity and helps to detect various types of attacks. The addition of a new reporting tool, the matrix, lets admins visually assess threats. Spam bots are easily recognizable. As you can see below, green-lines represent inbound-traffic, and blue-lines represent outbound-traffic. If there is an abnormal amount of green-lines coming from a specific IP address, an admin can quickly rectify the situation. This new tool also makes it easy to track and see if IPs are infected and who they are communicating with: making removal and repairs much simpler processes.
Solarwinds provides a service of similar nature, but is part of a bigger suite of products and thus the price point is often a barrier to entry for many SMB’s. NetQoS has a hardware appliance based solution that performs many of these functions, but it must be deployed on-site. Scrutinizer runs between $2000-9000, depending on the configuration, and with a yearly subscription provides updates and product support. Its fill-in-the-gap technology and relatively low price point are what will drive Plixer towards continued success.
Plixer International, founded in 1999, is a privately held company based in Maine. They have no outside funding and are profitable.