Exclusives

Feeling Your Flow with Plixer

When I was at Cisco Live at the end of June, I saw a big bright booth with lots of demo stations set up out front. I’m the kind of person that enjoys a good demo, so I walked over and started chatting with some of their booth people. As it turns out, Plixer has some great things going on in the traffic monitoring space.

Go With The Flow

I spoke on the phone with Bob Noel, Director of Marketing and Strategic Partnerships. Bob gave me a great overview of Plixer and their solutions. They’re based in Maine, which I found a bit odd at first. But, as Bob explained, there are close enough to Boston to be very involved in the tech community there. Plixer has a lot of customers for their two main products, Scrutinizer and FlowPro.

Scrutinizer is the product that most everyone would be familiar with in their lineup. It takes flow data from network devices and aggregates it into a database. What kind of flow data, you ask? The most common answer is Cisco NetFlow. Cisco has spent millions of dollars on developing NetFlow to provide information to network monitoring tools and other Cisco monitoring suites. Plixer Scrutinizer can take this NetFlow data and aggregate it as well. They can also work with IPFIX, the industry-standard version of NetFlow, and other proprietary flow protocols like jFlow, sFlow, and FlexibleFlow.

Scrutinizer can take the data that you feed to it and produce some great information that you can take action upon. This is great not only for the network operations teams, but for security incident response as well. Think back to something as recent as WannaCry, the malware tool that spread via SMBv1. Many organizations that were interviewed after being infected said there were unaware that they were even running SMBv1 in their organizations. But, with a tool like Scrutinizer, the flow export data could have shown them a huge increase in the amount of SMBv1 traffic between hosts that shouldn’t have been using it. That could have started the incident response system inside an organization. And perhaps that could have led to a faster remediation for something that cause significant harm and became the launching ground for a new wave of attacks.

What about devices that don’t have native flow exporting capabilities? That’s where the second product, FlowPro, comes into play. FlowPro functions more like a traditional network sensor probe, collecting information from devices that can’t export the data or are forced to rely on things like SNMP. FlowPro boxes normalize that data and send it along to the Scrutinizer database. FlowPro can also be configured to monitor DNS attacks and data exfiltration attempts, as well as VoIP quality metrics and other application monitoring needs.

Capturing The Context

So, where is this all leading? What’s the end goal of Plixer and their solutions? Well, as it turns out, Plixer isn’t trying to sell you something you don’t already have. They’re just giving you a better way to access it.

The network has long held mountains of data. There have been many ways to extract that data in the past, starting with NetFlow v5 and going all the way up to the next Intuitive Network campaign from Cisco. But at the end of the day, just having that data available to you isn’t going to do you much good unless you can collect it in one place and do something about it.

That’s where Plixer comes into play. Scrutinizer and FlowPro can help you collect all the data that’s been floating around your network and put it in a place where you can do something with it. And not just the network data either. Plixer gives you the tools you need to pull all the data from the network and other systems, such as VMware, Ixia, and Gigamon. That can give you a holistic view of your entire environment and help you understand where your problem areas are now and make sure you don’t have any problem areas later on.

Putting It All Together

Plixer gives you a great set of tools that you can use to build your organization’s data collection and incident response teams up to be better. By giving these groups more access to the data coming out of your network, they can help you by providing a bigger picture of what’s going on and how you can better leverage your strengths to make life easier for your customers and users.

If you’d like to learn more about their solutions, please visit http://Plixer.com.

About the author

Tom Hollingsworth

Tom Hollingsworth is a networking professional, blogger, and speaker on advanced technology topics. He is also an organizer for networking and wireless for Tech Field Day.  His blog can be found at https://networkingnerd.net/

Leave a Comment