Scrutinizer Collects Network Related Metadata for Analysis
Metadata is “data [information] that provides information about other data”. – Wikipedia
100% visibility of all the traffic passing through your network is vital for security and maintaining optimum performance. One way of achieving that would be to use a packet capture tool such as Wireshark to capture all the traffic and sift through it manually but that would be arduous, to say the least.
Most modern network infrastructure devices such as routers, firewalls, switches, wireless LAN controllers and so on, are capable of generating rich, yet lightweight, metadata about the traffic passing through them. This metadata, such as NetFlow or IPFIX, is then be sent to Scrutinizer for collection, storage and analysis. Its lightweight nature means your organisation can store a lengthy and detailed history of all its network traffic indefinitely, the only limitation is storage capacity.
After the NetFlow or IPFIX is collected by the Scrutinizer virtual appliance it is then stored internally within a proprietary high performance database for fast retrieval when called upon for reporting and analysis.
Using Scrutinizer for Network Security Analysis
After Scrutinizer begins collecting and storing NetFlow or IPFIX you can then enable the many security analysis algorithms that are used to detect suspicious behaviour. Please note that if you are running a trial of Scrutinizer these algorithms are turned off by default and you will need to manually enable each one. This is a simple process of ticking boxes and selecting the network devices you want to monitor.
Every network is different and each customer organisation has their own definition of what “normal” behaviour looks like. For this reason Scrutinizer spends some time, typically a week or so, monitoring traffic and building a unique baseline for your network. Scrutinizer then uses the algorithms you have enabled to look for indicators of compromise (IOC’s). These IOC’s are then fed into an IOC correlation engine which gives you a single view of potential security issues, enabling them to be instantly and easily prioritised for resolution.
Using Scrutinizer for Network Performance Analysis
Finding the root cause of network congestion and poor performance is another common use case for Scrutinizer. The network mapping functionality of Scrutinizer is great way for all members of the network team to monitor at a glance the performance status of every network link. Many of our customers have Scrutinizer’s network map displayed on a large screen for this purpose.
When a link on the network map turns from green to orange or red a member of the network team can immediately dive straight into Scrutinizer and learn the exact root cause of the congestion or poor performance.
Reporting in Scrutinizer can easily be configured to automatically alert appropriate members of the network team via email, SMS, syslog and other methods so they can proactively address the issue(s) before they begin to affect user experience.