About Plixer – network monitoring for security and performance
Plixer was founded in 1999 by two ex-employees of Cabletron Systems who left to become independent consultants. While consulting they used a number of different tools to monitor network traffic for their clients. In true entrepreneurial style they decided there was an opportunity to build a tool of their own that would do a much better job. Scrutinizer, their NetFlow collector and analyser, soon became the market leader.
The success of Scrutinizer was followed by FlowPro, the flow generator with DNS monitoring capabilities, and Replicator, for aggregation, replication and distribution of flows.
All these years later, Plixer are still entirely focused on providing network visibility through the collection and analysis of network-related metadata. Everything they do helps network performance and security teams respond to incidents with certainty, and to proactively detect issues before they begin to affect user experience or compromise the protection of valuable digital assets.
In August 2018 Plixer were acquired by Battery Ventures, an international technology-focused investment firm. In addition to appointing a highly experienced management team, they have been investing heavily in product development.
Here’s a short video about Plixer:
Scrutinizer provides full visibility of every network conversation, enabling network security (SecOps) and network performance (NetOps) personnel to work much more efficiently.
It provides details of malicious activity and quickly determines the causes of issues such as high bandwidth use, jitter and latency. Scrutinizer’s highly intuitive interface enables easy resolution of network issues and proactive ongoing monitoring.
How does Scrutinizer work?
Most of the network infrastructure devices in your organisation, such as routers, firewalls, switches, wireless access points and so on, are capable of generating rich and detailed metadata about the traffic that is flowing through them. Examples include NetFlow, IPFIX, sFlow, Jflow and Junos Traffic Vision, but there are many more. Scrutinizer collects this metadata and provides comprehensive reports to tell you exactly what is going on. Scrutinizer also contains sophisticated algorithms that analyse the metadata and provide alerts on suspicious activity.
Another way to gain visibility of network traffic would be to capture and record all of the network traffic, but this would consume a large amount of storage capacity. The metadata collected by Scrutinizer takes up very little storage so it can be kept for as long as you need it. A full set of storage parameters is available in the Scrutinizer user interface, along with a handy calculator, and you can adjust it as needed.
In addition to all the standard reports, Scrutinizer also contains a report designer that enables users to create their own custom reports to show the exact information they need.
Watch the following short video about Scrutinizer:
Common use cases for Scrutinizer
Our customers often choose Scrutinizer for:
a) Security analysis
b) Network performance monitoring (NPM)
c) Employee productivity monitoring
- Scrutinizer is a powerful tool for both comprehensive network security analysis and network performance monitoring.
- Scrutinizer’s user interface is incredibly flexible, enabling you to view information from NetFlow and interact with it exactly how you want. It’s also highly intuitive, ideal, especially in high pressure situations.
- Scrutinizer includes a comprehensive selection of pre-built reports. It’s also quick and easy to build your own bespoke reports.
How is Scrutinizer licensed?
Multiple editions of Scrutinizer are available, including virtual or hardware appliances. The hardware will be custom-built to your requirements, with the software pre-installed, which offers superior performance. You can compare the various options on the chart here.
It is also available as cloud-based software as a service.
You can see a selection of the most popular options in our shop.
Going beyond standard metadata generated by network devices, FlowPro provides additional insights into networks. For example it facilitates deep packet inspection and extraction of FQDN (fully qualified domain names) for encrypted traffic as well as DNS traffic analysis to detect data exfiltration.
How does FlowPro work?
Essentially FlowPro is a ‘probe’ that takes a stream of raw network traffic from a TAP (terminal access point) or SPAN (switched port analyser) port then uses that to generate enriched NetFlow or IPFIX. These flows can then be sent to a flow collection and analysis tool such as Plixer’s Scrutinizer.
Common use cases for FlowPro
Our customers tend to install FlowPro when:
a) They’re worried about security issues within DNS traffic
b) Blind spots exist on their networks where devices don’t have the ability to generate metadata, such as NetFlow and IPFIX, about the traffic passing through them
c) They’re concerned about the performance impact of generating metadata on network devices
- FlowPro generates security and application performance metrics, providing insights that are not available elsewhere.
- FlowPro can generate NetFlow or IPFIX completely independently of any network devices.
How is FlowPro licensed?
FlowPro is available as a virtual appliance in four different editions or as a custom-made hardware appliance. You can compare the various options on the chart here.
See the FlowPro options available in our shop.
Replicator aggregates, replicates and distributes flow and log metadata exported from network devices, across multiple monitoring tools, like SIEM (security information and event management), syslog and flow collectors.
How does Replicator work?
It sends a stream of UDP (user datagram protocol) metadata, such as NetFlow or IPFIX, to Replicator, which then forwards that UDP data to multiple destinations.
Common use cases for Replicator
Our customers tend to use Replicator for:
a) Forwarding flows to multiple destinations to ensure high availability
b) Facilitating disaster recovery
c) Converting syslogs to to IPFIX
d) Foiling hackers who try to delete log files
- Replicator enables you to export network-related metadata to all the places, products and tools where it delivers value.
- It allows you to add new network monitoring tools without the need to configure network devices to generate multiple streams of flow, which would cause additional CPU overheads.
How is Replicator licensed?
Replicator is available as either a virtual appliance or a custom-built hardware appliance.
View Replicator product options in our shop.