Plixer’s Scrutinizer flow based analyzer provides deep insight into user, application and network device behavior improving the network and security operations teams’ real-time situational awareness.
The built-in Flow Analytics™ performs behavioral analysis on collected flows to identify suspicious behavior on the network, such as machines compromised by malware “phoning home” to C&C servers.
Using a calculated threat index, Scrutinizer reduces false positives and is able to rapidly differentiate between compromised systems and misconfigured devices, allowing for measured, timely and prioritized response measures.
Complementing the broad visibility offered by Scrutinizer, EndaceProbe™ Analytics Platforms deployed across the network capture, record and index 100% of the raw traffic data that is also the source for flow records.
In addition, running EndaceFlow in Application Dock on the EndaceProbes provides high-speed NetFlow Generation in v5, v9 and IPFIX format - giving you both accurate NetFlow data, and full packet history.
The Value of Packet History
Full packet data provides forensic evidence of compromise and raw packet data for deep analysis in tools like Wireshark.
Using the Endace Fusion Pivot to Packets technology, Scrutinizer users can pivot from an event of interest directly to the packets, which can be retrieved from the EndaceProbes seamlessly from within the Scrutinizer UI.
This increases the speed with which analysts can drill down into packet level data during live investigation, and simplifies the archival of packet data for subsequent analysis. By streamlining this workflow, analysts can investigate events and alerts more efficiently, improving response time and decreasing time to resolution
Download the Datasheet and Configuration Guide to understand how Plixer's Scrutinizer, combined with EndaceProbes, provides users deep insight into application and network device behavior to improve network and security operations.
For more information on integrating Scrutinizer with EndaceProbes please login to the Endace Support Portal. If you do not have a Support Portal account, you can request one here.
How about a Demo?
Interested in finding out how the integration of Plixer Scruntizer and EndaceProbe can give you deep insight into the behavior of network and application devices?