Embed Size (px)
Citation preview
Plixer International // 68 Main Street, Suite 4 , Kennebunk, ME 04043 // 207.324.8805 // www.plixer.com
ReportingARM delivers in depth flow template awareness and reporting on 100% of all unique elements found in the flow export. This means that any and all elements (e.g. round trip time, HTTP host, URL, packet loss, retransmits, TCP window size, NAT, layer 7 application, etc.) exported by a vendor can be captured, saved, archived, automatically analyzed and reported on.
The Advanced Reporting Module (ARM) is intended for customers who need to take flow reporting and analysis a step above the traditional capabilities of NetFlow v5. ARM not only empowers customers to exploit all of the capabilities of NetFlow v9 and IPFIX, it also adds a layer of behavior monitoring to help detect unwanted communications that could lead to malicious activities. ARM brings several features to the Scrutinizer Incident Response System.
Report DesignerIn most cases, ARM already provides extensive canned reports supporting the vendor export your IT team needs to analyze. When the desired report is not readily available, the Report Designer allows administrators to create reports that will group by specific elements: average, total, and even definable counters. In the end, Scrutinizer delivers a report with an accompanying trend, pie chart, table or other visual representation that services their unique needs.
Advanced Reporting Module
Plixer International // 68 Main Street, Suite 4 , Kennebunk, ME 04043 // 207.324.8805 // www.plixer.com
Template SupportNo other vendor provides the same extensive reporting on Cisco AVC. This includes but, by no means is limited to NBAR, Medianet, Performance Routing, ART, Performance Agent, Cisco Trust Sec, NetFlow-Lite, WAAS,VQM, UCS, MSI, High Speed Logging, Smart Logging Telemetry, LISP, PSAMP and even the forecasted SDN export. Plixer is one of the premier partners that Cisco turns to when a new export is being engineered. Below is an example of the Cisco Wireless Controller support:
Cisco Hardware PlatformsOne hundred percent of all Cisco platforms are supported. This includes the Cisco Wireless Access Points, Cisco ASA, Catalyst, ISR, NGA, Nexus and all others. Beyond Cisco, Plixer has worked extensively to integrate all other vendor exports that adhere to the Cisco NetFlow or IANA IPFIX official standards. SFlow support is also provided.
Advanced Reporting Module
Plixer International // 68 Main Street, Suite 4 , Kennebunk, ME 04043 // 207.324.8805 // www.plixer.com
Vendors SupportedA10 Networks, Adtran, Alcatel, Avaya, Barracuda, Bluecoat, Checkpoint, Cisco, Citrix (AppFlow) Dell, Ecessa, Emulex, Enterasys, Exinda, Extreme, F5, Fatpipe, Force10, Fortinet, Foundry, Gigamon, H3C, HP, IBM, Juniper, MACH5, MikroTik, Nortel, nProbe, Packeteer, Palo Alto Networks, pfSense, Plixer, Open vSwitch, Riverbed, Silver Peak, Softflowd, SonicWALL,Talari, Ubiquiti, VMWare, Vyatta, Xirrus, YAF and 100% of all others.
NOTE: Extensive vendor support has been added for most vendors. For example, for Palo Alto, the ARM reports on layer 7 applications as shown below as well as username and NAT details.
Advanced Reporting Module
Plixer International // 68 Main Street, Suite 4 , Kennebunk, ME 04043 // 207.324.8805 // www.plixer.com
Contextual DetailsReporting on IP addresses and host names isn’t enough. Most of our customers want devices tied to usernames. To do this, the ARM provides integration with Cisco ISE, Microsoft AD and most radius authentication systems. Our services team can cross reference the IP addresses found in flows with any 3rd party data base to provide details on end system operating system, building location and more.
BaselinesThe Scrutinizer ARM can build a baseline for any element (e.g. interface utilization) or group of elements (e.g. source and destination IP address) and routinely compare recent behaviors with those typical in the past. Rolling baselines ensure that the profile evolves with the ever changing traffic created by the end system. When an abnormal pattern occurs, an event is triggered and your team is notified with the details.
SummaryThe Advanced Reporting Module is an important addition to Scrutinizer systems supporting flow exporting hardware from multiple vendors. It allows Security and IT professionals a way to maximize the value of the flows being received by the collector. It greatly enhances the reporting insight for greater malware incident response and it helps sleuth out low and slow infections that are waiting to make their move.
Advanced Reporting Module
