plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

Transcription

1 Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to a potential threat. Even if the flows are being sent to different collectors, Scrutinizer will stitch the flows into a single report. Relying on only NetFlow, IPFIX, and even sflow, Scrutinizer can also be used to baseline and monitor for definable unwanted behaviors. Unauthorized application deployments Detect DNS communication tunnels Custom Report Filtering Custom reports allow the user to configure detailed reports by filtering on fields such as: IP Addresses, ranges, and subnets Port numbers and ranges Defined Applications, which include ranges of protocols Combine interfaces from multiple routers Any NetFlow or IPFIX exported field (e.g. HTTP Host, URL, packet loss, retransmits, etc.) VoIP Analysis Voice over IP (VoIP) Analysis is assisted in Scrutinizer by verifying: How much voice traffic is historically on the connection What devices are involved with the most VoIP traffic What QoS is being requested That the router is modifying DSCP values Visualization of Network Health Network Behavior Analysis Scrutinizer uses configurable algorithms to automatically alert you when trouble is recognized. Network Scans and DoS attacks Policy violations and internal misuse Poorly configured and unathorized devices Visualize Global Networks with Google Maps Scrutinizer offers advanced integration with the Google Maps API, which allows users to plot routers, switches, and device groups on an embedded Google map. This helps make highlevel network navigation a snap and provides a window into your Scrutinizer details.

2 Expansive Vendor Support - Incredible Value Scrutinizer supports all flow exports from all vendors adhering to Cisco NetFlow specifications or the IPFIX standard. As a result, it greatly enhances the reporting insight and quickens malware incident response efforts. Incident Response and Application Performance Because Scrutinizer aids in both Incident Response and Application Performance, it allows Security and IT professionals a way to double the value of the flows being received by all the collectors.

3 Work Sheet Take a few moments and fill out the following Competitor Work Sheet. NetFlow, sflow & IPFIX Flow View to see all fields in the raw flows Support for unlimited exporters and interfaces Support for Distributed Collectors Identify interface names using NetFlow or SNMP Support for multiple languages Define application groups using ranges of ports and IP addresses Display data in bits, bytes, backets, or percent Trend in, out, or both at the same time, in all reports Configurable time frame for DNS caching 100% support for Flexible NetFlow by breaking out details per template Support for Netstream, sflow (v2, v4, v5), J-Flow, IPFIX and AppFlow Support for NetFlow v1, v5, v6, v7, and v9 Run reports to find rogue DNS, DHCP, mail, etc., servers on the network Export data in csv format on all reports Granularity down to the second it was received Schedule reports on demand Save filters on custom reports

4 NetFlow, sflow & IPFIX Include or exclude filters Filter for Host to Host and Subnet to Subnet Filter on any TCP flags Filter on any field exported (e.g. MAC address, VLAN, latency, etc.) Ability to add multiple interfaces across different routers to single report Run reports specific to an interface. IMPORTANT: As a host may have multiple routes to the same destination Trends Flow Sequence Number and detects dropped flaws Tells what devices are misconfigured when sending flows Support for IPv6 Mapping of network with links that change color based on utilization Ability to click on the links in the map to bring up the top conversations Integration with Google Maps Customize interface names and overwrite default SNMP if Alias name Customize interface speed, both in and out, with different values SNMP v1, v2, and v3 LDAP support Integration with any 3rd-party NMS solutions via cross-check Search for specific hosts or ports across all flow exporters and collectors

5 NetFlow, sflow & IPFIX MPLS reporting on subnets and tags Online technical video training Company has thousands of customers Dashboards: unique interface per login account Group-based user permissions IP grouping support Exclude transport protocols from being saved per interface, router, or globally (very important feature when VPNs and tunnels are involved). Ability to view individual Flow templates (NetFlow v9 and Flexible NetFlow) Ability to rename templates for future reference Ability to select which NetFlow templates to use in a report (important when collecting NetFlow from the Cisco ASA) Flow Volume Report Pair Volume (Volume of unique to/from address pairs Alarm for DDoS, DNS issues Host Flows (volume of flows per host) with unique destination: Flows Ratio Host Volume (volume of unique hosts per second) Top Subnets Top Domains Top Countries

6 NetFlow, sflow & IPFIX Report and trend on Microsoft Exchange logs Detect network scans (e.g. SYN, RST/ACK, XMAS, FIN, etc.) Alarm on saved filters (e.g. total traffic or per row) Constant automated DNS resolution for Flows received Alarming for high interface utilization Alarms for excessive traffic from a single host or application Top flow senders, application, etc. across hundreds of routers/ switches, while deduplicating flows Specify allowed subnets and alarm for rogue IP addresses Unique index per alarm (tells how many other alarms the host has violated) Alarm: Identify internal hosts communicating with known compromised internet sites. (Online IP reputation database) Alarm for BitTorrent, YouTube, Facebook, etc. use Support for NBAR via NetFlow (i.e. not SNMP) Mitigate issues by turning ports off on switches or making ACL changes Saves all the records, all the flows, all the time for as long as necessary (i.e. decades) Flow View Only Limited to 5 hours Set permissions per interface* Set permissions per router* Flow Expert in dashboard for advanced, proactive awareness of anomalies UltraSurf detection

7 NetFlow, sflow & IPFIX Dynamic advanced filtering options based on any flow template Flow Hopper shows the hop-by-hop path a flow takes through the network Advanced Reporting on Citrix NetScaler for AppFlow (URLs, latency, etc.) Support for Cisco ASA NSEL Performance Routing (PfR), Performance Monitoring, Smart Logging Telemetry (SLT), Cisco TrustSec, AVT Performance Agent and others 3rd-party integration with cross-platform fault index Latency and round trip time for all devices on the network Set interface speed per report Search IP addresses or ports across devices to track where it was seen The dynamic creation of reports based on any exported data (i.e. Element) Company acquired millions in Venture Capital Requires expensive Microsoft Database Support for Cisco ISE, Microsoft AD, Radies, etc. to correlate IP Addresses to Usernames *Requires Service Provider Module