Plixer FlowPro Defender functionality

When the Plixer FlowPro Defender functionality is enabled, Plixer FlowPro leverages deep packet inspection (DPI) and advanced traffic analysis techniques to detect potential security threats and alert you when your assets may be compromised by malware.

By monitoring DNS traffic, Plixer FlowPro Defender provides critical insights into data entering and leaving your network, helping to identify malicious activity and prevent data exfiltration.

The following features and functionalities are available when the Plixer Defender functionality is enabled:

• DNS Traffic Analysis: Gain visibility into DNS queries and responses to identify potentially malicious domains or unusual behavior.

• Threat Detection: Utilize selective packet capture, threat feeds, and custom network intrusion detection system (NIDS) rules for identifying suspicious activity, such as command-and-control traffic or DNS tunneling.

• TLS and JA3 Signature Reporting: Monitor encrypted traffic to detect anomalous patterns and potential misuse of encryption protocols.

• HTTP Connection Reporting: Identify and track HTTP requests for enhanced visibility into application-layer behavior.

• File Hash Analysis: Capture information on transferred files and calculate hashes to detect potential malware.

• DNS Reputation Checks: Compare DNS queries against domain reputation lists to uncover threats such as NXDOMAIN responses and suspiciously long DNS names.

• Customizable Whitelists and Blacklists: Define trusted and restricted domains to tailor detection to your organization’s needs.

• Botnet and Command-and-Control Detection: Identify and mitigate traffic associated with known botnets or malicious command-and-control servers.

When monitoring DNS traffic, Plixer FlowPro Defender provides actionable insights into network behaviors, enabling faster threat detection and response. For users requiring both application performance monitoring and Plixer FlowPro Defender capabilities, these features can be combined for comprehensive visibility and security.

• Custom rules
• Rule updates
• Selective packet capture
• Plixer FlowPro exclusions
• Untrusted domain lists
  • Domain reputation
  • JA3 signatures