Plixer FlowPro - Overview

What is Plixer FlowPro?

Plixer FlowPro is an advanced module of the Plixer One platform, designed to extend network visibility and provide actionable insights into both performance and security. It ensures your IT teams have continuous access to the critical data they need to investigate and analyze network events, even in environments with infrastructure constraints.

By leveraging Plixer FlowPro, teams can enhance their ability to manage and optimize performance while strengthening security measures to reduce risks and respond swiftly to incidents.

As part of Plixer One, Plixer FlowPro equips your organization with powerful tools to examine network traffic and application usage. It provides visibility across all layers of the network, from foundational elements to more intricate ones. Plixer FlowPro also facilitates tracking DNS traffic to reveal full web addresses behind encrypted sessions and detect anomalous activities or potential threats.

How does Plixer FlowPro work?

Comprehensive network visibility is critical for effective asset management and proactive threat defense. Blind spots in the network can severely hinder efforts to identify and respond to performance and security issues.

As an integral module of the Plixer One platform, Plixer FlowPro captures, processes, and enriches network traffic data, providing unparalleled insight into network activity.

Plixer FlowPro operates by capturing raw network traffic using its built-in packet capture capabilities. It processes this traffic through deep packet inspection to extract detailed application performance metrics and leverages Suricata IDS for identifying potential security threats. This dual functionality enables FlowPro to generate enriched IPFIX records containing vital metadata, including application behavior, DNS traffic details, and potential threat indicators.

The enriched IPFIX data is then forwarded to other Plixer One components, where it undergoes further correlation and analysis, allowing IT teams to monitor performance trends, identify anomalies, and investigate security events. This seamless integration ensures that Plixer FlowPro not only enhances visibility but also enables actionable insights to support efficient network operations and threat response.

Plixer FlowPro is available as a rack-mountable hardware appliance or as virtualized packages compatible with ESXi, Hyper-V, or KVM environments. These flexible deployment options allow organizations to easily integrate FlowPro into their existing infrastructure, extending visibility and analytics to every corner of the network.

Feature sets

With its core functions, Plixer FlowPro can provide teams with essential network visibility by generating standard tuple-based flow exports for otherwise invisible traffic that can be ingested by an IPFIX collector without additional processing load.

This visibility can be further enhanced to meet specific network and security needs through the following feature sets:

Plixer FlowPro APM

Plixer FlowPro APM enables deep application visibility across Layers 2 through 7, providing advanced insights in flows sent to an IPFIX collector.

  • Latency metrics for clients, servers, and Layer 7 applications through Deep Packet Inspection (DPI)

  • Traffic metrics specific to SIP, RTP, and voice quality, aiding in performance optimization for voice and video communications

  • Combined latency and traffic metrics, offering dual-mode analysis for comprehensive application performance insights

Plixer FlowPro Defender

Plixer FlowPro Defender leverages domain reputation lists and analyzes network behavior to identify potentially malicious activity, such as NXDOMAIN responses or unusual DNS patterns, while allowing teams to tailor their threat detection and response strategies to their unique needs.

By leveraging domain reputation lists Plixer FlowPro Defender enables DNS monitoring and advanced network intrusion detection techniques to enhance threat detection and response capabilities.

  • Selective packet capture for targeted traffic analysis.

  • Event detection using a threat feed and custom NIDS rules.

  • DNS monitoring, including:

    • Identifying domains likely associated with malware.

    • Analyzing DNS Start of Authority and DNS TXT messaging to identify potentially suspicious behavior.

    • Supporting user-defined domain whitelists and blacklists.

  • Malware and botnet detection, including:

    • Monitoring for data exfiltration and command-and-control traffic.

    • TLS and JA3 signature reporting.

    • Reporting on HTTP connections and transferred file hashes.