Plixer FlowPro - Overview

What is Plixer FlowPro?

Plixer FlowPro is a network monitoring solution that ensures your IT teams always have access to the information they need to investigate and analyze network performance and security events, despite infrastructure limitations.

How does Plixer FlowPro work?

Because traffic transparency is a vital to efficient asset management and proactive threat defense, network visibility limtations can severely hamper efforts to identify and respond to issues.

Plixer FlowPro enables visibility in a network’s blind spots by capturing network traffic, generating the corresponding IPFIX records, and forwarding the data to Plixer Scrutinizer.

Plixer FlowPro is available as a rack-mountable hardware appliance or in virtualized ESX-, Hyper-V-, or KVM-based packages.

Licensing

Plixer FlowPro 20 is offered in the following license options:

Plixer FlowPro

The core Plixer FlowPro license enables complete network visibility by generating flow data for otherwise invisible traffic and forwarding it to an IPFIX Collector without requiring additional processing.

Plixer FlowPro Defender

With the Defender license, Plixer FlowPro can leverage DNS monitoring techniques to provide enhanced visibility and malware detection through the following features:

  • Selective packet capture

  • Threat Feed based event detection

  • Custom NIDS rule event detection

  • DNS lookups of domains likely associated with malware

  • DNS Start of Authority

  • Transfered file info and hashes

  • HTTP connection reporting

  • TLS and JA3 signature reporting

  • Data exfiltration detection

  • BotNet & Command and control detection

  • Plus many more with NIDS rules traffic inspection

DNS queries are compared against a domain reputation list and matched with known responses to identify potentially malicious traffic, such as no existing domain (NXDOMAIN) and long, complete DNS names that do not properly resolve. Plixer FlowPro Defender is also able to monitor other types of DNS messages, such as DNS TXT messaging to bypass firewall restrictions, and supports user-defined domain whitelists and blacklists.

Note

The Plixer FlowPro APM and Plixer FlowPro APM-Defender licenses are currently only available in version 19, but will be available in a future version 20.x release.