Plixer FlowPro - Overview¶
What is Plixer FlowPro?¶
Complete visibility of network traffic is key to managing your network, protecting your assets, and investigating security incidents. Whether you need to monitor traffic in remote offices, an isolated data closet or a data center, Plixer FlowPro provides the information you need to perform root-cause analysis of both network performance and security events.
Plixer FlowPro is a network sensor that delivers security and network visibility where infrastructure otherwise falls short. With a single sensor, network operations can gain additional insight into the network while security operations simultaneously lower risk, gain data context, and respond quickly to security incidents.
Plixer FlowPro is available as a physical appliance or Virtual Appliance download.
Plixer FlowPro offers several licensing options:
The base Plixer FlowPro license provides complete visibility into your network traffic where visibility is limited by generating flow data to send to an IPFIX collector. Plixer FlowPro captures network traffic and generates corresponding IPFIX records without performing any additional processing.
More features and functionality are available with additional licensing as described below.
Plixer FlowPro APM¶
The Plixer FlowPro APM (Application Performance Monitoring) license enables Plixer FlowPro to passively monitor traffic and can be configured to provide the following:
- Latency data on clients, servers, and Layer 7 applications through Deep Packet Inspection (DPI)
- Traffic metrics related to SIP/RTPs and voice quality
- Both latency and traffic metrics (dual mode)
If additional interfaces need be added to the Virtual Appliance, that must be completed prior to requesting the Plixer FlowPro APM license.
Plixer FlowPro Defender¶
Plixer FlowPro with Plixer FlowPro Defender licensing passively monitors network traffic to provide enhanced visibility into the traffic within or transiting the organization. It monitors DNS traffic for signs of malware compromise including BotNet detection, DNS lookups of domains likely associated with malware, and malware using DNS for data exfiltration and/or command and control.
Plixer FlowPro Defender compares DNS Queries to a domain reputation list and matches DNS queries with responses to identify abnormal DNS traffic. Examples of potentially abnormal traffic include no existing domain (NXDOMAIN) responses and long and complete DNS names that do not properly resolve.
Plixer FlowPro Defender also provides:
- Monitoring of other types of DNS messages, such DNS TXT messaging to bypass firewall restrictions and allow direct communications between an outside host and an internal asset
- User-defined “whitelists” to prevent allowed domains from triggering alerts, plus user-defined “blacklists” to augment the Plixer-supplied domain reputation lists
- Both modes simultaneously in any combination on any or all of the available monitoring ports
Plixer FlowPro APM-Defender¶
This combination license includes the following licensing options as described above:
- Plixer FlowPro APM (Application Performance Monitoring)
- Plixer FlowPro Defender
Enabling and disabling any of the available features and functionality can be performed using the appropriate enable or disable commands.