Plixer Scrutinizer Review

Helps us understand what's going on in our VPN Client and DMZ

What is our primary use case?

The primary use case was statistics. Now, it's mainly security and operations.

I am using the latest version.

How has it helped my organization?

I can't imagine a life without it. It's really a helpful tool. If we didn't have access to the tool, we would have more difficulty getting a long-term overview on the growth of our network. As we have gathered statistics for more than 10 years, we know about the implementation of traffic on our network to also justify our work and investments. From my point of view, it would be more difficult without a NetFlow accounting tool.

The solution helps enrich the data context of our network traffic. A very good example is a feature recently discovered denied firewall flows, which helps us understand what's going on in our DMZ. It also helps us figure out misconfigurations, It is really a very helpful feature.

It shows us the saturation of the network of devices. It gives us a clear view of the flows in the network to understand, for instance, planning upgrades in the network to get an idea of what's going on in the network for traffic flows. It gives us insight, for instance, on what's going on our VPN Client. There are a lot of things where it provides very helpful information. It also gives us our security reports with quite detailed information on what's going on in the network, and whether there are data exfiltrations and so on.

In a few cases, it has helped resolve network events. It has also helped resolve security events. We found a couple of security issues that we wouldn't have found without the tool.

What is most valuable?

  • The automatic reports that we use for statistical purposes.
  • The security analytics.
  • The security alarms.

What needs improvement?

Data retention needs improvement. Data retention is a thing where we are looking for a better way to collect flow data for a longer time to do forensic research on security incidents. By default, data retention is quite low. We need detailed data in safe storage for a longer time, e.g., for a couple of months. An improvement would be a way to export data into a secure long-term storage.

For how long have I used the solution?

I have been using it for more than 10 years. My company has been using it longer.

What do I think about the stability of the solution?

On a scale from zero to 10, the stability is about an eight. From time to time, we have some issues that need to be fixed by their support. Usually, the support fixes the issues quite quickly. I would say it is between good and very good, in that range.

There is one person (the head of the network group) who maintains the server right now. There is also a backup if they are not available. We have three or four people who are able to do some configurations on the system. But, currently, I am the principal responsible for the device, because we always have for a principal and backups. So, we have one principal with two or three backups. We always have one person, but I'm working on it with right now with less than five percent of my working time.

What do I think about the scalability of the solution?

My personal impression right now is that we've reached a limit, or we are near a limit of flows per second, because we see that our system is getting quite slow. I suppose it's a hardware issue, not an issue of the software.

Logging into the system, there are about seven or eight administrators. Looking at the reports, there are at 10 users. The actual size of the network is above 3000 users.

How are customer service and technical support?

They are really great. With my most recent experience, two days ago, they responded quite quickly. They're immediately available. Usually, they have a solution to fix the issue during the call or web conference. With the most recent call, I had four questions and issues. They didn't say open four cases. They fixed or answered the four questions, then asked me whether I had other questions at the end. The support is perfect.

Which solution did I use previously and why did I switch?

I never used another NetFlow accounting solution. I got to know the NetFlow concept at my current company.

How was the initial setup?

The initial setup didn't seem to be that complicated. I found it already implemented, but we did a lot of migration steps. It seems to be quite easy to implement.

If I would have to implement it again, Scrutinizer is not that difficult to implement versus any other appliance. It is more complex to configure the exporters, but there is a lot of current, good documentation on the Plixer site for this.

What about the implementation team?

In our situation with 25 exporters, it might take a half a week to do the implementation of the server. It's usually performed by Plixer, or with the help of Plixer and the hotline. First of all, I would use the test license to do a proof of concept to do the implementation. Then, I would test one or two devices, gathering some reports. I would also create an implementation plan.

What was our ROI?

We have seen ROI.

What's my experience with pricing, setup cost, and licensing?

We recently bought a license upgrade, so we will integrate more exporters. We upgraded from a 25 exporter license to a 50 exporter license. Therefore, there will be more flows, and this will be an extension. I don't know when we will purchase a faster server, because the server that we have is quite new. 

Right now, there are no plans to purchase NetFlow Replicator. We are thinking about Flow Analytics.

It's about €10,000 a year for initial license and yearly maintenance costs. In addition, the hardware costs are about €10,000 once every five years.

Which other solutions did I evaluate?

Compared to other solutions, the functionality Scrutinizer delivers is better. 

I have one comparison to Cisco Prime, which also has very basic NetFlow accounting, but is quite good in the context of Prime for Network Analysis.

What other advice do I have?

When dimensioning the server hardware, we possibly have too many CPUs and storage, but the storage is not fast enough. So, the storage should be fast and the I/O delays should be low. The server should be tailored where it has to be dimensioned well.

We thought about using FlowPro. We see a very good use case for it, but right now we are working just with the flow collector for enhanced reporting.

It is really a very good security improvement. This is something I wasn't aware of in the beginning. I thought it was just an accounting tool to provide some statistics and maybe fix one or another network issue. Recently, in the last two years, we learned that it's a very good security tool to learn more about what's going on in the network, not only in terms of network saturation, but mainly in terms of security incidents and break out. 

Which deployment model are you using for this solution?


Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.

Add a Comment