What is our primary use case?
The primary use case is to analyze the flow found within the network. It helps us understand how the network is used, e.g., if it is mainly used for email or private application.
It is very difficult to use functionality and provide features to understand how in the future the network will be used because the application is growing and developing so fast. So, the data flow could be exponential. That's why it's a daily challenge to understand how the network is in use and how we can manage to renegotiate the contract to improve the bandwidth, but it has very good tools concerning the network and network analysis. It has helped us a lot with troubleshooting.
I am using the latest version.
How has it helped my organization?
If an application is encountering an issue, and some people say, "Oh, this is the network's fault." We need to prove otherwise the problem application isn't working. Therefore, Scrutinizer helps us to verify the info and comply.
We have SQL Server all around the world. Because most replication happens almost equally, if we want to understand how the replication is doing, we can use Scrutinizer to put a filter on it. We can match older servers around the world, comparing the data transfer from each site to understand if some behaviors are different and why they are not the same. The tool helps developers to improve the application.
We use the solution specifically to help reduce the time to resolution for network and/or security events. It reduces the time to resolution by two to three hours (if everything is done by hand). With Scrutinizer, it takes maybe 15 minutes.
People are usually calling me, or bombing me by emails, and asking me to check what exactly is happening. So, Scrutinizer helps me have a better picture of network traffic and a few security issues.
What is most valuable?
It has a very user-friendly interface.
The mapping is most key. It is very important for us and is very nice. It's important for us to see who is communicating with what and where. So, we have had many requests to understand in the network which devices are connected to others. Most people don't have this information or are able to establish a map of data flow everywhere around the network. Scrutinizer can really help with this. We are using it to understand who is talking to what, how, and which protocols can help us to improve security and analyze flow.
We use the flow analysis and graphical interface to analyze a different flow along with using some filters in order to drill down where the problem is coming from. These are the main features that I use Scrutinizer for. We implement them in specific reports. But, with so much information, in the end, we had to stop.
What needs improvement?
We have tried to extract a map of data flow information, but I think we have to use a JSON query with API in order to query Scrutinizer to pull out some information in order to make some correlation with other third-party tools. We never had the opportunity to do this. It is something that would be nice to do, but it's very labor intensive.
I really would like to exploit the metadata to match it with other applications using the API, but this is not yet available. I'm not sure that we'll go that way because all the work that we have to do in order just to extract the metadata from Scrutinizer. We'll have to correlate with all the information from other systems. For that reason, I'm not sure it's going to happen. It will be very interesting though.
I would like them to improve the update process. It's so complicated now that it switched to Linux. This makes the server more stable because before we were running it on Windows. The fact that they use Linux is very good and makes it more stable. However, updates never happen in one day or on our own. So, every time we need to call Plixer to proceed with the update, and they are very efficient in that. However, if they could make it a bit easier to upgrade, e.g., a click from the web interface to update the system, this would be nice.
For updating the Scrutinizer platform, when we have the actual data, it never happens in one day. Every time we have the data, we are obliged to install a new server in order to integrate the old data, and every time it has a problem. Most of the time, we were obliged to scrap all the data because we couldn't transfer it to the new server. So, it would be very good if they could improve this part.
Concerning the NetFlow, we have encountered many issues with some routers that don't send proper tickets. All the time, we're obliged to logon to SSH and run pcap. Pcap is just the packet capture. We are obliged to enter into the Linux to run some pcap on the common line, which is not great. It would be very nice if they integrated the pcap features through the web in order to analyze them. It's very easy. Most of the tools that we're using, and that are on the market, provide this feature. It would be great if Plixer integrated the pcap functionality through the web interface without having to enter into the Linux system.
The security part could also be improved. It would be great if they could implement a better algorithm inside the Scrutinizer to detect if there were attacks. The current algorithm to check if there has been a DNS attack is very light.
For how long have I used the solution?
I have using the solution for a pretty long time, since 2013.
What do I think about the stability of the solution?
It is quite stable. We did just encounter a very strange device (a network scanner) which sends us so many flows that the device almost crashed the server of Plixer. However, this is exceptional. We just discovered this issue about a one week ago. Otherwise, Plixer is very steady and has worked very well. We usually never encounter an issue. It is great.
Because we use the main dashboard for maps to understand the use of the link and present it on the big screen TV, sometimes we are obliged to reset the browser everyday in order to refresh it. We had some little bugs because of this, but we don't know yet if this is coming from Mozilla Firefox, the browser, etc. Otherwise, it is very good.
What do I think about the scalability of the solution?
It is very good. It's very scalable, as long as you have their license.
There are no more than 10 people who have access to the solution. We have 10 to 15 administrators with accounts who are technical.
Two network administrators are more than enough for deployment and maintenance. Usually, one network administrator is taking care of this. Sometimes, I'm backing up, but otherwise, only one person is necessary to manage it.
Which solution did I use previously and why did I switch?
This was our first solution to collect the flow. We were looking for a device for a long time, and we are very happy with Scrutinizer.
How was the initial setup?
The first time the initial setup happened with an integrator, and it was very easy because we just implemented on Windows. After that, we changed to the new version of Scrutinizer, then we just call Plixer in order to do it because there are too many things to take into consideration, especially if we don't want to lose data. This also has room for improvement.
What about the implementation team?
Anytime a deployment happens, because it's Linux, we require the help of Plixer. We are very happy to work with Plixer. They are very efficient and know what they are doing. With one simple call, they can help us update the system.
The initial deployment was done by Plixer, so it took one hour to install it. We provided the OVA to deploy it, then Plixer configured it. The new implementation was one hour and very fast.
What was our ROI?
I would base ROI on the time that we gained and productivity. It is difficult to make a return of investment based on productivity. Mainly, I would say the time saved.
What's my experience with pricing, setup cost, and licensing?
The license is per device. We have 50 devices.
We just renewed. The pricing is 5,000 euro per year. This is the final price. All tax (20 percent) is included.
Which other solutions did I evaluate?
We did look at other vendors and solutions, but because of our current monitoring system, we needed a complimentary system. During 2013, we made this substantial investment using Plixer. But, if we had to change everything now, it depends on the correct strategy. To replace Scrutinizer would be very difficult. That's the reason way we don't want to change it.
In terms of monitoring, the biggest competitor would be SolarWinds because they integrate an operations manager from another managing giant. They also provide a data flow collector and reporting variability with extensive monitoring ability for SMTP and troubleshooting. So, if you want an all in one solution, then maybe it will be different with them.
Most users in our company have all the monitoring tools, people prefer to logon to Scrutinizer to see how the network is going instead of using all the monitoring tools because it is so user-friendly.
What other advice do I have?
It is a pretty good tool.
The deployment plan was to help us be more efficient and proactive regarding data flows and security on this domain.
It helped me realize the main data flow is not controlled by anybody. By using these tools, it made me realize that developers and all these people that create applications don't know anything about the application that they've developed. It made me realize that developers are developing approximately. They are not very precise when we analyze it.
You can trust the Plixer developer, because they are a very capable company. If you really want to know what's happening on your network, this is one of the best tools that you can use. Especially after something happens, you can really use it and count on the tool to help find out the issue.
I would rate the solution an eight (out of 10).
Which deployment model are you using for this solution?
Which version of this solution are you currently using?