Plixer: Scrutinizer of the IoT

Do you need assistance with identifying possible virus threats for your organization’s computer system?

Plixer is a leader in delivering massively scalable flow collection with behavior and traffic-pattern monitoring. This enables organizations to rapidly identify threats and provide surgical incident response.

One of their prime software programs that can assist in the ongoing fight of virus threats to computers across the United States is Scrutinizer. It is the foundation for Plixer’s network traffic analytics system as it stands out in the industry by offering the most scalable solution on the market, delivering the fastest reporting, and providing the richest data context available anywhere.

Bob Noel who is director of Strategic Relationships and Marketing at Plixer, has answered some of IoT Evolution’s questions.

IoT Evolution: For mobile phones we have strategies for Mobile Device Management based on human needs and interactions. How is IoT different?

Bob Noel: Mobile phones have significant on-board processing and memory. They are essentially mobile computing devices with the ability to run many different applications. Users can download new apps at any time, so the traffic they generate and their patterns of “normal” behavior can change at any time without notice. IoT devices on the other hand are typically purpose-built and communicate with a very narrow set of IP addresses, protocols and applications. The job they perform is static making it possible to baseline traffic patterns and alert on deviations.   

IoTE: A key concept from Plixer is the least privilege approach. Yet we know advances analytics and machine learning is a huge advantage that IoT enables. How does the least privilege approach deal with the interaction of information and action?

BN: Plixer advocates end users consider a least privilege approach to the deployment of IoT devices. Today, many organizations deploy IoT as trusted devices on the network; however, given their high-risk profile, they should consider deploying them as implicitly untrusted devices. These devices are purpose-built, with narrowly defined communication profiles. Normal traffic patterns can be base-lined and understood; including the IP addresses, protocols, and applications used to perform defined duties. With defined traffic patterns, Scrutinizer can monitor all traffic to and from the IoT devices and alert on any deviant traffic, even a single packet. 

In addition, Scrutinizer from Plixer offers built-in security analytics to monitor traffic to and from IoT devices for anomalous behavior. Least privilege policy is a component of a defense in depth approach.     

IoTE: As Connectivity continues to expand how does your network traffic analysis gather data and report breaches and risks?

BN: Scrutinizer collects thousands of flow and metadata elements from the network infrastructure over which the traffic flows, including switches, routers, wireless controllers, network probes, firewalls, etc. The data is translated into a single database providing rich context, correlation, visualization, and reporting. Security algorithms are run against the database looking for and alerting upon anomalous behavior. Not only can Scrutinizer be a source of detection, its historical database is the source for the forensic data needed to support effective incident response.                                        

IoTE: Cisco is a proponent of Fog Computing, which looks to have the edge process the information. Does Plixer support that kind of architecture? What are the key elements to success in managing the edge? 

BN: Plixer’s approach is to leverage flow and metadata exports from the infrastructure over which IoT device traffic passes. In this manner, the existing network infrastructure acts as a distributed source of security data. NetFlow exports provide layer 2-4 details per conversation and metadata exports, from technologies like Cisco’s Application Visibility and Control (AVC), deliver additional context all the way to layer 7. Scrutinizer centralizes, translates, and stitches all of this data together into a single database. So Scrutinizer acts as a translater and provides context to the data it has collected. This allows IT teams to see where a breach occurred, where the hacker went into the network, what was accessed and what was stolen.

From the information that Noel shared with us it is clear that Plixer is leading the revolution in anti-virus software programs. The organization is working to ensure that viruses will become a thing of the past.