Using saved Scrutinizer reports, the Flow Analytics Module can monitor and send out syslogs when traffic patterns violate specified thresholds. For example, the Flow Analytics Module can be used to monitor an application for a certain ToS within a class A subnet.
•Enhanced Security Awareness
o Administrators can create a list of banned applications to be alerted upon traffic identification o Detect malicious traffic such as DDoS attacks, worm traffic and more
o Detect numerous types of network scans such as SYN, XMAS & FIN o Detect rouge IP addresses that lie outside of predefined subnets
The enhanced security functionality alone makes Scrutinizer with Flow Analytics an invaluable tool in an administrator’s arsenal. Know exactly what is happening on the network- where traffic originated, where it is going and what type of traffic it is. Is someone planning an attack by scanning the corporate network? Did one of the servers get infected with malware and launch a DDoS attack? Scrutinizer can automatically detect these activities and alert administrators immediately upon detection.
At the heart of Scrutinizer’s attack detection capabilities are a behavioral analysis engine and a periodically updated known threats database. IT administrators can use Scrutinizer to identify and alert on threats such as DDoS attacks, port scanning, attacks from infected hosts behind the firewall. In turn this allows the administrator to remediate threats by making configuration changes, such by disabling ports, and modifying ACLs, on routers, switches and firewalls. Scrutinizer uses configurable algorithms to analyze flow data from the entire network infrastructure, or from a
The Flow Analytics Module can utilize the local DNS to resolve IP addresses in
The history of repeat offenders can be easily identified through the use of a Unique Index (UI) to manage traffic counts. In addition, the Flow Analytics Module helps locate machines involved with DDoS attacks or infected with viruses/worms.
The Flow Expert Window provides insight to immediate network problems as they occur to identify and resolve DoS attacks, bottlenecks, network scans, improperly terminated connections and more. Traditionally, the functionality provided by this "Expert Window" feature has only found in packet analyzers.
•Supported protocols & other technical specifications
o Support for L7 application awareness by using NBAR or IPFIX o Automatic DNS resolution
Tired of looking at a list of meaningless IP addresses? Wouldn’t it be great if the
SonicWALL Scrutinizer 9.0.1 Release Notes
P/N
10