Dell SonicWALL Scrutinizer is a multi-vendor, application traffic analytics visualization and reporting tool to measure and troubleshoot network performance and utilization while increasing productivity for enterprises and service providers. Scrutinizer supports a wide range of routers, switches, firewalls, and data-flow reporting protocols, providing unparalleled insight into application traffic analysis from IPFIX/NetFlow data exported by Dell SonicWALL firewalls. Scrutinizer easily identifies top applications, conversations, flows, protocols, domains, countries, and subnets, and alerts on suspicious behavior. Scrutinizer also provides historical and advanced reporting, role-based administration, advanced analysis, and threshold-based alerts, in addition to numerous special features for MSPs and ISPs.
The Dell SonicWALL Flow Analytics Module brings traffic flow diagnostics to the next level by adding valuable functionality to Dell SonicWALL Scrutinizer software, such as historical reporting for an unrestricted period of time, advanced alarming with the ability to set thresholds, role-based administration, and in-depth traffic analysis algorithms. With the Flow Analytics Module, Scrutinizer can easily identify top applications, conversations, flows, protocols, domains, countries, and subnets on the network, as well as watch for and alert on suspicious or potentially hazardous network behavior patterns, thereby providing administrators with greater network security awareness.
SONICWALL SCRUTINIZER FEATURES:
Tools such as customizable and interactive charts and tables; an innovative matrix view displaying flow field; network maps showing relevant flow data; and integrated Google Maps, are the foundation for Scrutinizer's easy-to-use yet powerful analytics and trend analysis capabilities. These visualization tools provide a robust platform to list top interfaces across all routers, switches, and firewalls, displaying archived flow data in an intuitive and innovative way.
High capacity and broad coverage
Scrutinizer is able to support hundreds of devices and over a thousand interfaces. It's compatible with many different types of routers, switches and firewalls from numerous vendors and does not require the purchase of a separate, expensive Microsoft or Oracle database. Scrutinizer supports all industry standard data flow protocols including NetFlow v5, NetFlow v9, Flexible NetFlow, J-Flow, sFlow and IPFIX.
Flexible analytics and reporting
IT can perform analysis and create reports based on top hosts, protocols, applications, or conversations on the network across multiple countries, domains, subnets, routers, switches, or firewalls; IP grouping; traffic analysis Report Types (e.g. Flows, Flow Volume, NBAR Support, etc.); or Microsoft Exchange logs. Scrutinizer can trend in, out, or both at the same time; display data in bits, bytes, packets or percent, down to the second; and filter to include or exclude data on any field exported in the templates.
Enhanced network optimization
Application traffic analytics increase employee productivity by reporting wasteful network usage for administrators to enhance network optimization.
100% IPFIX and flexible NetFlow support
Scrutinizer enables administrators to define application groups using ranges of applications, ports and IP addresses. Administrators can also apply Dell SonicWALL-specific templates; rename templates; save filters; schedule reports to be sent out via email and. CSV exports for billing; customize billing for usage invoicing, set up default landing pages by account login; and save all records and flows - for an unrestricted amount of time.
Alerts and alarms
By setting alerts and alarms to activate upon configurable thresholds on interface utilization, administrators can easily identify unfinished flows and nefarious activities. Administrators can proactively monitor Quality of Service (QoS) and receive automatic alerts on degraded voice and video traffic. Scrutinizer's unique index-per-alarm feature displays how many other alarms the host has violated.
Troubleshooting tools can be used to identify bottlenecks on the network, analyze latency and jitter, search for specific hosts or ports, determine peak-hour usage and capacity, and identify what devices do not have the Active Timeout configured correctly. Administrators can also create a map of their network with links that change color based on utilization. Scrutinizer provides diagnostic information on host flows, host volume, pair volume MAC addresses, VLANs, domains and countries. In addition, the solution leverages IPFIX statistics to provide greater insight into VoIP metrics.
Enhanced forensics analysis
Administrators can configure timeframes for DNS caching; filter host-to-host, subnet-to-subnet or by TCP flag; track Flow Sequence Number, trend results and indicate problems; and specify allowed subnets and alarm for rogue IP addresses. Scrutinizer detects and alerts on unauthorized applications; malicious traffic; known-compromised Internet hosts; DNS cache poisoning; rogue DHCP and mail servers; port scanning; excessive multicast traffic; HTTP hijacking; and DDOS attacks.
Administration is a breeze with the central, easy-to-use console. Dashboards can be customized per login or group-based user permissions. Administrators can configure permissions per login account to access flows for specific router, switch, and firewall interfaces. Service providers can easily modify style sheets to match branding.
SONICWALL FLOW ANALYTICS MODULE FEATURES:
The Flow Analytics Module adds advanced reporting options such as flow volume, MPLS by subnet, Microsoft Exchange log trending and NBAR support. Administrators have with a wealth of information right at their fingertips.
IT administrators can create custom reports by applying filters to granularly define the specific information desired. Once created, custom reports can be saved for later use. Custom reports allow the user to configure detailed reports by filtering on fields such as IP Addresses, ranges and subnets; port numbers and ranges; defined applications including ranges of protocols and groups of protocols; multiple interfaces from different routers and switches; any exported field available via NetFlow or IPFIX; dynamic QoS monitoring; and detailed security/forensic information.
Traffic analysis reports
The Flow Analytics Module adds several additional flow based traffic analysis report types. Examples include granular IPFIX based application visualization reports for Dell SonicWALL products; flexible NetFlow NBAR based application reports (requires IOS v15 on Cisco routers); conversations to/from host pairs and applications used; flow reports with ToS field; host flow reports to show hosts sending or receiving the most flows; host volume reports to show the volume of unique hosts per second; and pair volume reports to show the volume of unique to/from address pairs per second.
Set it and forget it alerting
The Flow Analytics Module provides administrators with greater automation control, making routine advanced reporting a snap. Alerts can be configured based upon everything from unfinished flows to specific interface utilization. Administrators can configure QoS thresholds to proactively be alerted of RTSP latency and jitter before end users even reports a problem. Using saved Scrutinizer reports, the Flow Analytics Module can monitor and send out syslogs when traffic patterns violate specified thresholds.
Enhanced security awareness
The enhanced security functionality alone makes Scrutinizer with Flow Analytics an invaluable tool in an administrator's arsenal. It shows exactly what is happening on the network - where traffic originated, where it is going and what type of traffic it is. Is someone planning an attack by scanning the corporate network? Did one of the servers get infected with malware and launch a DDoS attack? Scrutinizer can automatically detect nefarious activities and alert administrators immediately.
Valuable troubleshooting tools allow Scrutinizer to easily identify the volume of flows per hosts and peer into Voice over IP (VoIP) traffic. IT administrators can analyze VoIP traffic and determine the amount of voice traffic into and out of the network over time; what users are involved with the most VoIP traffic; the caller ID of destination and source; QoS statistics such as Latency/Jitter and packet loss of each call; what audio codec is being utilized; and whether the router is modifying DSCP values.
Network topology maps
Network topology maps come to life in Scrutinizer as links change in color and thickness with variations in network utilization. Clicking on a link in a network topology map brings up useful traffic statistics such as top talkers and top conversations within the last minute.
IT administrators can use Scrutinizer to plot network appliances such as firewalls, routers, and switches on a Google map embedded in the Scrutinizer application. Using this geographic map as a starting point into all network analysis provides traffic details collected and organized for easy visualization in Scrutinizer.