Hey guys,
I am looking for some insight on some good netflow ME vendors. Do you know of any good resources/vendors that do this well. Provide clean UI, as well as being quite affordable?
I am currently looking into plixer's scrutinizer netflow server. Has anyone used this product?
I've seen it in demos and it looked very slick, and I preferred the GUI to Lancope. No idea on cost, but that's the one that I want to play with the most.
Quote from: deanwebb on June 08, 2015, 09:10:14 AM
I've seen it in demos and it looked very slick, and I preferred the GUI to Lancope. No idea on cost, but that's the one that I want to play with the most.
Maybe I'll let u webex in for some goodies? :banana: :banana: When I get it deployed :twisted:
Oooh! That's the way to share information amongst colleagues! :)
Quote from: deanwebb on June 08, 2015, 09:22:28 AM
Oooh! That's the way to share information amongst colleagues! :)
yeah. For sure. We currently are using appneta, but it is a pain, and requires a physical device at every location. Why deploy that when we can use the netflow features already within our devices :professorcat:
Okay guys,
So far the product is very good. I am able to see detailed analysis of many things, which I like. However I did find some issues.
Issue #1: We have 120-130 MPLS sites. I wanted to create a report of a life feed of our WAN interface throughput. I wanted to exclude our big HQ mpls routers because their bandwidth size would alter the graph so much so, that I would not be able to distinguish the T1 interfaces.
Solution attempt #1: Okay, I will exclude the 2 devices from the report. right? Doesn't work. As of right now you cannot exclude devices/interfaces. You can exclude everything else under the sun... but not devices. So right now I am having to manually add 130 sites to the MPLS report i wanted.
Feature #1: Everything is customizable. Tabs, charts, you name it. It is your personal play world. I love it... I just wish they would streamline the addition/removal of devices.
Here are some pics for your enjoyment. in the chart you will see my CEO pegging out his pipe watching netflix movies/instagram. haha. It is his personal connection. so who cares. :drama: :drama:
2nd pic shows all of our sites, and a nice UI which shows the in/out rates of each site. Triggers can be made, emails/alerts can be sent. +1
Yeah, that looks as sweet as it did in the demo. You know you got something really neat when you can get it to look like the demo almost right away in production.
@dean
It was very easy to setup. Used prime to push the netflow config to all the routers. EZPZ. I am seeing a benefit for it. The price for 250 devices with advanced monitoring is like 80k. For 40 appneta devices it is around 80k... lol
Today I am going to be getting the HQ devices on it. ASAs/Nexuses/Access switches/ 3130x's/ etc.
I am late to the party but we use Lancope StealthWatch where I work. While not cheap, we do manage about 1000 stores and about 10 corporate sites with it (including a data center). We tried a bunch of vendors out in 2007 to 2008 with Lancope coming out on top by far.
Quote from: mmcgurty on June 19, 2015, 07:16:28 AM
I am late to the party but we use Lancope StealthWatch where I work. While not cheap, we do manage about 1000 stores and about 10 corporate sites with it (including a data center). We tried a bunch of vendors out in 2007 to 2008 with Lancope coming out on top by far.
what do you see as the biggest benefits for utilizing lancope? I am curious to know what you primarily use it for.
Quote from: LynK on June 22, 2015, 10:15:21 AM
Quote from: mmcgurty on June 19, 2015, 07:16:28 AM
I am late to the party but we use Lancope StealthWatch where I work. While not cheap, we do manage about 1000 stores and about 10 corporate sites with it (including a data center). We tried a bunch of vendors out in 2007 to 2008 with Lancope coming out on top by far.
what do you see as the biggest benefits for utilizing lancope? I am curious to know what you primarily use it for.
We have a lot of finger pointing at the network when something doesn't work (but it never turns out to be the network). We will often use the data to show an application did talk at a certain time on a certain port from X to Y between these hours and used X amount of bandwidth. We can also see at a moments notice if someone pushed a job that is consuming all the WAN link and what the job is (usually system patching or AV updates). We use it during projects to make sure our vendor rate limits their application and adheres to time of day for syncing devices on off-hours across the broadband connections.
Our security team uses it in conjunction with a plug-in also purchased from Lancope but I don't remember the name. They absolutely love seeing infected systems trying to get out to the Internet. They also get alerts when someone starts doing a long transfer of data out of the ordinary (DLP).
I bet we use some portion of Lancope StealthWatch daily on our team. I think next year we are migrating from the current hardware (rebranded Dell servers) from physical to virtual infrastructure to save space in our Data Center.
@mmcgurt
@deanwebb
Please help me to understand why they have amazing UI on their boxes, but when you go into the SMC it turns into this 90's archaic data running on java :doh: :wall:
Am I missing something here?
Cisco :wub: archaic versions of java
I think it's a requirement to use dangerously outdated versions of java if you want Cisco to market your product along with their line of gear.
And if you can make the user interface and the admin interfaces require different outdated versions of java even better.
-Otanx
Quote from: Otanx on July 08, 2015, 10:46:58 PM
And if you can make the user interface and the admin interfaces require different outdated versions of java even better.
-Otanx
LMAO... please don't remind me.
Quote from: LynK on July 08, 2015, 11:37:09 AM
@mmcgurt
@deanwebb
Please help me to understand why they have amazing UI on their boxes, but when you go into the SMC it turns into this 90's archaic data running on java :doh: :wall:
Am I missing something here?
They have that really nice Dashboard now before you launch the SMC (Java based). I haven't asked if they plan on using HTML5 or not to get rid of this. I would be very happy to not have to worry about what Java version I am using for all of these appliances.
@mmcgurty
I have a demo with them, and this is what our account rep told us:
"we are migrating to fully a Web based UI at the beginning of 2016 so your Java pains will be alleviated there"
I still have a lot of questions, and I will post up the results of them after the demo, product walk-through