Bringing Networks into Focus

The year I graduated college, back in 1983, a young technologist who’d grown up, like me, in New Jersey, launched a networking equipment company that would soon emerge as the largest IPO of its time. That technologist, Craig Benson, would be named Entrepreneur of the Year in 1991 by Inc. Magazine, and his company – Cabletron Systems – would eventually hit almost two billion dollars in sales annually. (Benson would later serve as Governor of New Hampshire.)

I mention all this about Cabletron, because two of its employees, Michael Patterson and Marc Bilodeau, began to notice a technical issue in the training they were providing for customers in the 90’s. The problem was that while Simple Network Management Protocol (SNMP) was a nice tool for monitoring the health of a network, it provided little or no traffic-level context. This made forensics and root cause analysis of network failures and outages almost impossible.

As Cabletron began to see business challenges of its own in the waning years of the decade (Benson resigned the company in 1999), Patterson and Bilodeau decided to take full advantage of their technical insight, and they created a tool they called Scrutinizer. I’ll jump ahead for a moment, and mention that this tool formed the basis for the tech firm Plixer they founded, which today boasts 3000 customers, and a vibrant team of engineers headquartered in Maine.

I spent some time this week with Jeff Lindholm, CEO of Plixer, and Bob Noel, who runs Plixer’s marketing. The guys were kind enough to outline their suite of offerings and to explain their solution strategy. Now, Bob might be mad at me for saying this, but I did not particularly like their PowerPoints. My reason, however, was that the charts simply did not do justice to what is clearly a gem of a company with amazing network visibility technology. Here is what I learned:

“Security operations today has the challenge of too many individual products creating too much data with too many false positives,” Bob explained – and I am 100% in agreement with his assessment. “Network operations also has its challenges, with workflow isolation and disparate tools. Our goal at Plixer is to create a high performance, unified intelligence and response platform that focuses on integrating and streamlining both security and network operations.”

The key to the Plixer approach lies in network visibility. Focusing its range of collection from Layer 2 data such as MAC addresses to Layer 7 information such as URLs, their suite of offerings is designed to provide exactly the context and support for analysis that the company’s founders had noticed as critical over two decades earlier. “We generate telemetry from many locations at scale, spanning geographies, and delivering high quality reports on demand,” Bob explained.

The three solution offerings from Plixer include its popular Scrutinizer platform (mentioned above), which ingests, enriches, and reports on data from a massive variety of networked sources. This includes WiFi controllers, SIEM platforms, and even SD-WAN platforms (such as Cisco’s IWAN). Additional Plixer solutions include a UDP-based flow replicator and a Layer 7 traffic analysis appliance.

“We’ve built our platform, and have organized our engine architecture, on three fundamental concepts required to support proper visibility and analysis,” Bob explained. “We start with basic sensing functionality for ingesting network data. This extends to contextualizingfunctions that support advanced analysis. And finally, we include support for automation, which is essential in the context of modern network and security operations.”

As I learned about Plixer and followed up with my own research, I began to realize that NetOps and SecOps are the same thing. Merging these concerns into a unified platform thus seems a key insight into dealing with modern threats. Consider that most enterprise networks are now just a mesh of public and private infrastructure connecting your devices to your apps. If you want to deal with cyber threats, then you’re going to have to deal with the network. Period.

I should mention that the Plixer team is also working on the use of advanced heuristics that employ machine learning and artificial intelligence algorithms to assist with identification of suspicious patterns. The Plixer solution can also inform other platforms through an API of visibility information to automate active network decisions. This might allow, for example, the Plixer solution to assist with SD-WAN provisioning to avoid DDOS conditions.

A major marketing challenge that Plixer and any other analytic platform must contend with is that considerable competition is emerging in this area – primarily from vendors in adjacent areas adding visibility and contextualization to their own products. The SIEM vendors, for instance, see high performance network ingest as a natural complement to their platforms. So, Plixer will have to work hard to differentiate their value during source selection.

But the history and DNA of this New England company, with its deep focus on networking technology, will serve it well as buyers seek providers with a strong understanding of how networks really operate. If you are in the market to improve your own NetOps or SecOps approach and have not already talked to Plixer, then I suggest you give them a call. If your experience is anything like my own, then you will find your time well spent.

And please let us know, as always, what you learn.