Plixer Pens NetFlow Guide for Advanced Persistent Threats
Sanford, Maine Jun 26, 2012 - Plixer International Inc., a leading provider of NetFlow--based network traffic reporting and threat detection, today announced the publication of its new whitepaper titled, "Fighting Advanced Persistent Threats (APTs)", available for immediate download. The whitepaper offers guidelines and practical advice on how to use NetFlow for helping protect networks from continued cyber threats that off-the-shelf firewalls and antivirus software often fails to detect.
APTs have been lurking on the Internet for years and targeting companies undiscovered by most traditional behavior anomaly detection systems. Michael Patterson, CEO of Plixer International and Scrutinizer Product Manager, elaborates more, "After speaking with many of our customers, we learned they were detecting and mitigating security threats with Scrutinizer. Some even feared the worst: APTs. In response to learning this information, Plixer has produced the Fighting Advanced Persistent Threats (APTs) whitepaper to help better inform companies about this persistent threat. Since 2008, Scrutinizer's automated network threat detection, mitigation and forensic reporting abilities have been providing customers with another layer of security."
The Plixer whitepaper reads as a guide to help avert APTs by detailing how forensic NetFlow and IPFIX analysis tools are ideal security layers which help detect and investigate APTs. In addition, the paper provides valuable information on how advanced NetFlow and IPFIX analysis solutions trigger alarms by monitoring for suspicious behavioral patterns and constantly comparing flows to an external host reputation database. Identifying suspicious traffic patterns within the list of alarms involves automated correlation of different types of contextual information then, deciphering the intent and danger associated within the hidden messages. By sending NetFlow from the Internet facing routers to a NetFlow collector that can compare all flows, to the host reputation database, internal machines talking with known or compromised Internet hosts can be identified and blocked. Additional whitepaper insights include:
- A definition of Advanced Persistent Threat (APT)
- The APT process its working and proliferation
- How to detect an advanced persistent attack
- How to shut down and mitigate APTs
- How to best protect the company from APTs in the future
Writing for Cisco's Security Blog, Mike Schiffman underscores NetFlow's security value by stating, "We've learned that NetFlow can tell us who is talking to who across our network." And then asks, "But how can we tell if either who is a bad actor?" Schiffman recommends, "check the reputation of the IP addresses at both ends of the conversation."
Scrutinizer is a one hundred percent web-based tool that provides detailed network utilization reports showing the applications and users generating network traffic. Leveraging the software's domain utilization report, even sites with secured connections that use encrypted traffic can't hide from the insight provided by NetFlow and IPFIX collection and reporting. Scrutinizer is designed to peer deep into bandwidth traffic and enable the network administrator to easily see who is consuming bandwidth, what they are using it for and empowering administrators to immediately restore precious bandwidth for work-related needs.
As Internet threats like APTs become more elusive and damaging, companies need to make careful decisions regarding soft security solutions, said Marc Bilodeau, Vice President, Plixer International, Inc. "Our Scrutinizer Network Threat Detection system is capable of amassing a network traffic view that typical malware tools were not built to provide. We provide a holistic view of the entire enterprise regardless of equipment vendor to quickly pinpoint the root cause of harmful behavior."
Download the Fighting Advanced Persistent Threats Whitepaper.
# # #
About Plixer International, Inc.
Plixer International, Inc. develops and markets network traffic monitoring and analysis tools to the global market. All of the tools are built from the ground up with valuable feature sets and ease of use in mind. Plixer tools have been used to analyze and troubleshoot irregular traffic patterns by IT professionals with some of the largest networks in the world, such as CNN, The Coca-Cola Company, Lockheed Martin, IBM, Regal Cinemas, Raytheon, and Eddie Bauer.
For product and sales information, contact Plixer International, Inc. at 1 Eagle Drive, Sanford, Maine, via telephone (207) 324-8805, fax (207) 324-8683; or visit the Plixer website.