The Cisco ASA is a great tool for Cyber Threat Defense. In part one of this blog I described the 3 components of Cisco’s threat defense solution. In this half I will be showing you some more benefits of the solution, and how it can be used in correlation with other technologies to give you end to end visibility in your network.

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

The Cisco ASA Cyber Threat Defense solution is made up of 3 components.  The first is a basic network threat detection tool and is enabled by default on all ASA’s with 8.0(2) or later firmware. Basic threat detection monitors the rate at which packets are dropped by the ASA device. Because it is just monitoring for dropped packets across the whole appliance, the information is typically not enough to provide information about the source or nature of a malicious threat but could be a sign that some sort of nefarious activity is occurring and can be very useful for internet threat defense when exported to a logging tool using NSEL or syslogs. Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Although the Cisco ASA NetFlow exports have had some problems in the past, Cisco was the first vendor to export flows from a firewall so a few issues out of the gate are almost expected.  Despite a few enigmas, it was still great to have and certainly better than nothing. In order to optimize the network for speed and reliability, IT professionals are always looking for more visibility into traffic. Therefore more information exported via NetFlow is always better. Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Finally, Cisco ASA NSEL details from a best at NetFlow reporting solution. NSEL allows for reporting on the non-traditional elements such as username, NAT, ACLs, etc. If you have not worked with technology before you may be pondering where all of this information comes from, and what it means. Today I will help clarify this for you by comparing Cisco’s event ID’s to syslogs. Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Businesses with IT Teams managing tens of thousands of IP addresses often find it more difficult to track down IP addresses and for this reason, they would rather work with a username. Identity Aware NetFlow ties the two together. In this post, lets take an example of tracking down the root cause of a network security issue or detected threat.
Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Most companies agree that business Internet security systems are a paramount concern.  Relying on traditional security efforts such as firewalls and antivirus software are not going to perform a very important emerging security detection technique called network behavior analysis.  To leverage this internal security measure, network administrators need to collect and analyze NetFlow or IPFIX from existing routers and switches.  And here’s some good news: firmware upgrades are usually not needed to take advantage of flow technology.

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Join the Cisco ASA NSEL Webcast and learn about our new NetFlow NSEL (Network Secure Event Logging) reporting capabilities. This webcast will provide details on NSEL reporting as well as information on lowering the risk of C&C bots, Advanced Persistent Threats and other internet hosts with a poor IP host reputation. See several of over a dozen new ASA NSEL Reports:

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Recently we created a bunch of new NetFlow reports for the exports and a solution for NAT Session Logging was one of the goals. This is not the first time we have created reports for this. We have also created NetFlow NAT Reports for:

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

We have beefed up our Cisco ASA NSEL Reporting using of course NetFlow. NSEL = NetFlow Secure Event logging and ASA = Adaptive Security Appliances. What is interesting about Cisco ASA NSEL NetFlow is that according to the documentation we have, the NetFlow exports kick out several different templates.  The most popular of which seem to be these:

• Extended: if the flow is torn down before the configured delay, the flow-create event is not sent; an extended flow teardown event is sent instead.
• Denied: flow was explicitly denied from being created in the first place. A Denied no XLATE event shows that the event was denied and no translation of the source and destination IP addresses and ports is done. This is typical when using NAT addresses.
• Flow Created: event is exported as soon as the flow is created

• Teardown: events indicate that an existing flow in the flow database of the appliance has ended. It could be due to “natural” causes (TCP: fin/fin-ack/ack, UDP: firewall times it out), or it could be a flow that has a problem detected midstream and the firewall shuts it off. The Teardown event will give you the total byte count (both inbound and outbound) for the entire flow in the octetTotalCounts field.

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Occasionally we hear talk of bidirectional flows, deduplication, flow stitching and sometimes questions about RFC 5103 spring up. Today I’ll outline what these technologies are as well as the good and bad aspects of both.  Our NetFlow analyzer supports all of them.

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!