The Cisco ASA Cyber Threat Defense solution is made up of 3 components.  The first is a basic network threat detection tool and is enabled by default on all ASA’s with 8.0(2) or later firmware. Basic threat detection monitors the rate at which packets are dropped by the ASA device. Because it is just monitoring for dropped packets across the whole appliance, the information is typically not enough to provide information about the source or nature of a malicious threat but could be a sign that some sort of nefarious activity is occurring and can be very useful for internet threat defense when exported to a logging tool using NSEL or syslogs. Read more »

Jimmy Wendler

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

This is part #1 of a two part series on detecting P2P botnets with NetFlow. For years botnets such as Zeus and Spyeye made use of a centralized command and control (“C2″) server. This approach to botnet management was easily detectable using reputation services and other black-listing technology. While many botnets still use a traditional C2, a new breed of botnet has emerged that removes the need for a C2. These botnets make use of peer-to-peer technology to download configuration data and commands as obtaining the C2 IP to upload stolen information to the attacker. In part #1 of this blog series we’ll explore how P2P botnets work then cover detection and mitigation of P2P botnets in part #2.

Read more »

Adam Powers
@adampowers22

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Cisco music sensation Mix Master Mitch has released his latest video titled: Cisco Medianet: Application Performance Monitoring with NetFlow .  This newest video includes a larger cast and BIG stars including Mix Master Mitch (Mitch Wilson), Kristin Korda, Tyler Beck, Evan Van Orsdel, Rick Hustus and Paul Lablond.  It even has a cameo appearance from the Plixer President and CEO – Michael Patterson.

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Today’s threat detection and intrusion prevention systems deployed at companies concerned with cybercrime utilize a layered approach to network protection.  Anti-virus programs are deployed on every end system and server.  Most of us have access lists on routers and switches and those who need to provide remote access to employees leverage encrypted VPN technologies.  Then of course there is the next generation firewall (e.g. Cisco, Dell – SonicWALL and Palo Alto) which performs deep packet inspection to compare bit patterns against regularly updated signatures.

“IPS (or deep packet inspection) is our #1 security defense; NetFlow is a very close #2”
-Gavin Reid, Manager of Cisco CSIRT

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

At least two or three times each week we’re asked how NetFlow relates to PCI compliance. Our answer is crisp and simple. No fancy requirement references or complicated legal speak, just practical advice that’s actually useful for those concerned with the PCI audit process. There are three key areas NetFlow and IPFIX analysis can aid the enterprise as it relates to PCI:

Read more »

Earlier this year Barracuda Networks enabled IPFIX support on their NG Series firewalls. This export provides great visibility into your network traffic as well as network Threat Detection.

Let’s take a moment to go over the configuration to get these exports going:

Read more »

Scott Robertson
Sr. Solutions Engineer

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Since 2005, Plixer and Cisco have been touting NetFlow (not Net Flow) as an IT Security and threat detection solution. Cisco calls NetFlow the “primary network anomaly-detection technology” (pp4) and that “NetFlow allows the user to identify anomalies by producing detailed accounting of traffic flows”.  We are not the only ones with this belief. Even Symantec calls NetFlow a “valuable enhancement” to IDS (intrusion detection) and IPS (intrusion prevention). Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

I came across this article in infosecisland.com on Securing PCs posted by Michelle Drolet who is the founder and CEO of Towerwall. In the post, she noted several interesting vulnerability facts that most businesses need to be aware of. Right off the top, I found these to be shocking:

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!