Intrusion Detection: Event Correlation

Posted in advanced persistent threats, Event Correlation, network threat detection, Security on March 8th, 2013 by James
Intrusion Detection: Event Correlation

Network Intrusion Detection, Cyber Threats, Advanced Persistent Threats (APTs), Polymorphic Malware, Event Correlation – today all of these terms are foremost on many IT Security Professionals minds. What cyber security layer can we add to our existing protection efforts that will bring us greater peace of mind? Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Tags: , , , , ,

1 Comment »

A Firewall Monitoring Tool You Didn’t Know Existed: NetFlow and IPFIX

Posted in Firewall NetFlow, Log Management, NAT Reporting, NetFlow, NetFlow NAT Reports, NetFlow Reporting, NetFlow Security, Third Party Integration on September 7th, 2012 by Adam Powers
A Firewall Monitoring Tool You Didn't Know Existed: NetFlow and IPFIX

IT professionals have been looking for better ways to monitor and store firewall logs for years. Properly handled, firewall events can give insight into APTs, DoS attacks, firewall rule planning and misconfigurations, policy violations, and much more. To date, Syslog has been the go-to mechanism for access to firewall log info. It’s universally supported by the firewall community, easy to understand, and it’s quick to implement on both the firewall as well as the syslog analyzer.

Unfortunately syslog is resource intensive on both the firewall and the log analyzer. It’s largely unstructured, requires string pattern matching, and the exact format and fields vary from one firewall to the next. How often do you turn on full “Accept” and “Deny” logging for every rule? Sure you can and yes it’s valuable but the amount of syslog created is tremendous.

Enter NetFlow and IPFIX

Read more »

Tags: , , , ,

1 Comment »

SIEM NetFlow Support: Don’t Sell Yourself Short

Posted in Log Management, NetFlow, NetFlow Analysis, Security on August 17th, 2012 by Adam Powers
SIEM NetFlow Support: Don't Sell Yourself Short

This is a conversation I find myself having more and more lately so I thought it would make sense to discuss in detail just exactly how security information management systems (SIEMs) and NetFlow are related and why SIEMs are a poor choice for NetFlow collection.

Read more »

Tags: , , ,

3 Comments »

Are Your SNMP performance reports accurate?

Posted in Denika, Log Management, NetFlow Analyzer, Network Problem Resolution, Network Traffic Monitor, Scrutinizer on August 3rd, 2009 by Steve
Are Your SNMP performance reports accurate?

OK, let’s say you’ve decided to live a healthier life. You’re exercising regularly, stopped getting drunk every night, and you’re eating healthy. You’ve been eating more salads, almost cut out red meat, and even eating annoyingly healthy desserts, if any. Read more »

Steve

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Tags: , , , , , ,

2 Comments »

Too many syslogs? Log management software can help!

Posted in Log Management, Logalot, Network Problem Resolution on June 16th, 2009 by Jo-G
Too many syslogs? Log management software can help!

Are you getting a lot of syslogs and want to filter what you are being alerted on?

Logalot, a Centralized Log Management application, has policy management features that allow you to filter on the incoming logs and alert based on the type, the number, or content of the logs.

For this blog post, I will be focusing on the triggers for sending alerts based on the number of incoming logs.

Read more »

Tags: , ,

Leave A Comment »