In many cases, previously unidentified malware and back doors were identified through the use of these indicators in both network traffic and host-based information. The combination of both host- and network-based indicators continues to be the most reliable way to identify APT-related malware on a network.

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Plixer is pleased to announce a new weapon in the war against Internet threats: the all new Internet Threat Center (ITC). Based on hundreds of observation points deployed across the Internet, the ITC provides a near-realtime view of malicious actors across the globe. Plixer customers gain access to the ITC via regular updates to Internet host reputation data downloaded from the ITC to their Scrutinizer installations. NetFlow data collected from routers and switches within their network is compared to ITC data to alert when ITC suspects are active within the customer’s network environment.

This blog provides an overview of the Internet Threat Center and a brief tour of its features…

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Today’s threat detection and intrusion prevention systems deployed at companies concerned with cybercrime utilize a layered approach to network protection.  Anti-virus programs are deployed on every end system and server.  Most of us have access lists on routers and switches and those who need to provide remote access to employees leverage encrypted VPN technologies.  Then of course there is the next generation firewall (e.g. Cisco, Dell – SonicWALL and Palo Alto) which performs deep packet inspection to compare bit patterns against regularly updated signatures.

“IPS (or deep packet inspection) is our #1 security defense; NetFlow is a very close #2”
-Gavin Reid, Manager of Cisco CSIRT

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Since 2005, Plixer and Cisco have been touting NetFlow (not Net Flow) as an IT Security and threat detection solution. Cisco calls NetFlow the “primary network anomaly-detection technology” (pp4) and that “NetFlow allows the user to identify anomalies by producing detailed accounting of traffic flows”.  We are not the only ones with this belief. Even Symantec calls NetFlow a “valuable enhancement” to IDS (intrusion detection) and IPS (intrusion prevention). Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Possibly the most difficult network malware to detect today is the Advanced Persistent Threat or APT. I’ve also heard them referred to as advanced targeted attacks. Before I digress on how to detect this insidious enigma, I would like to provide some history and clear up some misconceptions about this type of attack.

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

IT Security : NetFlow, the proposed standard for network traffic analysis (when SNMP & Port Utilization just won’t cut it), has made leaps and bounds in Internet Security during the past few years. In part one of a two part series, I’d like to demonstrate Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Join the Cisco ASA NSEL Webcast and learn about our new NetFlow NSEL (Network Secure Event Logging) reporting capabilities. This webcast will provide details on NSEL reporting as well as information on lowering the risk of C&C bots, Advanced Persistent Threats and other internet hosts with a poor IP host reputation. See several of over a dozen new ASA NSEL Reports:

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

If your company is contemplating the use of traditional or next generation flow exports, the insight you can gain depending on your hardware has never been greater with our Network Traffic Monitoring Software. Without a doubt, flow elements have been added to the technology in nearly all areas of performance and security which aid in end to end visibility. Next Generation NetFlow collection and analysis requires:

List of Next Gen NetFlow / IPFIX Reporting Features:

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!