We spent some time awhile back building some host baseline logic for a future Flow Analytics release. If you’re not familiar with the term “host baseline”, it is a history of an IP node’s historical traffic behavior. Items that go into this communication baseline are behaviors observed in a specified time frame.

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

After reflecting on the last month here in tech support, I’ve noticed that some of our customers are not utilizing the NetFlow threats overview gadget in our product. Conveniently located under the MyView tab, this table comes ready to alarm on 37 different thresholds right outta’ the box. To me this is exciting stuff, but you’ve probably noticed at first glance it can seem like an overwhelming list. I will assure you that once properly configured it can be one of the best tools in your arsenal.

Overview of Threats

The MyView tab is NetFlow dashboard and is an integral part of Scrutinizer that I get positive feedback about every single day.  In this series of blogs we will cover all aspects of the threat overview, including settings, customization, detailed explanations of each threat and even how they can be avoided in the future.

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Capturing WoW traffic with NetFlow

This is a question I get asked a lot. How can I tell if my employees are gaming during company hours?  I’m going to explain how you can use NetFlow to determine if there is World of Warcraft traffic on your network. With over 12 million subscribers I figured network administrators would find this information useful.

Read more »

After reviewing the SANS Top-20 2007 Security Risks, I started asking myself and the rest of our security team how the behavior analysis features of Flow Analytics accurately detects such Internet threats. This is especially important as these concerns are constantly changing making it difficult to stay on top of topics such as the latest on Conficker.

Back to security basics
We decided to go back and answer the question “What is computer security?”. We pretty much agreed that it is the unauthorized use – even if only attempted – of any computer. We then asked “How do we assist companies in this area?”. We all agreed that our solution detects problems that have already gotten past traditional security practices such as antivirus software on desktops, firewalls and intrusion detection systems.

Who is watching for strange behaviors?
I think everyone would agree that infected machines will make it onto the network. Our goal is to detect, flag and even stop host behaviors that could cause problems locally or for other hosts on the network.

Related read: Downadup/Conficker Worm caught by using Flow Analytics, NetFlow Analyzer

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!