Featured Posts

An alert touches multiple segments of the network, representing the challenge to reduce false positives
Deep Network Observability

How to Reduce False Positives with Shared Context

False positives are rarely caused by too many alerts, but by missing context. Let’s say a spike in outbound traffic shows up in the firewall logs. Around the same time, ...

Read More
Magnifying glass on top of a diagram that looks like both a fingerprint and a network, representing end-to-end network troubleshooting
Network Operations

Why Most Performance Investigations Start in the Wrong Place

A padlock silhouetted against a dark background, surrounded by a spray of white particles, representing password spraying detection.
Security Operations

What Password Spraying Looks Like in Raw Network Telemetry

All Posts

jake
Security Operations

Real-Time DDoS Detection & Analysis

DDoS attacks have plagued the network security space for almost 20 years. In that time, we have seen a

Read More
briand
Network Operations

How to Filter Network Traffic

When it comes to filtering network traffic, a scenario that appears simple in nature can be hard to accomplish

Read More
Security Operations

Using NetFlow for Network Security

Today I want to discuss how you can use Netflow and IPFIX for network security and even threat detection.

Read More
Network Operations

Network Forensics and Incident Response Using NetFlow and IPFIX

Network forensics can be an intimidating subject. When IT personnel hear the word “forensics” they often recoil with visions

Read More