When shopping for tools to help with network forensics, you will find many vendors claiming why they are the best, but not necessarily how they fit into your existing security ecosystem. Here, I’ll cover how our customers use our IPFIX and metadata solutions … [Read more...] about Best Practices in Network Forensics
Since working on the initial integration of getting Netflow to Grafana, I have been lucky enough to work with customers to test things out. During this process, there were a couple of features customers asked for:The ability to specify which exporter to … [Read more...] about How to Integrate Grafana with NetFlow (Part 2)
Earlier today, the newest Distributed Denial of Service attack vectors, such as memcached and CLDAP, came up during a customer’s training session. It sparked quite a few interesting discussions, and I was asked if we could monitor CLDAP traffic with NetFlow. … [Read more...] about How to Monitor CLDAP Traffic with NetFlow
Microsegmention refers to the use of software to secure traffic between virtual machines (VMs) within virtualized data centers. Virtualization has increased organizations’ agility and efficiency while reducing cost. The ease and speed at which new applications … [Read more...] about Three Microsegmentation Challenges Facing NetOps and SecOps
One device that I am beginning to see a lot more of at my customer sites is the Cisco Catalyst 9300. I figured that I would take this opportunity to walk through the Cisco Catalyst 9300 NetFlow configuration, and provide a sample reference document for … [Read more...] about Cisco Catalyst 9300 NetFlow Configuration
In the wake of recent vulnerabilities with memcached, Distributed Reflection Denial of Service (DRDoS) is currently in the focus of public attention. Using this technique has generated some of the largest attacks seen to date. This blog will cover how you can … [Read more...] about What is Distributed Reflection Denial of Service?
To detect a phishing scam, we typically examine hyperlinks for odd domains or subtle character changes (like a “1” in place of an “I”). But suppose a bad link looked completely normal, or perfectly mimicked one you often visit? The traditional detection … [Read more...] about Unicode Domain Phishing Attacks: Can You Spot the Difference?
According to a recent New York Times' article, there have been cyberattacks on critical infrastructure Saudia Arabia recently. While these attacks were not elaborated on in full detail (at least not in the article), it is important to understand the importance … [Read more...] about Protecting Critical Infrastructure from Cyberattacks with Network Traffic Analytics
In my spare time, limited as it might be, I have been taking a deep dive class on anonymous browsing. Specifically, it goes into great detail on ways to hide under the radar and on many of the legal aspects of both sides. So far the class has been right up my … [Read more...] about Data Retention: Leveraging NetFlow/IPFIX to Meet Your Compliance Needs
While working with users, I’ve noticed scenarios where filtering traffic based on a CIDR or an IP range just isn’t enough control. I wanted to explore another option—wildcard netmask filters! Let’s walk through how they work, and how they can be applied. … [Read more...] about Wildcard Mask Filters Within Scrutinizer