Blog

Why network metadata analysis is the best initial action to inform security teams

This is part 2 in a 4-part series of articles by Plixer’s CEO, Jeff Lindholm. Be sure to check out part 1, How to use NDR as a radar system for your network.

In my last blog, I wrote about how the metadata collected by the multitude of behavior sensors already deployed across your network can provide the best early warning system you can find. Much like a radar system for on-water navigation, your network metadata is the fastest way to gain a sense of the potential dangers around you. But can it really provide the context you need to understand your network traffic comprehensively?

NDR

How to use NDR as a radar system for your network

11.17.21 - Jeff Lindholm

This is the first in a 4-part series of articles by Plixer’s CEO, Jeff Lindholm.

In the warmer months here in New England, you can often find me on my small boat cruising around Boston harbor and the outer islands. As a safety-focused boater, I rely on my radar system to detect the many objects around me—everything from other watercraft, buoys, landmasses, even uncharted hazards (the nautical version of zero-day threats). My radar is my best early detection system, alerting me to all possible threats.

Security Operations

Using flow-based NDR to fight ransomware

11.10.21 - Justin

Ransomware is everywhere and cybercriminals are increasingly more antagonistic, demanding ever increasing ransom payments. Palo Alto Networks’ Unit 42 says that payments are up 82% in the first half of 2021, with an average payment amount at a record $570,000. But with ransoms increasing and cybercriminals ever hungry for users’ data, what can you do to stop these attacks?

Network Operations

The changing needs of network performance monitoring

11.03.21 - George Matthews

Recently, I was asked by one of our long-time customers whether Plixer had abandoned its traditional Network Performance Monitoring & Diagnostics (NPMD) and Network Traffic Analytics (NTA) focus. They felt that since the acquisition of Plixer by Battery Private Equity several years ago, our product direction had pivoted towards the security-focused Network Detection and Response (NDR) market.

Security Operations

Enterprises face tough, new reality of cybercrime: It’s not if, but when

10.27.21 - Theresa Abbamondi

By 2025, it’s estimated that cybercrime will cost the world $10.5 trillion annually—a figure that includes damage and destruction of data; theft of intellectual property, personal and financial data; disruption to business; restoration and deletion of hacked data and systems; and reputational harm.

Security Operations

Network security: How effective is your security posture?

10.13.21 - Scott

Network security is described as the implementation of technologies, processes, and protocols designed to safeguard an organization’s communications and information.

NDR

The 7 best Network Detection and Response use cases

10.06.21 - Adam Boeckmann

Hallmarked by the application of machine learning to network metadata, Network Detection and Response leverages advanced intelligence and integrations with response-capable solutions such as NAC and SIEM to provide incredible visibility into an organization’s network traffic. This is a stark contrast to the traditional approach of leveraging thresholds and pre-defined traffic patterns to automate network alerts. While this approach works just fine for detecting certain threats—think DDoS or SYN scans as an example—there is just so much more we can do confidently with machine learning. Let’s explore some of the more popular Network Detection and Response use cases.

Security Operations

Detect abnormal lateral network traffic using machine learning and NetFlow

09.03.21 - Scott

In a previous blog I introduced you to the malware detection capabilities of Plixer’s intelligence product. I would like to circle back to some information shared in that blog to talk about its ability to detect behaviors like lateral movement across the LAN segments of the network related to data accumulation.

Before I get started, I want to talk about strategies used for network visibility and why flow technologies should be at the top of the list.

Network Operations

Client and server reports in Plixer Scrutinizer

08.25.21 - Dylan Mclaughlin

In our new release of Scrutinizer version 19.1.0, we have included a handful of new reports that help to provide more information on the NetFlow collected from your network. These are the Client – Server reports, which can show directionality of requests and responses to give insight into who is asking for what and what kind of responses they get.

Network Operations

Searching NetFlow for a private host behind a NAT router

08.18.21 - Ryan Slosser

Inbound traffic that is captured and exported as NetFlow by your NAT router only shows that the destination of the inbound internet traffic is your external IP address. But what if you want to know what private host initiated that traffic? Today, I’d like to go over how Plixer Scrutinizer can report on this traffic and expose the internal address of this traffic.