Cyber Incident Response Plan (Part 3)

Posted in incident response on July 24th, 2015 by Jimmyd

Every day we see more and more stories about security breaches across the globe. With there being so many new cyber security threats coming out the need for traffic analysis Cyber Incident Response plan need in the newsand a strong Cyber Incident Response plan has never been so high. In part one and part two of this series, we demonstrated that by combining NetFlow/IPFIX technology with Scrutinizer you are getting 100% network visibility. Here in part three of this series, we are going to talk about the importance of adding Scrutinizers Flow Analytic’s Intelligence into your cyber incident response plan to detect network traffic anomalies. Read more »


Jimmy D the Netflow Detective

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Join the NetFlow Developments group on LinkedIn.

Tags: , ,

Ziften ZFlow Reporting Support

Posted in General on July 9th, 2015 by miles
Ziften ZFlow Reporting Support

After analyzing their export, Ziften ZFlow reporting support or Ziften IPFIX support is now supported by our flow collection system. Per their announcement recently at the RSA conference, Ziften joins the ranks of dozens of other vendors who are supporting IPFIX with extensions.

Read more »

Tags: ,

Fortiswitch IPFIX Configuration

Posted in IPFIX configuration, NetFlow, Network Traffic Monitor on July 8th, 2015 by ryans
Fortiswitch IPFIX Configuration

Today I want to talk a little about the Fortiswitch IPFIX configuration on the Fortiswitch-500. As of version 4.0 MR1 the Fortiswitch-500 can export IPFIX to your NetFlow Collector. IPFIX is the standard for flow information exports, hense the name IPFIX (Internet Protocol Flow Information eXport).

Read more »

Ryan Slosser

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Tags: , ,

Arista sFlow Configuration

Posted in sFlow on July 2nd, 2015 by Austin
Arista sFlow Configuration

Lately I’ve spoken to a few people in the field that are using Arista switches to get visibility into their networks using sFlow and thought I would write about Arista sFlow configuration.  Arista switches offer a single sFlow agent that samples ingress traffic from all Ethernet as well as port channel interfaces. At Plixer we see more and more companies who are looking to utilize flow collection to identify bandwidth issues and network security risks. Read more »

Austin
Tags: , ,

NetFlow Directionality Support : Part 2

Posted in detect network threats, detecting malware on July 2nd, 2015 by mike@plixer.com
NetFlow Directionality Support : Part 2

This is a continuation of Flow Directionality Support : Part 1 which should be read first.

My guess is that a flow collector vendor claiming to determine flow or NetFlow direction makes an educated guess from NetFlow v5 traffic on who initiated the connection using flow start times (using a single exporter so timestamps are relative), packet counts, and port numbers. The trouble is, finding the true relationship between two hosts is very difficult when you connect through an intermediate node or nodes where traffic is encrypted. Read more »

Michael Patterson
Founder and CEO

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Tags: ,