Blog

STIX/TAXII for threat intelligence

What is STIX/TAXII?

STIX stands for Structured Threat Information Expression, which is an open-source language and serialization format used in sharing threat intelligence. Think of it as the vehicle for containing the threat information. Threat intelligence is communicated as objects and is detailed or as brief as the creator would like. TAXII stands for Trusted Automated Exchange of Indicator Information and is an application protocol that uses HTTPS/HTTP to enable communication. Think of this as the highway for STIX to travel on.

Network Operations

First look: Plixer’s machine learning engine explained

09.09.20 - Stephen Tutterow

The purpose of this blog is to de-mystify the hype around machine learning (ML) by exploring three topics:

What kind of ML is Plixer using and why?
What insights or predictions can be drawn out of NetFlow, IPFIX, and metadata?
Once applied, how do the results reduce the strain on network and security operations teams?

Network Operations

Returning to normal: monitoring the reintroduction of the workforce

09.02.20 - James Dougherty

When this pandemic started and nearly the entire workforce went remote, our focus was to maintain the quality of service outside of what was then normal operations. Although it seems like we still have a long road to travel, we are starting to see signs of progress. Globally, many companies are opening up their offices and giving their employees the choice of working in the office or from home. For network administrators, this adds another layer of headache.

Security Operations

Enhance NetOps/SecOps collaboration with Plixer’s new collections feature

08.26.20 - James Dougherty

I can’t tell you how many calls I’ve been on where the NetOps and SecOps teams really don’t know what the other is doing. Sadly, in today’s remote-work-centric world, the relationship between the two teams has become vital in making sure the end users not only have the resources they need, but at the same time, making sure everything is safe and up to compliance requirements.

Security Operations

How to detect bogon connections

08.12.20 - Elgin Robinson

Many ISPs filter bogon connections because bogon IP addresses have no legitimate use. If you find a bogon or bogus IP address in your firewall logs, it is likely due to a misconfiguration or someone intentionally creating a bogon connection for malicious purposes. This blog provides guidance on how to detect bogon connections with Plixer Scrutinizer and potentially discover other vulnerabilities that would compromise an enterprise network environment.

General

We’ve released our biggest update ever, plus two new products

08.06.20 - Alienor

One year ago, we announced our new vision. That is, we believe that SecOps and NetOps provide value for each other, and that value should be accessible from a single place. In pursuit of that vision, today we are releasing our biggest update ever for Plixer Scrutinizer, as well as two brand-new products.

Security Operations

Detecting IP spoofing with Plixer Scrutinizer and Beacon

08.05.20 - Jake

A common tactic for bad actors to get a foothold into the network is to leverage IP spoofing to either:

Gain access to a network using a valid IP address
To man-in-the-middle a known service, allowing them to eavesdrop/intercept traffic

Regardless of the intention, IP spoofing can be a hard problem to track down if you don’t have proper monitoring in place. Today I will go over how this tactic can easily be detected and alarmed on using Scrutinizer and Beacon. This solution provides full endpoint device profiling as well as network traffic monitoring.

SD-WAN visibility

Advanced Silver Peak monitoring with IPFIX

07.29.20 - Brian Davenport

Competition generally ends up being good for the consumer. It keeps prices down and forces innovation as vendors compete for market share. A great example of this has been the explosion of vendors and features in the SD-WAN market—and from my perspective, one of the best things to come out of this has been the visibility offered from the enhanced metadata exports of the key players.

Network Operations

Home network quarantine project: Ubiquiti NetFlow

07.24.20 - Stephen Tutterow

A few years back, Jake Bergeron, one of Plixer’s Sr. Solutions Engineers, wrote a blog about Ubiquiti NetFlow support and how to enable it. This was one of the first things I read as I started to beef up my home lab, because consumer-grade Ubiquiti gear is going to be 3 things:

Network Operations

How to avoid NetFlow sampling

07.22.20 - Scott

As resource demands and bandwidth speeds in many of today’s network infrastructures continue to increase, many network administrators believe that NetFlow sampling is the only way to deal with the high flow volume sent across the network. In fact, setting a NetFlow sample rate of 1 in 100 can cut flow volumes as much as 50%.