Network security is described as the implementation of technologies, processes, and protocols designed to safeguard an organization’s communications and information.
Read moreBlog
The 7 best Network Detection and Response use cases
Posted on - by Adam Boeckmann
Hallmarked by the application of machine learning to network metadata, Network Detection and Response leverages advanced intelligence and integrations with response-capable solutions such as NAC and SIEM to provide incredible visibility into an organization’s network traffic. This is a stark contrast to the traditional approach of leveraging thresholds and pre-defined traffic patterns to automate network alerts. While this approach works just fine for detecting certain threats—think DDoS or SYN scans as an example—there is just so much more we can do confidently with machine learning. Let’s explore some of the more popular Network Detection and Response use cases.
Read moreDetect abnormal lateral network traffic using machine learning and NetFlow
Posted on - by Scott
In a previous blog I introduced you to the malware detection capabilities of Plixer’s intelligence product. I would like to circle back to some information shared in that blog to talk about its ability to detect behaviors like lateral movement across the LAN segments of the network related to data accumulation.
Before I get started, I want to talk about strategies used for network visibility and why flow technologies should be at the top of the list.
Read moreClient and server reports in Plixer Scrutinizer
Posted on - by Dylan Mclaughlin
In our new release of Scrutinizer version 19.1.0, we have included a handful of new reports that help to provide more information on the NetFlow collected from your network. These are the Client – Server reports, which can show directionality of requests and responses to give insight into who is asking for what and what kind of responses they get.
Read moreSearching NetFlow for a private host behind a NAT router
Posted on - by Ryan Slosser
Inbound traffic that is captured and exported as NetFlow by your NAT router only shows that the destination of the inbound internet traffic is your external IP address. But what if you want to know what private host initiated that traffic? Today, I’d like to go over how Plixer Scrutinizer can report on this traffic and expose the internal address of this traffic.
Read moreWhat is network traffic intelligence?
Posted on - by James Dougherty
With the onslaught of malware and cloud applications increasing, network traffic intelligence has become increasingly important. When an infection is unearthed and the incident response team moves in to figure out what exactly has happened, one of the first things they will do is request the logs, including the flow (NetFlow and IPFIX) data. Network and application issues are troubleshot in a similar way.
Read moreConfiguring sFlow on Arista devices
Posted on - by Khalil Ismayilov
Today I want to show you how to configure sFlow on your Arista device and demonstrate its featured output through Plixer Scrutinizer. Our goal is to define multicast flow on our switch.
Read moreMalicious links and how to find them
Posted on - by Joanna Buckley
It can happen to anyone, even the most seasoned of network security personnel. You can be searching for something on Google, see a seemingly innocent link that looks like exactly what you’re looking for, and click it. Next thing you know, your computer screen is flashing with a message that says your computer is infected and you need to call the following number ASAP. If this does happen in your office, don’t worry: we can help.
Read moreCisco Firepower FTD NetFlow configuration
Posted on - by Scott
I am often exposed to new network devices and the ways that they support and configure flow-monitoring technologies. So I was excited to learn this new Cisco Firepower Threat Defense NetFlow configuration.
This configuration uses all the same NSEL configuration commands that you would use on a Cisco ASA, in just about the same order as I described in this Cisco ASA configuration blog. The difference is that you are applying the commands using a GUI interface and not CLI.
Read moreTuning DDoS and DRDoS flow analytics to your environment
Posted on - by Dylan Mclaughlin
As more and more devices are added to the internet, a larger swath of insecurity comes with them. Botnets and compromised devices are the main sources of headache for attacks on infrastructure, with Distributed Denial of Services attacks becoming a major tool for the bad actors to break systems or cover their tracks during an operation. Plixer Scrutinizer provides a method for alarming on these attacks in real time.
Read more