Author: Austin Brooks

Austin is a QA Engineer in the R&D department at Plixer. He works on new report types and aids the front end team with changes to the user interface of Scrutinizer. He has worked in Tech Support as well as a Solutions Engineer for the sales team at Plixer before his move to Development. Austin graduated from UNH’s WSBE with a degree in International Business and speaks a bit of German. Outside of work, Austin spends his time honing his coding skills and does website design for friends and family. He enjoys skiing, hockey, playing and writing music as well as traveling to different countries.

Network Operations

Network Segmentation for PCI Compliance

04.29.15 - Austin Brooks

There is a rising trend in network segmentation for compliance purposes, such as adhering to PCI compliance among network administrators. If you store sensitive user information such as credit card numbers, you are affected by PCI Compliance. What if, though, you could leverage NetFlow data to show that the servers, that store such information, are segmented on your network? Being able to show that you have full visibility into your network and that you have protected sensitive information can be a huge relief when you are asked to show PCI compliance. Read more

General

NetFlow Analyzer No Flows Received

03.13.15 - Austin Brooks

When you log into your NetFlow Analyzer, it may be shocking to find one of your core devices is saying “no flows received”. I’ve seen this in support and know that it is important to have your devices sending NetFlow data to your collector at all times. I’ve found that the best way to uncover the issue is to narrow down the variables and isolate the problem. In this blog, I’d like to look at why flows are not being received by a NetFlow collector, by using a packet capture analysis tool, Wireshark.

General

Username Reporting with Netflow

01.22.15 - Austin Brooks

I have had a few customers ask about username reporting with Netflow within their incident response system. Collecting user activity and viewing reports filtered on specific users can give administrators insight and convenience when looking at user logged into the network when investigating an incident or providing detailed reports for management. Most authentication systems are supported (E.g. Cisco ISE, Enterasys Mobile IAM). Adam has discussed the advantages to administrators in a previous blog about username reporting with Netflow. In this blog I will go over how to integrate with a Microsoft Domain Controller, and then use an incident response system to utilize username reporting. Read more

Network Operations

Identifying Compromised Hosts

12.10.14 - Austin Brooks

Identifying a compromised host in your environment is a common task for administrators in most network environments. What about other local hosts currently communicating with a compromised IP addresses, that you are not yet aware of? It’s not just a question of detecting the communication but of how long it has been going on before you detect it.

NetFlow

sFlow vs NetFlow Comparison

10.15.14 - Austin Brooks

I have been working with a number of customers who asked for an sFlow vs NetFlow comparison. They were concerned about the amount of visibility they were seeing with the sFlow (sampling) technology and why those reports were so different from their NetFlow reports. In response to all those requests, I set up a lab to show you some of these differences!