In a new series of blogs, we will go over some recent data breaches and how metadata analysis could have helped with the detection and mitigation of certain events.
Read moreAuthor: Jake
Jake Bergeron is currently one of Plixer's Sr. Solutions Engineers - He is currently responsible for providing customers with onsite training and configurations to make sure that Scrutinizer is setup to their need. Previously he was responsible for teaching Plixer's Advanced NetFlow Training / Malware Response Training. When he's not learning more about NetFlow and Malware detection he also enjoys Fishing and Hiking.
Detecting VPN traffic on the network
Posted on - by Jake
Detecting VPN traffic on the network is a use case I hear daily from school systems ranging from primary schools all the way up through large universities. One of the biggest concerns for a security or network engineer is tracking potentially unwanted traffic on the network. This could be something harmless but forbidden like video games, or a major threat like the latest APT that was just uncovered. This is why we implement strict ACLs and segregated VLANs on the network, and why we look at things like Deep Packet Inspection (DPI) as well as SSL DPI to help us gain insight into encrypted traffic. This blog aims to go over a couple technologies you probably already have at your fingertips and how you can use IPFIX/NetFlow analytics to track this nefarious behavior.
Network capacity planning fundamentals
Posted on - by Jake
Are we properly utilizing these expensive WAN links? That is probably a question you have asked yourself on more than one occasion when you get a bill from your provider. While MPLS/Broadband connectivity both have pros and cons, wouldn’t it be great if you had a tool to see if they were properly being utilized or if load is increasing over time? How about rather than just seeing in/out bits/s, you could determine what application is consuming the link? Stay tuned and see how it works!
Securing third-party VPN access
Posted on - by Jake
We all know that VPN monitoring is something every network and security engineer should be familiar with, but with the recent uptick of changes in companies work-from-home policies, IT departments are struggling to scale up to the VPN demands. Let’s be 100% honest about this: most networks weren’t designed to handle the demand we are seeing right now.
Current industry trends I saw at RSA 2020
Posted on - by Jake
RSA 2020 was last week and like every year I have attended, there was a whirlwind of new technologies and methodologies being presented by the vendors I spoke with. Continue on to see what things we learned and how Plixer can help solve problems facing today’s customers.
Read moreI installed Scrutinizer 100 times and here’s what I learned
Posted on - by Jake
As a Presales Engineer, I spend a good portion of my time helping with Scrutinizer installs and helping troubleshoot unique use cases for end users. In my 7 years of doing this, I’ve noticed a lot of commonality between installs even in disparate environments. I hope to add more to this list as time goes on and trends in the industry evolve further.
Read moreMonitoring QoS for application troubleshooting
Posted on - by Jake
Network and security teams collect flow and metadata to provide an accurate account of applications traversing the network. Another aspect of troubleshooting poor application performance is ensuring that QoS is being used properly. This blog will go over how collecting NetFlow/IPFIX data can easily help monitor and alarm on any new or existing QoS issues.
Read moreHow to streamline your network monitoring workflows with API integrations
Posted on - by Jake
In this industry, I’ve seen a common trend of buying best-in-breed solutions that are built for one or a few things instead of the jack-of-all trade solutions. While I believe this idea is generally a good one, it often leaves end users with the task of learning multiple interfaces and leaves you with only using a fraction of the product you purchased. As a sales engineer at Plixer, part of my role is working with customers to streamline their workflows using not just our solution, but others they have purchased as well. This blog will go over a couple types of integrations that we have and will hopefully spark something that you can use on your network.
Read moreUsing your network as a sensor
Posted on - by Jake
I spent a lot of time talking to customers at RSA 2019 and a message that resonated with a lot of them was using your network as a sensor. I believe this is because SOC analysts often dig through log data or full packet capture—but then overlook network metadata because it isn’t available to them or they don’t know how to properly use it. This blog will give you a high-level view of what you might be missing out on by not collecting and analyzing network metadata such as IPFIX/NetFlow.
Real-Time DDoS Detection & Analysis
Posted on - by Jake
DDoS attacks have plagued the network security space for almost 20 years. In that time, we have seen a lot of changes. In just 2018 alone, we saw the first multi-terabyte/s DDoS attacks, which have been bringing large organizations to their knees. If you aren’t prepared to quickly and effectively analyze DDoS attacks in real time, are you even prepared at all?
