This blog will go over how to use some of the features in Plixer Scrutinizer v19.0, such as the host index and IP groups functionality, to quickly define your endpoints and reduce the time it takes to find suspicious hosts. Recently we have seen an uptick in customers looking to use this functionality to its fullest to help speed up incident response.
Read moreAuthor: Jake
Jake Bergeron is currently one of Plixer's Sr. Solutions Engineers - He is currently responsible for providing customers with onsite training and configurations to make sure that Scrutinizer is setup to their need. Previously he was responsible for teaching Plixer's Advanced NetFlow Training / Malware Response Training. When he's not learning more about NetFlow and Malware detection he also enjoys Fishing and Hiking.
Detecting RDP attacks with NetFlow and metadata
Posted on - by Jake
An ever increasing attack vector in the healthcare industry are attacks against open or unsecured RDP connections that allow a bad actor to gain a foothold into the network and use this to propagate malware or export the client via ransomware. In this blog, you’ll find some simple-to-follow workflows that you can use to identify and remediate any potentially vulnerable servers.
Read moreDetecting IP spoofing with Plixer Scrutinizer and Beacon
Posted on - by Jake
A common tactic for bad actors to get a foothold into the network is to leverage IP spoofing to either:
- Gain access to a network using a valid IP address
- To man-in-the-middle a known service, allowing them to eavesdrop/intercept traffic
Regardless of the intention, IP spoofing can be a hard problem to track down if you don’t have proper monitoring in place. Today I will go over how this tactic can easily be detected and alarmed on using Scrutinizer and Beacon. This solution provides full endpoint device profiling as well as network traffic monitoring.
Read moreSlickwraps breach and metadata analysis
Posted on - by Jake
In a new series of blogs, we will go over some recent data breaches and how metadata analysis could have helped with the detection and mitigation of certain events.
Read moreDetecting VPN traffic on the network
Posted on - by Jake
Detecting VPN traffic on the network is a use case I hear daily from school systems ranging from primary schools all the way up through large universities. One of the biggest concerns for a security or network engineer is tracking potentially unwanted traffic on the network. This could be something harmless but forbidden like video games, or a major threat like the latest APT that was just uncovered. This is why we implement strict ACLs and segregated VLANs on the network, and why we look at things like Deep Packet Inspection (DPI) as well as SSL DPI to help us gain insight into encrypted traffic. This blog aims to go over a couple technologies you probably already have at your fingertips and how you can use IPFIX/NetFlow analytics to track this nefarious behavior.
Network capacity planning fundamentals
Posted on - by Jake
Are we properly utilizing these expensive WAN links? That is probably a question you have asked yourself on more than one occasion when you get a bill from your provider. While MPLS/Broadband connectivity both have pros and cons, wouldn’t it be great if you had a tool to see if they were properly being utilized or if load is increasing over time? How about rather than just seeing in/out bits/s, you could determine what application is consuming the link? Stay tuned and see how it works!
Securing third-party VPN access
Posted on - by Jake
We all know that VPN monitoring is something every network and security engineer should be familiar with, but with the recent uptick of changes in companies work-from-home policies, IT departments are struggling to scale up to the VPN demands. Let’s be 100% honest about this: most networks weren’t designed to handle the demand we are seeing right now.
Current industry trends I saw at RSA 2020
Posted on - by Jake
RSA 2020 was last week and like every year I have attended, there was a whirlwind of new technologies and methodologies being presented by the vendors I spoke with. Continue on to see what things we learned and how Plixer can help solve problems facing today’s customers.
Read moreI installed Scrutinizer 100 times and here’s what I learned
Posted on - by Jake
As a Presales Engineer, I spend a good portion of my time helping with Scrutinizer installs and helping troubleshoot unique use cases for end users. In my 7 years of doing this, I’ve noticed a lot of commonality between installs even in disparate environments. I hope to add more to this list as time goes on and trends in the industry evolve further.
Read moreMonitoring QoS for application troubleshooting
Posted on - by Jake
Network and security teams collect flow and metadata to provide an accurate account of applications traversing the network. Another aspect of troubleshooting poor application performance is ensuring that QoS is being used properly. This blog will go over how collecting NetFlow/IPFIX data can easily help monitor and alarm on any new or existing QoS issues.
Read more