Jake, Author at Plixer

Forensic investigation of endpoints using NetFlow

01.06.21 - Jake

This blog will go over how to use some of the features in Plixer Scrutinizer v19.0, such as the host index and IP groups functionality, to quickly define your endpoints and reduce the time it takes to find suspicious hosts. Recently we have seen an uptick in customers looking to use this functionality to its fullest to help speed up incident response.

Threat Hunting

Detecting RDP attacks with NetFlow and metadata

10.14.20 - Jake

An ever increasing attack vector in the healthcare industry are attacks against open or unsecured RDP connections that allow a bad actor to gain a foothold into the network and use this to propagate malware or export the client via ransomware. In this blog, you’ll find some simple-to-follow workflows that you can use to identify and remediate any potentially vulnerable servers.

Security Operations

Detecting IP spoofing with Plixer Scrutinizer and Beacon

08.05.20 - Jake

A common tactic for bad actors to get a foothold into the network is to leverage IP spoofing to either:

Gain access to a network using a valid IP address
To man-in-the-middle a known service, allowing them to eavesdrop/intercept traffic

Regardless of the intention, IP spoofing can be a hard problem to track down if you don’t have proper monitoring in place. Today I will go over how this tactic can easily be detected and alarmed on using Scrutinizer and Beacon. This solution provides full endpoint device profiling as well as network traffic monitoring.

Data Theft

Slickwraps breach and metadata analysis

05.20.20 - Jake

In a new series of blogs, we will go over some recent data breaches and how metadata analysis could have helped with the detection and mitigation of certain events.

VPN traffic monitoring

Detecting VPN traffic on the network

03.23.20 - Jake

Detecting VPN traffic on the network is a use case I hear daily from school systems ranging from primary schools all the way up through large universities. One of the biggest concerns for a security or network engineer is tracking potentially unwanted traffic on the network. This could be something harmless but forbidden like video games, or a major threat like the latest APT that was just uncovered. This is why we implement strict ACLs and segregated VLANs on the network, and why we look at things like Deep Packet Inspection (DPI) as well as SSL DPI to help us gain insight into encrypted traffic. This blog aims to go over a couple technologies you probably already have at your fingertips and how you can use IPFIX/NetFlow analytics to track this nefarious behavior.