In a new series of blogs, we will go over some recent data breaches and how metadata analysis could have helped with the detection and mitigation of certain events.Read more
Detecting VPN traffic on the network is a use case I hear daily from school systems ranging from primary schools all the way up through large universities. One of the biggest concerns for a security or network engineer is tracking potentially unwanted traffic on the network. This could be something harmless but forbidden like video games, or a major threat like the latest APT that was just uncovered. This is why we implement strict ACLs and segregated VLANs on the network, and why we look at things like Deep Packet Inspection (DPI) as well as SSL DPI to help us gain insight into encrypted traffic. This blog aims to go over a couple technologies you probably already have at your fingertips and how you can use IPFIX/NetFlow analytics to track this nefarious behavior.
Are we properly utilizing these expensive WAN links? That is probably a question you have asked yourself on more than one occasion when you get a bill from your provider. While MPLS/Broadband connectivity both have pros and cons, wouldn’t it be great if you had a tool to see if they were properly being utilized or if load is increasing over time? How about rather than just seeing in/out bits/s, you could determine what application is consuming the link? Stay tuned and see how it works!
We all know that VPN monitoring is something every network and security engineer should be familiar with, but with the recent uptick of changes in companies work-from-home policies, IT departments are struggling to scale up to the VPN demands. Let’s be 100% honest about this: most networks weren’t designed to handle the demand we are seeing right now.
RSA 2020 was last week and like every year I have attended, there was a whirlwind of new technologies and methodologies being presented by the vendors I spoke with. Continue on to see what things we learned and how Plixer can help solve problems facing today’s customers.Read more
As a Presales Engineer, I spend a good portion of my time helping with Scrutinizer installs and helping troubleshoot unique use cases for end users. In my 7 years of doing this, I’ve noticed a lot of commonality between installs even in disparate environments. I hope to add more to this list as time goes on and trends in the industry evolve further.Read more
Network and security teams collect flow and metadata to provide an accurate account of applications traversing the network. Another aspect of troubleshooting poor application performance is ensuring that QoS is being used properly. This blog will go over how collecting NetFlow/IPFIX data can easily help monitor and alarm on any new or existing QoS issues.Read more
In this industry, I’ve seen a common trend of buying best-in-breed solutions that are built for one or a few things instead of the jack-of-all trade solutions. While I believe this idea is generally a good one, it often leaves end users with the task of learning multiple interfaces and leaves you with only using a fraction of the product you purchased. As a sales engineer at Plixer, part of my role is working with customers to streamline their workflows using not just our solution, but others they have purchased as well. This blog will go over a couple types of integrations that we have and will hopefully spark something that you can use on your network.Read more
I spent a lot of time talking to customers at RSA 2019 and a message that resonated with a lot of them was using your network as a sensor. I believe this is because SOC analysts often dig through log data or full packet capture—but then overlook network metadata because it isn’t available to them or they don’t know how to properly use it. This blog will give you a high-level view of what you might be missing out on by not collecting and analyzing network metadata such as IPFIX/NetFlow.
DDoS attacks have plagued the network security space for almost 20 years. In that time, we have seen a lot of changes. In just 2018 alone, we saw the first multi-terabyte/s DDoS attacks, which have been bringing large organizations to their knees. If you aren’t prepared to quickly and effectively analyze DDoS attacks in real time, are you even prepared at all?