Author: Jeff Morrison

Jeff Morrison is a Solutions Engineer here at Plixer. He is responsible for travelling on-site to provide assistance with initial deployment, setup and design, in-depth training, and custom configurations. While in the office Jeff is responsible for providing technical assistance on initial overviews, providing training for internal resources, and researching integrations with 3rd-party vendors. When not on the road travelling, he enjoys playing music, riding motorcycles, video games, and spending time with friends and family.

Network Operations

Integrate your network alarms with Microsoft Teams

03.29.21 - Jeff Morrison

2020 was a year of incredible change—changes that I believe will have a lasting impact, but also changes that require immense flexibility with traditional structure and workflows. This is observable in every industry, and ours is no different. Not only has the model of network traffic changed with a work-from-home model, but so has our ability to collaborate as a team. We moved from primarily being in the same physical room as our colleagues to now spending our time in virtual channels. One of the most widely adopted of these digital workspaces is Microsoft Teams.

With Teams being the primary space for collaboration, having a network monitoring solution like Plixer Scrutinizer post alarms to a dedicated Teams channel is an incredibly effective way of monitoring, tracking and assigning network events to team members for investigation. Let’s take a look at how easy it is to configure this integration within Scrutinizer.

Threat Hunting

Inspecting encrypted traffic with JA3 and JA3S fingerprinting

11.20.20 - Jeff Morrison

Two years ago, I wrote a blog about tracking malware in encrypted traffic. The overall theme of that blog was that encryption has become much more of a standard. 2017 in particular was a milestone year in which the volume of encrypted traffic officially surpassed unencrypted web traffic. It’s safe to say that in three years, that balance has shifted even more in favor of SSL/TLS encryption. In this blog, I’ll explore the concept of JA3 and JA3S fingerprinting and the benefits they introduce when it comes to inspecting encrypted traffic.

Network Monitoring

The importance of monitoring and correlating your wireless network traffic

11.13.19 - Jeff Morrison

I’m often asked, “if I already have a solution to monitor this segment of the network, why do I need a solution that will overlap”? It’s a very fair question to ask, considering in most aspects of life redundancy or overlap isn’t necessarily considered good. In the case of network monitoring, I would argue overlap isn’t bad if it’s also providing correlation. With that in mind, I wanted to focus on the benefit of monitoring your wireless network traffic, and specifically having the ability to correlate this traffic across the entirety of your network.

Network Monitoring

Cisco ASR 1001-X overloading QFP

08.21.19 - Jeff Morrison

Whether you work primarily on the networking side of the house or the security side, you’ll need to ingest metadata into at least one of the tools in your toolbox. In my experience, it’s often the same data sets are often being generated multiple times from the same raw packet. This can put an extreme load on your exporting device. This happened recently with a customer, and in the process, we uncovered a bug specific to Cisco’s ASR 1001-X platform running IOS XE 3.16.x. I’ll discuss what this bug was, the issues it caused, and how it can be alleviated in the future.

Network Operations

Scrutinizer and Its RESTful API

05.15.19 - Jeff Morrison

I spend a large amount of time day-to-day working with customers to understand how they can best leverage their current NetFlow/IPFIX data to solve a variety of problems. What I’ve begun to realize is that there are many different use cases for leveraging metadata, and the format in which data can be most useful will vary as well. More and moreoften, the traditional graph and table format of displaying data may not be the preferred format. One way to overcome this is to use a RESTful API, so today I’d like to talk about Scrutinizer’s ability to fully support RESTful API calls.

Configuration

Cisco Catalyst 9500 Flexible NetFlow Configuration

02.27.19 - Jeff Morrison

Recently I’ve had many requests from customers who upgraded to the Catalyst 9500 series and are looking for a NetFlow configuration document. So I’ve put together this guide for configuring FNF (Flexible NetFlow).

Configuration

Configuring an ERSPAN within VMware and Cisco Switches

02.18.19 - Jeff Morrison

With the ever-growing support for flow exports, the need for probes and port mirroring has become a lot more limited. There are certain environments where it’s a requirement, however, and physically impossible to position a probe near a device that we want to port mirror from. In these situations, it’s important for the probe to have support for a remote span.

Network Operations

NetOps and SecOps Collaboration Solves the Data Silo Problem

09.19.18 - Jeff Morrison

In the IT space we are not new to challenges. Some might even say we welcome them and thrive in overcoming hurdles. Each and every department in our IT infrastructure faces their own unique challenges every day. Today I wanted to explore one challenge in particular: data silos.

Network Operations

Scrutinizer SaaS Deployment

07.11.18 - Jeff Morrison

Let’s talk about the cloud for a minute. A majority of IT infrastructure has been moving to the cloud over the last few years, and for good reason. The cost-saving benefit, ease of administration and space reduction are all good reasons to move your internal applications to the cloud. This movement of offloading hardware to the cloud has started what I lovingly refer to as the $_aaS movement. Most are aware that nearly any application can be hosted as a service, but I want to talk about hosting your network monitoring solution as a service. That’s right, Plixer has a Scrutinizer SaaS deployment option!

Network Operations

ISPs and Netflix Open Connect

05.09.18 - Jeff Morrison

Whether it’s after a long day at work, a rainy weekend, or when a new season of your favorite TV show is released, we’ve all been on a Netflix bender (*cough* Stranger Things *cough*). What we probably don’t think about is how all of that content is being delivered and what a burden that puts onto our ISPs. If you’re in the ISP industry, don’t worry—Netflix has the solution in Netflix Open Connect!