Today I’m going to write about a company named Ecessa. If you haven’t heard of them before, they have a long history of building networking hardware for businesses. Since the inception of the company, one of their primary goals has been to ensure reliable and resilient Internet connectivity.
Malware Detection and determining the cause of an incident is a requirement in todays connected world. The post U.K. Parliament’s computers tried to access porn 247,000 times in 2015 is a great example. From first glance you get the impression that people at the Parliament have way too much time on their hands. When you dig a bit deeper we start to see that this the problem isn’t an HR issues but network security issue. The good news is that with the adoption of NetFlow collection and Flow Pro Defender Scrutinizer can monitor for malware. Read more
Face it—the information technology arena is an ever-changing monster and recent news about the increase with IoT vulnerabilities is no exception. A new technology can come around all of a sudden and change how we think and do things. Don’t get me wrong; it’s exciting and it’s what our world has been built on, but it’s also a little nerve-wracking. This becomes a bigger issue in the world of security, since newer technology tends not to be completely vetted. Read more
A good number of evaluators have been asking me what’s the best way to evaluate our free virtual Netflow collector. There is a growing trend of companies moving away from dedicated hardware to a virtualized environment. However, there are many options to create such a network. Windows has Hyper-V, which is part of the Windows Server OS, VMware has ESXi to, and KVM meet these virtualization needs. Plixer supports all three of these virtual environments with our Free virtual NetFlow collector, Scrutinizer. Installation of our solution is as simple as deploying the appropriate package to the specific hypervisor.
A little while ago we posted an article on F5 IPFIX Support. I wanted to follow up on that and dig a little deeper on how to configure your F5 to send IPFIX and IEs to a collector. Remember, IEs are individual fields in an IPFIX template. Under the F5 an IPFIX template describes a single Advanced Firewall Manager (AFM) event.
On top of that, it looks like F5 has also extend their IPFIX support and have added quite a few of new information elements or IEs. Make sure to check them out.
Are you building an incident response system? Does it include tools that allow for attack investigation and recovery? Earlier this year I wrote a three part series on constructing a Cyber Incident Response Plan and outlined two ways Scrutinizer can be an important part of this endeavor. After reading the latest BBC article on how Website-crippling cyber-attacks are to rise in 2016 , I figured that I would talk a bit more on how our Flow Analytic intelligence can assist with attack investigation and recovery. Read more
Let’s talk about UDP scans and how they can be an internet threat. In today’s world, having multiple layers of Internet Threat Defense is a requirement. With Scrutinizer and the intelligence behind Flow Analytics it is easy to detect reconnaissance-style traffic patterns like UDP scans. UDP scanning is common both on the Internet and internally. A common use on the Internet is to ID servers that can be used for DrDoS (distributed reflection denial of service) attacks, as DoS works much better on UDP. Internally, it can be used to ID open ports on machines. Read more
Our network admin was made aware of a possible phishing email attack and at the same time reminded of the need for constant internal threat detection when an intrusion attempt was made via a word document attachment. After obtaining the Indicators of Compromise data, we used Scrutinizer to figure out if there was anyone on our network communicating with the suspicious IPs or domains. Read more
Every day we see more and more stories about security breaches across the globe. With there being so many new cyber security threats coming out the need for traffic analysis and a strong Cyber Incident Response plan has never been so high. In part one and part two of this series, we demonstrated that by combining NetFlow/IPFIX technology with Scrutinizer you are getting 100% network visibility. Here in part three of this series, we are going to talk about the importance of adding Scrutinizers Flow Analytic’s Intelligence into your cyber incident response plan to detect network traffic anomalies. Read more
In my previous blog, I talked about the value of having a cyber incident response plan. An important factor in a plan like this is having complete visibility into the traffic that is coming across your network. As I mentioned in my previous post, using flow technologies like NetFlow and IPFIX is an effective way of providing this type of visibility. The truth is that when an incident occurs, having that level of detail is absolutely required, but what about the other 90% of your network monitoring time? How can you monitor for specific events?