The recent SANs 2018 Survey on Endpoint Protection and Response makes clear that point-security solutions are not enough to quell the ever-growing barrage of cyberattacks. The survey polled 277 IT professionals on endpoint security concerns and practices. In this year’s survey, 42% of respondents reported that endpoint exploits were down from 53% in 2017. However, the number of those who didn’t know they had been breached jumped from 10% in 2017 to 20% in 2018. To that end, security and network professionals need a way to detect when such vulnerabilities are taking place. In this article, I’d like to outline the importance of continuing to protect your network with endpoint protection while supplementing it with network traffic analytics.
Author: Justin
Justin Jett is Director of Audit and Compliance at Plixer with roles ranging from system administration of web services to technical product marketing for Plixer’s incident response system, Scrutinizer. Jett, a graduate of the University of Maine at Farmington, is an avid learner of all things security, with a particular interest in TLS and DNS attacks.
Network Traffic Analytics with Gigamon
Posted on - by Justin
Quite some time ago, my colleague wrote about our Gigamon NetFlow support. That article will help you understand how to configure your Gigamon appliances to export rich metadata to your network and security intelligence platform. In this article, I will discuss network traffic analytics as it pertains to Gigamon, and outline some of the few areas that Gigamon can supplement the metadata exports from your existing infrastructure.
How to detect SSH credential misuse with network traffic analytics
Posted on - by Justin
According to a recent article on BleepingComputer, a backdoor Python library can steal SSH credentials. This can lead to ssh credential misuse if undetected by IT professionals. “The module’s name is SSH Decorator (ssh-decorate), developed by Israeli developer Uri Goren, a library for handling SSH connections from Python code. On Monday, another developer noticed that multiple recent versions of the SSH Decorate module contained code that collected users’ SSH credentials and sent the data to a remote server located at: http://ssh-decorate.cf/index.php.” In this article, I’ll show you how to detect SSH credential misuse with network traffic analytics and your existing network infrastructure.
How to Mitigate Insider Threats with Network Traffic Analytics
Posted on - by Justin
According to a recent Ponemon Institute report, the cost of insider-related breaches has escalated to over $8.7 million. What’s even more concerning is that as the cost of insider threats has increased, the cost of non-insider threats is $3.6 million, according to IBM. This means that insider incidents cost more than double that of non-insider incidents. Furthermore, the report also indicates that insider threats take more than two months to contain on average. With this in mind, I’d like to help you understand these insider threats, and how to mitigate insider threats with network traffic analytics.
Protecting Critical Infrastructure from Cyberattacks with Network Traffic Analytics
Posted on - by Justin
According to a recent New York Times’ article, there have been cyberattacks on critical infrastructure Saudia Arabia recently. While these attacks were not elaborated on in full detail (at least not in the article), it is important to understand the importance of protecting critical infrastructure from such attacks. In this article, I’d like to help you understand what critical infrastructure is, how it’s being targeted, and how you we can protect critical infrastructure from future attacks.