Author: Ryan Slosser

Blog Categories: All Categories Advanced IPFIX Reporting Advanced NetFlow Reporting Big Data Blackhat Book on NetFlow BYOD Cisco NetFlow Partners Cloud Service Monitoring Compliance Configuration Customer Service Data Theft Denika DNS Education Email Reporting Email Reporting Software Employment Finance Flexible NetFlow General Higher Education insider threats IoT IT News Lancope NetFlow NetFlow Analyzer NetFlow Dashboard NetFlow Detective NetFlow Monitoring NetFlow or IPFIX NetFlow Problems NetFlow Reporting Network Monitoring Network Operations Network Security Network Traffic Analysis Performance Agent Performance Management Project management SaaS SD-WAN visibility Security Operations SonicWALL SonicWALL NetFlow Analyzer SonicWALL NetFlow collector Temperature Monitoring VPN traffic monitoring WebNM Wireless NetFlow

General

How to deploy a Flowpro Virtual Appliance

Posted on 11.12.15 - by Ryan Slosser

Today I want to talk about how to deploy a Flowpro Virtual Appliance. With the Flowpro Virtual Appliance, you can get that visibility into network traffic where exporting flow data is not natively available from devices. I want to go through the steps of deploying the Flowpro Virtual Appliance.

Read more

Security Operations

Data Exfiltration over DNS

Posted on 09.13.15 - by Ryan Slosser

How many companies out there are monitoring DNS traffic? Are you concerned about data exfiltration over DNS? How many people even know that is possible? These are questions I get to ask customers, and the response I get is the same with everyone. Not very many companies monitor their DNS traffic.

Read more

Configuration

Fortiswitch IPFIX Configuration

Posted on 07.08.15 - by Ryan Slosser

Today I want to talk a little about the Fortiswitch IPFIX configuration on the Fortiswitch-500. As of version 4.0 MR1 the Fortiswitch-500 can export IPFIX to your NetFlow Collector. IPFIX is the standard for flow information exports, hense the name IPFIX (Internet Protocol Flow Information eXport).

Read more

General

Baselining Network Traffic

Posted on 05.06.15 - by Ryan Slosser

What is baselining network traffic? Why worry about baselining network traffic and Is this used for network security? These are the questions I want to answer today and how you can start baselining network traffic with the use of NetFlow/IPFIX.

Read more

Network Operations

NetFlow Collector IPv6 Support

Posted on 03.18.15 - by Ryan Slosser

With the exhaustion of IPv4 addresses, the need to switch to IPv6 is inevitable and has been for many years. As your company makes the switch to IPv6, don’t forget NetFlow collector’s IPv6 support. I’m not only talking about the ability of your NetFlow collector to report on IPv6 conversations, but also the ability to collect NetFlow sent in IPv6 packets.

Read more

Security Operations

Detecting Tor Traffic

Posted on 01.28.15 - by Ryan Slosser

Detecting TOR traffic will help identify possible infections on your network. It keeps the eyes of your network team open to different types of malware that utilize Tor for disguising its intent end location. Tor not only encrypts its traffic, but also disguises its traffic as HTTPS communications thus making NetFlow/IPFIX a valuable asset in setting this traffic apart from normal HTTPS traffic that we all know is on the network.

Read more

Security Operations

How a Rogue DHCP Server Works

Posted on 12.17.14 - by Ryan Slosser

I’d like to take the time to go through the steps on how a rogue DHCP server works. The more you know about man-in-the-middle attacks, the better you will be at uncovering the infections. Scott wrote a blog a few weeks ago that went into some more detail about detecting a rogue DHCP server and symptoms that you may be infected. I want to hit on how that activity works.

Read more

General

Network Abuse and Policy Observance

Posted on 11.12.14 - by Ryan Slosser

I’m no network administrator, but I know that monitoring network abuse and policy observance is imperative to keeping a network safe.  After writing my last blog on incident response system guidelines, I received a few emails about going more in depth using custom data correlation and thresholds. It can be difficult finding the information you want before you even know you want it. Would you like to know that the phone is about to ring because of a possible infection or that the network is about to become slow? Now, no one can tell the future but having a little more insight using NetFlow and IPFIX data will help predict a possible issue.

Read more

General

Incident Response System Guidelines

Posted on 10.09.14 - by Ryan Slosser

Working in support, customers often ask me how to start using NetFlow and IPFIX in their network monitoring tool, to get a more proactive approach to detecting threats. This is why I have decided to go over a few incident response system guidelines that will save you time and money when your network is hit by the next string of malware or advanced persistent threat (APT). Jalisa pointed out yesterday that the average security breach cost can be up to $3.5 million. Let’s go over a few ways to utilize NetFlow and IPFIX to lessen the impact.

Read more

Network Operations

Incident Response Pocket Guide

Posted on 09.24.14 - by Ryan Slosser

Becoming a NetFlow private eye is easy if you’re using the right Incident Response System (IRS). Our team is lucky to be able to experience and work through the scenarios that keep most security professionals up at night. After reading Jake’s blog  a few weeks ago, we decided to infect our lab with a virus that would try to move around the network and pull info from the servers and send them out to a command and control (C&C) server out on the Internet. I’ll share with you what we did.  Although this was done in a lab, the point will still be clear: advanced persistent threats (APT)/malware will go undetected for long periods of time if you don’t have the right system in place to help with incident response. Read more