Network security is described as the implementation of technologies, processes, and protocols designed to safeguard an organization’s communications and information.
Read moreAuthor: Scott
Scott provides Pre Sales Technical Support to the Sales team at Plixer. Scott comes from a technical support background, having years of experience doing everything from customer account management to system programming. Some of his interests include coaching youth sports programs here in Sanford, playing drums and guitar in local jam bands, and playing in neighborhood lawn dart tournaments.
Detect abnormal lateral network traffic using machine learning and NetFlow
Posted on - by Scott
In a previous blog I introduced you to the malware detection capabilities of Plixer’s intelligence product. I would like to circle back to some information shared in that blog to talk about its ability to detect behaviors like lateral movement across the LAN segments of the network related to data accumulation.
Before I get started, I want to talk about strategies used for network visibility and why flow technologies should be at the top of the list.
Read moreCisco Firepower FTD NetFlow configuration
Posted on - by Scott
I am often exposed to new network devices and the ways that they support and configure flow-monitoring technologies. So I was excited to learn this new Cisco Firepower Threat Defense NetFlow configuration.
This configuration uses all the same NSEL configuration commands that you would use on a Cisco ASA, in just about the same order as I described in this Cisco ASA configuration blog. The difference is that you are applying the commands using a GUI interface and not CLI.
Read moreMalware detection using machine learning and NetFlow
Posted on - by Scott
Last year Plixer released version 19 of Scrutinizer, and with it came the introduction of Plixer Security Intelligence, our machine learning appliance.
The ML appliance learns and establishes what is normal in network traffic behaviors across hundreds of data models. When Scott’s PC reaches out to an application that he has never touched, or exhibits out-of-the-ordinary traffic behaviors, that activity is flagged and alarmed on.
Read moreWhy and how to export a violator list for DDoS mitigation
Posted on - by Scott
The need to detect and mitigate denial-of-service attacks is nothing new to network and security administrators. DoS attacks on enterprise networks have been occurring for years.
Read moreHow can I load balance my NetFlow traffic across multiple collectors?
Posted on - by Scott
Do you find that you are constantly modifying NetFlow configurations to balance collector workloads? The latest release of Scrutinizer introduces an option to load balance the collector workload across multiple, distributed-collector clusters by automatically modifying Plixer Replicator profiles based on the number of exporters and flow volume processed at each collector.
Read moreHow to detect suspicious ICMP traffic
Posted on - by Scott
A few years ago, we added a behavioral algorithm to Plixer Scrutinizer that looked at all the flow data that was collected and determined if there was possible ICMP tunneling taking place. That algorithm alarmed if it determined that packet sizes were abnormal for ICMP traffic from a Windows or Linux platform.
Read moreHow to avoid NetFlow sampling
Posted on - by Scott
As resource demands and bandwidth speeds in many of today’s network infrastructures continue to increase, many network administrators believe that NetFlow sampling is the only way to deal with the high flow volume sent across the network. In fact, setting a NetFlow sample rate of 1 in 100 can cut flow volumes as much as 50%.
Read moreTroubleshooting NetFlow over VPN tunnel
Posted on - by Scott
I was working with a customer last week who had configured NetFlow on four of their Cisco routers. They had applied basically the same configuration to each of the routers, but only saw exported flows from three of them arrive at the collector.
Read moreCan your network survive the coronavirus lockdown?
Posted on - by Scott
Lately, I have seen an increase in support calls regarding the increase in bandwidth consumption and the degradation of application performance seen when employees started working from home because of the coronavirus outbreak.
Read more