Author: Thomas

Thomas Pore is the Director of IT and Field Engineering at Plixer. He developed and leads, the Malware Incident Response and Advanced NetFlow Training programs which are being offered in cities across the USA. He is also an adjunct professor at the local community college and teaches ethical hacking. Thomas travels the globe meeting with customers and trying improve the Scrutinizer network incident response system. He helps clients optimize threat detection strategies and aids in the configuration of custom incident response solutions. He has a Bachelor of Science in Computer Science from Dickinson College.

Threat Hunting

Tracking the SUNBURST exploit with metadata

12.16.20 - Thomas

Updated: 1/6/2021

On 12/13/20, cybersecurity company FireEye published research for the SUNBURST exploit, which is affecting companies using SolarWinds software. Since the news broke, we have been experimenting with ways that Plixer’s NDR solution, Scrutinizer, can help our customers determine the impact SUNBURST may have had on their networks.

Security Operations

VPN malware protection

03.24.20 - Thomas

Almost every organization is equipped with VPNs to support a remote workforce these days. Often, secure VPNs use a no-split secure tunnel, tunneling all remote workstation traffic through the security control the business has supplied. A less secure VPN option is a split-tunnel. With this method, non-business traffic routes normally within the remote network, but often with less security.

General

Google Map Integration | GPS Coordinates

08.06.16 - Thomas

We were an early adopter of supporting Google map integration in our NetFlow collector system. Since then, we have had customers asked that we pull in the location information from SNMP (syslocation), IPAM solutions and other GPS coordinate applications in order to avoid a manual process.

Security Operations

Detecting Data Leaks

06.03.16 - Thomas

This month I had the opportunity to work with a customer that wanted to use our malware incident response system for detecting data leaks. I put together a solution that met the customers goals and thought it would make a good reference for anyone who needs a solution for detecting data leakage.

General

DNS Firewall : Free Update to Bind

05.19.16 - Thomas

Recently we went through an exercise which turned our DNS into a firewall for a well-maintained list of requested hostnames. It was designed to work with our host reputation feed that is provided to our FlowPro Defender customers who use it to uncover internal end systems that are reaching out to Internet systems that are known to host malware.