I think I can safely assume that everyone knows the cautionary tale of the boy who cried wolf. If you don’t, the moral is the more you say something is wrong when nothing is wrong, the more likely it is no one will believe you when something actually is wrong. In the network security world, no one wants a security solution that cries wolf. Hidden within dozens of false positives, there could be one issue lurking, waiting to cause a lot of trouble on your network.
Read moreCategory: Security Operations
How human negligence affects network security
Posted on - by Elgin Robinson
As enterprises adjust to the new normal and remote work, they are bracing for potential attacks resulting from employee carelessness. Bad habits, such as leaving devices unattended while on the VPN, can pose serious risks to the business. This blog will discuss how human negligence affects network security and provide some examples of how some threat vectors impacts organizations.
Read moreFive ways Plixer Scrutinizer helps retail networks
Posted on - by Joanna Buckley
Even though most of us have looked at a calendar recently and thought, “I could have sworn we were in May, not October,” you can’t deny that the holidays are coming. There’s a chill in the air, forecasts for snow, and floods of emails and holiday advertising from almost every retail outlet. While shoppers are gearing up to find the perfect gift, anyone who works in retail cyber security is also no doubt preparing for the big rush as well. Here are five ways Plixer Scrutinizer can help you if you’re in that role.
Read moreUsername reporting: NetFlow integration with Splunk
Posted on - by Brian Davenport
I was recently able to explore the Splunk software development kit with a customer. This helped me to implement another way to get username attribution within Plixer Scrutinizer. It’s a great addition to past methods such as Active Directory, Cisco ISE, and CounterACT because in many cases user information will already be logged in Splunk, which saves duplicate work with multiple systems.
Read moreHow to detect suspicious ICMP traffic
Posted on - by Scott
A few years ago, we added a behavioral algorithm to Plixer Scrutinizer that looked at all the flow data that was collected and determined if there was possible ICMP tunneling taking place. That algorithm alarmed if it determined that packet sizes were abnormal for ICMP traffic from a Windows or Linux platform.
Read moreHow to detect a reverse SSH tunnel
Posted on - by Khalil Ismayilov
Today we are going to talk about Plixer’s new Flow Analytics algorithm, Reverse SSH Shell, which has been included in the latest Plixer Scrutinizer update. The Reverse SSH Shell algorithm identifies possible reverse SSH tunnels to external destinations.
Read moreSTIX/TAXII for threat intelligence
Posted on - by Dylan Mclaughlin
What is STIX/TAXII?
STIX stands for Structured Threat Information Expression, which is an open-source language and serialization format used in sharing threat intelligence. Think of it as the vehicle for containing the threat information. Threat intelligence is communicated as objects and is detailed or as brief as the creator would like. TAXII stands for Trusted Automated Exchange of Indicator Information and is an application protocol that uses HTTPS/HTTP to enable communication. Think of this as the highway for STIX to travel on.
Read moreEnhance NetOps/SecOps collaboration with Plixer’s new collections feature
Posted on - by James Dougherty
I can’t tell you how many calls I’ve been on where the NetOps and SecOps teams really don’t know what the other is doing. Sadly, in today’s remote-work-centric world, the relationship between the two teams has become vital in making sure the end users not only have the resources they need, but at the same time, making sure everything is safe and up to compliance requirements.
Read moreHow to detect bogon connections
Posted on - by Elgin Robinson
Many ISPs filter bogon connections because bogon IP addresses have no legitimate use. If you find a bogon or bogus IP address in your firewall logs, it is likely due to a misconfiguration or someone intentionally creating a bogon connection for malicious purposes. This blog provides guidance on how to detect bogon connections with Plixer Scrutinizer and potentially discover other vulnerabilities that would compromise an enterprise network environment.
Read moreDetecting IP spoofing with Plixer Scrutinizer and Beacon
Posted on - by Jake
A common tactic for bad actors to get a foothold into the network is to leverage IP spoofing to either:
- Gain access to a network using a valid IP address
- To man-in-the-middle a known service, allowing them to eavesdrop/intercept traffic
Regardless of the intention, IP spoofing can be a hard problem to track down if you don’t have proper monitoring in place. Today I will go over how this tactic can easily be detected and alarmed on using Scrutinizer and Beacon. This solution provides full endpoint device profiling as well as network traffic monitoring.
Read more