The need to detect and mitigate denial-of-service attacks is nothing new to network and security administrators. DoS attacks on enterprise networks have been occurring for years.
Read moreCategory: Security Operations
Should you be monitoring ping?
Posted on - by Dylan Mclaughlin
Ping is one of those protocols that no one thinks about until it isn’t working and you’re trying to quickly troubleshoot connectivity between devices. Officially known as ICMP, ping is one of the older RFCs and is most used for its echo requests and replies for troubleshooting networks. Some administrators simply block all ICMP everywhere on their network. Is this for everyone? Is this necessary? With everyone’s network having its own constraints and security policies, hopefully this post can provide some insight into the thought process behind monitoring for ping.
Read moreThe harsh truth about the next cyberattack
Posted on - by James Dougherty
I don’t know about you, but it seems like there’s news of some big data breach every other month. The hard truth is that no one can really predict the next cybersecurity meltdown. There is no doubt in my mind that it will happen again (and again…). Over the past 15-plus years, the one thing stuck out as being effective was the idea of always evaluating your security posture.
Read more5 ways of verifying security risks and avoiding false positives
Posted on - by Joanna Buckley
I think I can safely assume that everyone knows the cautionary tale of the boy who cried wolf. If you don’t, the moral is the more you say something is wrong when nothing is wrong, the more likely it is no one will believe you when something actually is wrong. In the network security world, no one wants a security solution that cries wolf. Hidden within dozens of false positives, there could be one issue lurking, waiting to cause a lot of trouble on your network.
Read moreHow human negligence affects network security
Posted on - by Elgin Robinson
As enterprises adjust to the new normal and remote work, they are bracing for potential attacks resulting from employee carelessness. Bad habits, such as leaving devices unattended while on the VPN, can pose serious risks to the business. This blog will discuss how human negligence affects network security and provide some examples of how some threat vectors impacts organizations.
Read moreFive ways Plixer Scrutinizer helps retail networks
Posted on - by Joanna Buckley
Even though most of us have looked at a calendar recently and thought, “I could have sworn we were in May, not October,” you can’t deny that the holidays are coming. There’s a chill in the air, forecasts for snow, and floods of emails and holiday advertising from almost every retail outlet. While shoppers are gearing up to find the perfect gift, anyone who works in retail cyber security is also no doubt preparing for the big rush as well. Here are five ways Plixer Scrutinizer can help you if you’re in that role.
Read moreUsername reporting: NetFlow integration with Splunk
Posted on - by Brian Davenport
I was recently able to explore the Splunk software development kit with a customer. This helped me to implement another way to get username attribution within Plixer Scrutinizer. It’s a great addition to past methods such as Active Directory, Cisco ISE, and CounterACT because in many cases user information will already be logged in Splunk, which saves duplicate work with multiple systems.
Read moreHow to detect suspicious ICMP traffic
Posted on - by Scott
A few years ago, we added a behavioral algorithm to Plixer Scrutinizer that looked at all the flow data that was collected and determined if there was possible ICMP tunneling taking place. That algorithm alarmed if it determined that packet sizes were abnormal for ICMP traffic from a Windows or Linux platform.
Read moreHow to detect a reverse SSH tunnel
Posted on - by Khalil Ismayilov
Today we are going to talk about Plixer’s new Flow Analytics algorithm, Reverse SSH Shell, which has been included in the latest Plixer Scrutinizer update. The Reverse SSH Shell algorithm identifies possible reverse SSH tunnels to external destinations.
Read moreSTIX/TAXII for threat intelligence
Posted on - by Dylan Mclaughlin
What is STIX/TAXII?
STIX stands for Structured Threat Information Expression, which is an open-source language and serialization format used in sharing threat intelligence. Think of it as the vehicle for containing the threat information. Threat intelligence is communicated as objects and is detailed or as brief as the creator would like. TAXII stands for Trusted Automated Exchange of Indicator Information and is an application protocol that uses HTTPS/HTTP to enable communication. Think of this as the highway for STIX to travel on.
Read more