It can happen to anyone, even the most seasoned of network security personnel. You can be searching for something on Google, see a seemingly innocent link that looks like exactly what you’re looking for, and click it. Next thing you know, your computer screen is flashing with a message that says your computer is infected and you need to call the following number ASAP. If this does happen in your office, don’t worry: we can help.
Read moreCategory: Security Operations
Tuning DDoS and DRDoS flow analytics to your environment
Posted on - by Dylan Mclaughlin
As more and more devices are added to the internet, a larger swath of insecurity comes with them. Botnets and compromised devices are the main sources of headache for attacks on infrastructure, with Distributed Denial of Services attacks becoming a major tool for the bad actors to break systems or cover their tracks during an operation. Plixer Scrutinizer provides a method for alarming on these attacks in real time.
Read morePackets vs. flow/IPFIX: The effort to reduce dwell time
Posted on - by James Dougherty
When we hear about a cyberattack these days, there’s often a reference to when the network was originally compromised. In recent years, the need to determine how long that compromise was on the network, who else was involved, and how you’re going to gain this visibility has moved to the forefront of the SecOps team’s needs.
Read moreMalware detection using machine learning and NetFlow
Posted on - by Scott
Last year Plixer released version 19 of Scrutinizer, and with it came the introduction of Plixer Security Intelligence, our machine learning appliance.
The ML appliance learns and establishes what is normal in network traffic behaviors across hundreds of data models. When Scott’s PC reaches out to an application that he has never touched, or exhibits out-of-the-ordinary traffic behaviors, that activity is flagged and alarmed on.
Read moreFinding threats with host index
Posted on - by Dylan Mclaughlin
Imagine someone walks up to your desk and asks a very simple question: has this IP address been seen on our network? This could be a potentially difficult question to find an answer to, especially with any confidence. Plixer Scrutinizer allows you to provide a definitive answer to whomever is asking.
Read moreNetwork Detection and Response (NDR): What does it mean?
Posted on - by Stephen Tutterow
What is NDR?
This blog will focus on the hottest 3-letter acronym of 2020 & 2021—NDR. Network Detection and Response solutions must address an expanding list of non-malware threats that revolve around data exfiltration, lateral movement, and targeted user attacks. Teams must deploy solutions that learn and adapt to new patterns in real time to ensure they stay vigilant in this changing threat landscape. Plixer Scrutinizer allows network and security operations teams to address both sides of a problem within a single interface.
Read moreNetwork traffic demands of the post-pandemic era and how to manage them
Posted on - by James Dougherty
Gartner just posted their worldwide spending forecast report for the first quarter of 2021 and it looks positive. Clearly, the experts will continue to argue about the economic pressure that has been choking parts of the global economy and whether it’s losing its strength, but from Gartner’s perspective, it looks like we’ll see growth in all IT spending.
Read moreWhy and how to export a violator list for DDoS mitigation
Posted on - by Scott
The need to detect and mitigate denial-of-service attacks is nothing new to network and security administrators. DoS attacks on enterprise networks have been occurring for years.
Read moreShould you be monitoring ping?
Posted on - by Dylan Mclaughlin
Ping is one of those protocols that no one thinks about until it isn’t working and you’re trying to quickly troubleshoot connectivity between devices. Officially known as ICMP, ping is one of the older RFCs and is most used for its echo requests and replies for troubleshooting networks. Some administrators simply block all ICMP everywhere on their network. Is this for everyone? Is this necessary? With everyone’s network having its own constraints and security policies, hopefully this post can provide some insight into the thought process behind monitoring for ping.
Read moreThe harsh truth about the next cyberattack
Posted on - by James Dougherty
I don’t know about you, but it seems like there’s news of some big data breach every other month. The hard truth is that no one can really predict the next cybersecurity meltdown. There is no doubt in my mind that it will happen again (and again…). Over the past 15-plus years, the one thing stuck out as being effective was the idea of always evaluating your security posture.
Read more