XDR stands for eXtended Detection and Response. What it is depends on who is explaining it. XDR evolved very quickly from Network Detection and Response (NDR) and Endpoint Detection and Response (EDR) because everyone realized that neither alone could solve the enterprise security problem. In loose terms, XDR is similar to the old concept of a layered security strategy.
Read moreCategory: Security Operations
Protect your network from Log4j and future vulnerabilities
Posted on - by Justin
Earlier this month, a vulnerability in the Apache Log4j logging framework was disclosed. The zero-day vulnerability was published by Alibaba Cloud’s security team as was called Log4Shell (CVE-2021-44228).
To protect business-critical applications and prevent remote code execution, which could give unfettered access to the hacker, businesses need to understand how to protect themselves from such attacks while patching vulnerable systems.
Read moreRansomware attacks impact more than their target victim
Posted on - by Justin
Last week Kronos (now Ultimate Kronos Group (UKG)) announced that they were hit by a ransomware attack that is likely to keep their system offline for weeks. As a major human resources management company, they provide services like payroll, timekeeping, etc. to other companies. Because so many companies rely on Kronos’s services, they are feeling the effects of this attack as well. So, what does this show us about the danger and damages of ransomware?
Read moreUsing flow-based NDR to fight ransomware
Posted on - by Justin
Ransomware is everywhere and cybercriminals are increasingly more antagonistic, demanding ever increasing ransom payments. Palo Alto Networks’ Unit 42 says that payments are up 82% in the first half of 2021, with an average payment amount at a record $570,000. But with ransoms increasing and cybercriminals ever hungry for users’ data, what can you do to stop these attacks?
Read moreEnterprises face tough, new reality of cybercrime: It’s not if, but when
Posted on - by Theresa Abbamondi
By 2025, it’s estimated that cybercrime will cost the world $10.5 trillion annually—a figure that includes damage and destruction of data; theft of intellectual property, personal and financial data; disruption to business; restoration and deletion of hacked data and systems; and reputational harm.
Read moreNetwork security: How effective is your security posture?
Posted on - by Scott
Network security is described as the implementation of technologies, processes, and protocols designed to safeguard an organization’s communications and information.
Read moreDetect abnormal lateral network traffic using machine learning and NetFlow
Posted on - by Scott
In a previous blog I introduced you to the malware detection capabilities of Plixer’s intelligence product. I would like to circle back to some information shared in that blog to talk about its ability to detect behaviors like lateral movement across the LAN segments of the network related to data accumulation.
Before I get started, I want to talk about strategies used for network visibility and why flow technologies should be at the top of the list.
Read moreMalicious links and how to find them
Posted on - by Joanna Buckley
It can happen to anyone, even the most seasoned of network security personnel. You can be searching for something on Google, see a seemingly innocent link that looks like exactly what you’re looking for, and click it. Next thing you know, your computer screen is flashing with a message that says your computer is infected and you need to call the following number ASAP. If this does happen in your office, don’t worry: we can help.
Read moreTuning DDoS and DRDoS flow analytics to your environment
Posted on - by Dylan Mclaughlin
As more and more devices are added to the internet, a larger swath of insecurity comes with them. Botnets and compromised devices are the main sources of headache for attacks on infrastructure, with Distributed Denial of Services attacks becoming a major tool for the bad actors to break systems or cover their tracks during an operation. Plixer Scrutinizer provides a method for alarming on these attacks in real time.
Read morePackets vs. flow/IPFIX: The effort to reduce dwell time
Posted on - by James Dougherty
When we hear about a cyberattack these days, there’s often a reference to when the network was originally compromised. In recent years, the need to determine how long that compromise was on the network, who else was involved, and how you’re going to gain this visibility has moved to the forefront of the SecOps team’s needs.
Read more