Skip to content
Plixer Logo
  • Products
    • Plixer One Platform
    • Plixer Replicator
    • Plixer FlowPro
  • Solutions
    • Security solutions
    • Network solutions
    • Industries
  • About
  • Resources
    • Blog
    • Downloadable Resources
    • Partner Resources
    • Press Release
    • Product Documentation
  • Support
Menu
  • Products
    • Plixer One Platform
    • Plixer Replicator
    • Plixer FlowPro
  • Solutions
    • Security solutions
    • Network solutions
    • Industries
  • About
  • Resources
    • Blog
    • Downloadable Resources
    • Partner Resources
    • Press Release
    • Product Documentation
  • Support
Book a Demo
Search
Close this search box.

Security Operations

Current industry trends I saw at RSA 2020

SHARE

Share on twitter
Share on facebook
Share on linkedin

RSA 2020 was last week and like every year I have attended, there was a whirlwind of new technologies and methodologies being presented by the vendors I spoke with. Continue on to see what things we learned and how Plixer can help solve problems facing today’s customers.

Network traffic analysis for security

Network traffic analysis (or NTA) has been a feature set heavily used by the network operations teams, but it has only more recently been adopted by the security teams. I spoke with a lot of SOC engineers and incident response teams last week who were unfamiliar with the full capabilities of metadata exports and what information they can provide.

When you start thinking of flow metadata as a phone record of all the network traffic traversing the network, it suddenly becomes apparent how useful this data is for forensic investigations and incident response. In addition to collection, integrating this metadata with your other solutions such as PCAP and SIEMs only adds to the usefulness and helps justify their expensive costs. Feel free to reference my other blogs to see these integrations in action.

Advanced detection and automated response

It comes as no surprise that threats are becoming more advanced and call for more advanced detection mechanisms. Behavioral analysis has always been helpful for detecting zero-day attacks and still has its place, but a growing number of solutions provide DNS visibility as well as information into encrypted traffic. Using these technologies helps with the detection of these threats, but they are usually lacking on the response side.

NTA provides information into the IP communication on the network. But when you need visibility into the endpoint, it often means you will need another solution or an agent-based deployment, which is sometimes hard to scale. Plixer can provide a passive endpoint discovery and profiling solution that leverages the existing infrastructure without the risk of taking network devices offline unless needed. We also provide risk assessment based on a variety of metrics to tell you the hosts that aren’t provisioned properly or need to be patched.

The GIF above shows how an alarm violation for Rogue SMTP traffic, using a simple API pivot we can quickly see that the end system is a medical device that is unapproved for this and take action as needed. I find this example really shows the importance of coupling your NTA and Endpoint profiling products.

Point solutions don’t scale

I’ve always enjoyed going to RSA since I get to see a lot of my customers and talk to them about emerging technologies they’re looking at and new developments. If you follow my blogs, one common thread you might hear is that point solutions (i.e. buying a tool for one specific purpose) don’t scale. I often hear that teams just don’t have the time or the workforce for training and distributing a new tool to the organization.

You may have heard of the SOC Triad, which defines the three pillars of the modern SOC (network traffic analysis, endpoint discovery, and SIEMs) as part of their workflows. Plixer covers two of these pillars and offers integrations with a variety of SIEMs to provide enhanced workflows and cost savings on your SIEM licensing.

Plixer + SIEM = Modern SOC

RSA 2021 and beyond

I think this year’s RSA provided a lot of insight into how the market is recommending modern SOCs be deployed and what tools are required to keep up with the advancement of threats. My guess for 2021 and beyond is more automation around detection and remediation of threats, as well as a lot more use of metadata (for both detection and incident response). If you attended RSA 2020 or have some thoughts on the trends, I would love to hear your feedback! Thanks for reading and make sure to check out Plixer’s Scrutinizer platform to see how we can modernize your SOC.

Related

Network Monitoring

Expanding Horizons: Scrutinizer’s Latest Release Deepens Visibility from Core to the Cloud 

In an ocean of data and interconnected devices ranging from physical and virtual networks to the cloud, ensuring complete visibility and monitoring of your IT

Read More
No Comments
Map of decoy dog attacks
NDR

How Network Data Allows You To Detect DNS Attacks Like The “Decoy Dog” Exploit

In today’s complex cybersecurity landscape, the battle between hackers and defenders is a continuous chess match. Recent revelations about the “Decoy Dog” exploit have demonstrated

Read More
No Comments
a coder inspecting a zero day attack leading to a data breach

The Impact of a Data Breach

Dive into the recent HCA data breach and learn how a zero-day attack can quickly cause damage to your business.

Read More
No Comments
Plixer Logo

68 Main St Ste 4
Kennebunk, ME 04043

social-media-twitter YouTube Link social-video-youtube-clip LinkedIn Link professional-network-linkedin

How we help

Security Solutions

Network Solutions

Industries

Learn about us

About Plixer

Products

Partners

Support

Contact Support

Product Documentation

Exporter Configuration

© 1999 – 2023 Copyright Plixer, LLC. All rights reserved. Terms of Use | Privacy Policy