As enterprises adjust to the new normal and remote work, they are bracing for potential attacks resulting from employee carelessness. Bad habits, such as leaving devices unattended while on the VPN, can pose serious risks to the business. This blog will discuss how human negligence affects network security and provide some examples of how some threat vectors impacts organizations.
Read moreBlog
Forensic investigation of endpoints using NetFlow
Posted on - by Jake
This blog will go over how to use some of the features in Plixer Scrutinizer v19.0, such as the host index and IP groups functionality, to quickly define your endpoints and reduce the time it takes to find suspicious hosts. Recently we have seen an uptick in customers looking to use this functionality to its fullest to help speed up incident response.
Read moreHow can I load balance my NetFlow traffic across multiple collectors?
Posted on - by Scott
Do you find that you are constantly modifying NetFlow configurations to balance collector workloads? The latest release of Scrutinizer introduces an option to load balance the collector workload across multiple, distributed-collector clusters by automatically modifying Plixer Replicator profiles based on the number of exporters and flow volume processed at each collector.
Read moreTracking the SUNBURST exploit with metadata
Posted on - by Thomas
Updated: 1/6/2021
On 12/13/20, cybersecurity company FireEye published research for the SUNBURST exploit, which is affecting companies using SolarWinds software. Since the news broke, we have been experimenting with ways that Plixer’s NDR solution, Scrutinizer, can help our customers determine the impact SUNBURST may have had on their networks.
Read moreDefining top talkers with Flexible NetFlow and AVC
Posted on - by Khalil Ismayilov
I was recently on a call with a customer who wanted to know which applications use the most bandwidth during working hours—i.e. their top talkers. This gave me a great opportunity to review a specific feature of Flexible NetFlow and AVC integration. I’ve decided to build a small lab with a simple network configuration where I could set up a couple of VLANs, a trunk communication between L2 and L3 devices, and couple of devices. The end goal is to define what host under what VLAN is using what application the most.
Read moreMonitoring applications with Plixer Scrutinizer
Posted on - by Dylan Mclaughlin
Monitoring applications is a useful tool in the network administrators tool belt and I’d like to go over how Scrutinizer can help monitor your network in both the realm of bandwidth utilization and security alerting. This blog will cover why it is important to monitor applications and the different ways we can gather and report on that information using Scrutinizer.
Read moreIntegrating Plixer and Aruba: sFlow, IPFIX, and ClearPass
Posted on - by Stephen Tutterow
This blog will focus on Plixer’s current capability to extract flow from the different solutions Aruba has to offer today. I will go over the integration steps with Aruba ClearPass and the role we play in an automated role-based access monitoring setup using ClearPass.
Read moreHow to get the best ROI for your SIEM: Tips on picking the right NDR
Posted on - by James Dougherty
Has management made enhancing your network monitoring toolset with an NDR component a priority for the new year? Have the demands of the pilgrimage to a fully remote office shed some light on dark places on your network? Are you concerned that the one thing your significant other wanted for Xmas won’t be available on Amazon? Don’t worry about it—seems like everyone is facing these issues nowadays.
Read moreInspecting encrypted traffic with JA3 and JA3S fingerprinting
Posted on - by Jeff Morrison
Two years ago, I wrote a blog about tracking malware in encrypted traffic. The overall theme of that blog was that encryption has become much more of a standard. 2017 in particular was a milestone year in which the volume of encrypted traffic officially surpassed unencrypted web traffic. It’s safe to say that in three years, that balance has shifted even more in favor of SSL/TLS encryption. In this blog, I’ll explore the concept of JA3 and JA3S fingerprinting and the benefits they introduce when it comes to inspecting encrypted traffic.
Read morePlixer Scrutinizer new UI changes
Posted on - by Ryan Slosser
With the newest release of version 19.0.0, I’d like to go over how Plixer Scrutinizer’s UI has changed to make finding data easier. There are a few new ways to accomplish the same tasks in the newest release that differ from the version 18.20 and under. This blog will cover how to accomplish some common workflows in the new UI, and how to navigate to the data you need even faster than before.
Read more