Even though most of us have looked at a calendar recently and thought, “I could have sworn we were in May, not October,” you can’t deny that the holidays are coming. There’s a chill in the air, forecasts for snow, and floods of emails and holiday advertising from almost every retail outlet. While shoppers are gearing up to find the perfect gift, anyone who works in retail cyber security is also no doubt preparing for the big rush as well. Here are five ways Plixer Scrutinizer can help you if you’re in that role.
Read moreBlog
Detecting RDP attacks with NetFlow and metadata
An ever increasing attack vector in the healthcare industry are attacks against open or unsecured RDP connections that allow a bad actor to gain a foothold into the network and use this to propagate malware or export the client via ransomware. In this blog, you’ll find some simple-to-follow workflows that you can use to identify and remediate any potentially vulnerable servers.
Read moreUsername reporting: NetFlow integration with Splunk
I was recently able to explore the Splunk software development kit with a customer. This helped me to implement another way to get username attribution within Plixer Scrutinizer. It’s a great addition to past methods such as Active Directory, Cisco ISE, and CounterACT because in many cases user information will already be logged in Splunk, which saves duplicate work with multiple systems.
Read moreHow to detect suspicious ICMP traffic
A few years ago, we added a behavioral algorithm to Plixer Scrutinizer that looked at all the flow data that was collected and determined if there was possible ICMP tunneling taking place. That algorithm alarmed if it determined that packet sizes were abnormal for ICMP traffic from a Windows or Linux platform.
Read moreHow to detect a reverse SSH tunnel
Today we are going to talk about Plixer’s new Flow Analytics algorithm, Reverse SSH Shell, which has been included in the latest Plixer Scrutinizer update. The Reverse SSH Shell algorithm identifies possible reverse SSH tunnels to external destinations.
Read moreWhy highly available monitoring is important to compliance
Many organizations carry a burdensome responsibility to various regulatory bodies like the Securities and Exchange Commission or the US Department of Health and Human Services. These bodies can levy heavy fines on businesses that fall out of compliance or can’t demonstrate that they complied with industry security standards. Among the many tools and platforms available to organizations, network traffic analytics—and more specifically, network detection and response (NDR) technology—has become a go-to solution used to help businesses demonstrate compliance.
Read moreSTIX/TAXII for threat intelligence
What is STIX/TAXII?
STIX stands for Structured Threat Information Expression, which is an open-source language and serialization format used in sharing threat intelligence. Think of it as the vehicle for containing the threat information. Threat intelligence is communicated as objects and is detailed or as brief as the creator would like. TAXII stands for Trusted Automated Exchange of Indicator Information and is an application protocol that uses HTTPS/HTTP to enable communication. Think of this as the highway for STIX to travel on.
Read moreFirst look: Plixer’s machine learning engine explained
The purpose of this blog is to de-mystify the hype around machine learning (ML) by exploring three topics:
- What kind of ML is Plixer using and why?
- What insights or predictions can be drawn out of NetFlow, IPFIX, and metadata?
- Once applied, how do the results reduce the strain on network and security operations teams?
Returning to normal: monitoring the reintroduction of the workforce
When this pandemic started and nearly the entire workforce went remote, our focus was to maintain the quality of service outside of what was then normal operations. Although it seems like we still have a long road to travel, we are starting to see signs of progress. Globally, many companies are opening up their offices and giving their employees the choice of working in the office or from home. For network administrators, this adds another layer of headache.
Read moreEnhance NetOps/SecOps collaboration with Plixer’s new collections feature
I can’t tell you how many calls I’ve been on where the NetOps and SecOps teams really don’t know what the other is doing. Sadly, in today’s remote-work-centric world, the relationship between the two teams has become vital in making sure the end users not only have the resources they need, but at the same time, making sure everything is safe and up to compliance requirements.
Read more