search youtube arrow-left arrow-right quote close hamburger Twitter facebook linkedin page-header-bottom arrow right arrow left

Blog

NDR

The 7 best Network Detection and Response use cases

Posted on - by Adam Boeckmann

Hallmarked by the application of machine learning to network metadata, Network Detection and Response leverages advanced intelligence and integrations with response-capable solutions such as NAC and SIEM to provide incredible visibility into an organization’s network traffic. This is a stark contrast to the traditional approach of leveraging thresholds and pre-defined traffic patterns to automate network alerts. While this approach works just fine for detecting certain threats—think DDoS or SYN scans as an example—there is just so much more we can do confidently with machine learning. Let’s explore some of the more popular Network Detection and Response use cases.

Read more
Security Operations

Detect abnormal lateral network traffic using machine learning and NetFlow

Posted on - by Scott

In a previous blog I introduced you to the malware detection capabilities of Plixer’s intelligence product. I would like to circle back to some information shared in that blog to talk about its ability to detect behaviors like lateral movement across the LAN segments of the network related to data accumulation.

Before I get started, I want to talk about strategies used for network visibility and why flow technologies should be at the top of the list.

Read more
Network Operations

Client and server reports in Plixer Scrutinizer

Posted on - by Dylan Mclaughlin

In our new release of Scrutinizer version 19.1.0, we have included a handful of new reports that help to provide more information on the NetFlow collected from your network. These are the Client – Server reports, which can show directionality of requests and responses to give insight into who is asking for what and what kind of responses they get.

Read more
Network Operations

Searching NetFlow for a private host behind a NAT router

Posted on - by Ryan Slosser

Inbound traffic that is captured and exported as NetFlow by your NAT router only shows that the destination of the inbound internet traffic is your external IP address. But what if you want to know what private host initiated that traffic? Today, I’d like to go over how Plixer Scrutinizer can report on this traffic and expose the internal address of this traffic.

Read more
Network Operations

What is network traffic intelligence?

Posted on - by James Dougherty

With the onslaught of malware and cloud applications increasing, network traffic intelligence has become increasingly important. When an infection is unearthed and the incident response team moves in to figure out what exactly has happened, one of the first things they will do is request the logs, including the flow (NetFlow and IPFIX) data. Network and application issues are troubleshot in a similar way.

Read more
Security Operations

Malicious links and how to find them

Posted on - by Joanna Buckley

It can happen to anyone, even the most seasoned of network security personnel. You can be searching for something on Google, see a seemingly innocent link that looks like exactly what you’re looking for, and click it. Next thing you know, your computer screen is flashing with a message that says your computer is infected and you need to call the following number ASAP. If this does happen in your office, don’t worry: we can help.

Read more
Configuration

Cisco Firepower FTD NetFlow configuration

Posted on - by Scott

I am often exposed to new network devices and the ways that they support and configure flow-monitoring technologies. So I was excited to learn this new Cisco Firepower Threat Defense NetFlow configuration.

This configuration uses all the same NSEL configuration commands that you would use on a Cisco ASA, in just about the same order as I described in this Cisco ASA configuration blog. The difference is that you are applying the commands using a GUI interface and not CLI.

Read more