Microsoft has redone their release cycle format, and although it makes things easier for the end user, it can prove difficult to ensure your environment is running the most up-to-date or minimally supported operating systems. Microsoft is now only releasing major feature updates to Windows 10, as opposed to releasing a “Windows 11” or a “Windows 10.1.” Thus it is no longer obvious if an end user is running an outdated operating system. This is a challenge for systems administrators who need to make sure endpoint machines are on the latest Windows 10 update.
Read moreBlog
Five ways Plixer Scrutinizer helps retail networks
Posted on - by Joanna Buckley
Even though most of us have looked at a calendar recently and thought, “I could have sworn we were in May, not October,” you can’t deny that the holidays are coming. There’s a chill in the air, forecasts for snow, and floods of emails and holiday advertising from almost every retail outlet. While shoppers are gearing up to find the perfect gift, anyone who works in retail cyber security is also no doubt preparing for the big rush as well. Here are five ways Plixer Scrutinizer can help you if you’re in that role.
Read moreDetecting RDP attacks with NetFlow and metadata
Posted on - by Jake
An ever increasing attack vector in the healthcare industry are attacks against open or unsecured RDP connections that allow a bad actor to gain a foothold into the network and use this to propagate malware or export the client via ransomware. In this blog, you’ll find some simple-to-follow workflows that you can use to identify and remediate any potentially vulnerable servers.
Read moreUsername reporting: NetFlow integration with Splunk
Posted on - by Brian Davenport
I was recently able to explore the Splunk software development kit with a customer. This helped me to implement another way to get username attribution within Plixer Scrutinizer. It’s a great addition to past methods such as Active Directory, Cisco ISE, and CounterACT because in many cases user information will already be logged in Splunk, which saves duplicate work with multiple systems.
Read moreHow to detect suspicious ICMP traffic
Posted on - by Scott
A few years ago, we added a behavioral algorithm to Plixer Scrutinizer that looked at all the flow data that was collected and determined if there was possible ICMP tunneling taking place. That algorithm alarmed if it determined that packet sizes were abnormal for ICMP traffic from a Windows or Linux platform.
Read moreHow to detect a reverse SSH tunnel
Posted on - by Khalil Ismayilov
Today we are going to talk about Plixer’s new Flow Analytics algorithm, Reverse SSH Shell, which has been included in the latest Plixer Scrutinizer update. The Reverse SSH Shell algorithm identifies possible reverse SSH tunnels to external destinations.
Read moreWhy highly available monitoring is important to compliance
Posted on - by Justin
Many organizations carry a burdensome responsibility to various regulatory bodies like the Securities and Exchange Commission or the US Department of Health and Human Services. These bodies can levy heavy fines on businesses that fall out of compliance or can’t demonstrate that they complied with industry security standards. Among the many tools and platforms available to organizations, network traffic analytics—and more specifically, network detection and response (NDR) technology—has become a go-to solution used to help businesses demonstrate compliance.
Read moreSTIX/TAXII for threat intelligence
Posted on - by Dylan Mclaughlin
What is STIX/TAXII?
STIX stands for Structured Threat Information Expression, which is an open-source language and serialization format used in sharing threat intelligence. Think of it as the vehicle for containing the threat information. Threat intelligence is communicated as objects and is detailed or as brief as the creator would like. TAXII stands for Trusted Automated Exchange of Indicator Information and is an application protocol that uses HTTPS/HTTP to enable communication. Think of this as the highway for STIX to travel on.
Read moreFirst look: Plixer’s machine learning engine explained
Posted on - by Stephen Tutterow
The purpose of this blog is to de-mystify the hype around machine learning (ML) by exploring three topics:
- What kind of ML is Plixer using and why?
- What insights or predictions can be drawn out of NetFlow, IPFIX, and metadata?
- Once applied, how do the results reduce the strain on network and security operations teams?
Returning to normal: monitoring the reintroduction of the workforce
Posted on - by James Dougherty
When this pandemic started and nearly the entire workforce went remote, our focus was to maintain the quality of service outside of what was then normal operations. Although it seems like we still have a long road to travel, we are starting to see signs of progress. Globally, many companies are opening up their offices and giving their employees the choice of working in the office or from home. For network administrators, this adds another layer of headache.
Read more