Featured Posts

Various network nodes with security locks, representing encrypted traffic visibility
Network Security

How To Investigate Encrypted Traffic Without Decrypting It 

Most malicious traffic is encrypted, and in real environments, you usually don’t have the keys to inspect it. You can still investigate encrypted traffic effectively by ...

Read More
Representation of lateral movement: attack spreads through a network from a central point
Network Security

How To Detect Lateral Movement: A Step-by-Step Guide 

Blocks of data in a digital environment. Most of the blocks are clear but one is red, representing AI-powered anomaly detection
NDR

How Network Anomaly Detection Works (And Why It Matters)

All Posts

Network Operations

Cisco Nexus 7000 NetFlow Sampling

With most devices that sample NetFlow, there is an export of the sample rate in the flow record or

Read More
Network Operations

How Accurate is Sampled NetFlow?

I have been working with a number of customers recently who are required to use sampled NetFlow because of

Read More
Security Operations

Detecting Rogue DHCP Servers

A rogue DHCP server on a network is one that is not under the administrative control of the network

Read More
Network Operations

Sampled NetFlow Accuracy

Sampled NetFlow accuracy is often a concern when network administrators find that sampling is their only NetFlow network traffic

Read More
Network Operations

Fortinet IPFIX Support

Did you know there is Fortinet IPFIX support on their FortiSwitch-1000 switch?  The other day I was working with

Read More
Netflow

Astaro IPFIX Reporting: Astaro NetFlow Support

Apparently some of our customers are calling in asking for Astaro IPFIX Reporting support.  It’s always fun to work

Read More