As more and more devices are added to the internet, a larger swath of insecurity comes with them. Botnets and compromised devices are the main sources of headache for attacks on infrastructure, with Distributed Denial of Services attacks becoming a major tool for the bad actors to break systems or cover their tracks during an …
Tuning DDoS and DRDoS flow analytics to your environment Read More »
I spent a lot of time talking to customers at RSA 2019 and a message that resonated with a lot of them was using your network as a sensor. I believe this is because SOC analysts often dig through log data or full packet capture—but then overlook network metadata because it isn’t available to them …
In this line of work I find myself talking with network professionals daily. With this constant exposure to a variety of network environments and people, certain terms tend to float to the surface. Lately DDOS and Reflection DDoS attacks are on the threats to discuss. They are becoming easier to conduct and larger in scale, and due …
NetFlow is widely regarded as an ideal technology for acquiring summarized details on network traffic; as a result one can use NetFlow to identify network anomalies. Use of the data collected includes making bandwidth optimizations, understanding the impact of configuration changes, identifying trouble areas, usage base billing and uncovering anomalies that often fly under-the-radar. Today …
In this blog, I will be continuing Part 1 of the “What is Flow Analytics™?” Series. In this blog I will be going over what the different algorithms do and how you can use them to better your network traffic analysis.
Oftentimes, when I’m running around the country setting up Flow Analytics, I don’t see Null Scans pop up. However, recently I’ve visited high-profile customers that are big targets for malicious behavior. As we configure Cisco NetFlow on their routers and ASA firewalls, I’ve noticed FA alerting on these packets with no flags set.