Incident Response System

DNS Command and Control Detection

This morning our malware incident response system triggered an event for suspected DNS “Command and Control” activities. Our security team jumped on it and I thought what we learned in the process of following up on the event was blog worthy.

Exchange Monitoring Tool

My colleague Jake recently wrote about Disaster Recovery Monitoring, and about how our Incident Response System, using IPFIX/NetFlow is more helpful then tools that rely on SNMP. We at Plixer recently ran into an issue with our Microsoft Exchange Server that helps illustrate the benefit of using IPFIX/NetFlow as an analytic and investigative tool.

Username Reporting with Netflow

I have had a few customers ask about username reporting with Netflow within their incident response system. Collecting user activity and viewing reports filtered on specific users can give administrators insight and convenience when looking at user logged into the network when investigating an incident or providing detailed reports for management. Most authentication systems are …

Username Reporting with Netflow Read More »

PCI DSS Compliance

Due to potentially steep fines and loss of customer good will, retail and financial services companies are guardedly concerned about PCI (Payment Card Industry) compliance. The PCI Data Security Standard (PCI DSS) is a set of prescriptive data security specifications laid out to ensure the safe handling of cardholder information at every stage. The PCI …

PCI DSS Compliance Read More »