Configuring VMware NSX IPFIX
VMware NSX IPFIX provides network monitoring data similar to that provided by physical devices, giving administrators a clear view of virtual network conditions. In...
All
incident response
Responding to zero day threats using NetFlow
In this blog, I want to talk to you about investigating zero-day attacks. A zero-day attack can be a huge menace on the network, since it can bypass a lot...
Disaster Recovery Monitoring
A question that I have been getting a lot recently is, “how can someone better their disaster recovery monitoring”. Tools that utilize SNMP are going...
Building your incident response team
What do you normally do when you find an infected machine on the network? if you don’t have a good answer to that question...
Tracking brute force Attacks
Tracking brute force attacks on your network can be a very time consuming process. It often ends up with you running around the office...
Fortigate NetFlow Configuration
I was working with a customer a couple weeks back and wanted to share a sample Fortigate NetFlow configuration that we came up with....
Integrating NetFlow and SIEMs: Enterprise incident response solutions
If you’re an avid follower of our blogs, then you know that network threat detection using NetFlow analytics is a valuable enhancement to network...
Detecting Network Scans using NetFlow
As a continuation of our Network Security series, I wanted to write a blog on detecting network scans using NetFlow and IPFIX. Since a...
Network Forensics and Incident Response Using NetFlow and IPFIX
Network forensics can be an intimidating subject. When IT personnel hear the word “forensics” they often recoil with visions of complicated software such as...