Featured Posts

An alert touches multiple segments of the network, representing the challenge to reduce false positives
Deep Network Observability

How to Reduce False Positives with Shared Context

False positives are rarely caused by too many alerts, but by missing context. Let’s say a spike in outbound traffic shows up in the firewall logs. Around the same time, ...

Read More
Magnifying glass on top of a diagram that looks like both a fingerprint and a network, representing end-to-end network troubleshooting
Network Operations

Why Most Performance Investigations Start in the Wrong Place

A padlock silhouetted against a dark background, surrounded by a spray of white particles, representing password spraying detection.
Security Operations

What Password Spraying Looks Like in Raw Network Telemetry

All Posts

Security Operations

You can’t stop Malware claims Yahoo CEO

Despite the hundreds of billions spent by companies over the last several years, malware continues to infect our networks,

Read More
traci
Network Operations

Why and How to Use a Syslog Forwarder

Often I find that there is overlap in the type of insight sought after in syslogs and NetFlow tools

Read More
Network Operations

Amazon Hacked or False Accusation

Given the size of Amazon’s customer base, it is probably one of the largest Internet sites targeted by hackers.

Read More
Network Operations

End System IPFIX Agent – Cisco – Plixer – Ziften

In the past two years, we have seen two more vendors enter the market of exporting IPFIX from end

Read More
General

Flow Replicator Vs UDP Forwarder

Recently a customer called in asking about our UDP Forwarder.  At first I wasn’t sure what they were talking

Read More
Network Operations

UDP Forwarding: Network Monitoring Solutions

It’s common to need UDP forwarding to replicate UDP packets to all of your network monitoring solutions. Being the

Read More