We recently built out a whole bunch of reports for the Cisco AnyConnect Network Visibility flow export called nvzFlow. As we poured through the flow templates, we started to appreciate and even agree with Cisco Systems on how disruptive this technology will be for the packet capture and network traffic visibility community.
If you are being repeatedly targeted by a phishing attack, chances are you will eventually click. And if you end up infected, often times your computer will show no obvious signs of the virus or bot. What can you do?
There has been lots of excitement this week at our company since the release of Cisco’s nvzFlow. Companies which utilize the Cisco ASA for VPN access have the option to upgrade to AnyConnect 4.2. With this latest release admins can configure remote users to export IPFIX right from their laptops to the flow collector for real time and future analysis.
When looking to setup Splunk NetFlow reporting or integration, we have learned that several items need to be considered. The first of which is to list the objectives and goals sought after from a Splunk NetFlow Integration setup.
Almost every day the security team needs to investigate a potential threat and the likely hood of chasing another false positive is considerable. How can they decrease false positives and shorten the investigation time? Due to the volume of alarms to investigate, the Mean Time To Response (MTTR) on each occurrence is a metric that often falls under scrutiny. Less time is better and the best way to ease the burden is to improve the context surrounding an event. This means the right details related to whatever is being investigated.
Infections have become so common that every company on the Internet has some level of experience with following up on an infection or potential data breach. Security professionals know that with almost every piece of malware discovered, security needs to investigate the incident. Where do they look?
The issues caused by careless clicking has been so severe that many companies are instituting routine programs that constantly test employees. In an attempt to educate the general population on the dangers of clicking on things too fast when receiving emails, Plixer has developed a free game called Click Click Phish.
You are in luck because you have several options to get Splunk NetFlow support. I know of three; however, there are probably more. This post will list them all and discuss the benefits of each.
Are you looking to get up to speed on the benefits of a Software Defined Network? This post will save you some time by providing 8 areas where SDNs promise to deliver. It will also provide you with a few links where you can learn even more about the technology.
Being prepared for a cybercrime and having an incident response system or plan in place means that you subscribe to the notion that “Keeping the bad guys out is a losing proposition” - Brian Krebs. I couldn’t agree more, but what more can you do to make sure that your plans for taking action bring the best outcome, given that no outcome will be optimal?
Using NetFlow for security monitoring can be an effective strategy for both uncovering bad actors and play an important role in your malware incident response steps. This post will take a look at how flow technologies help reinforce your defenses against electronic crime.
Plixer Receives 2015 Internet Telephony Product of the Year Award: Scrutinizer Recognized for Industry Innovation
Are you interested in monitoring BYOD traffic headed to the Internet for security threats? You should be paying close attention to DNS traffic, specifically NXDOMAIN. The NXDOMAIN is a DNS message type received by the DNS resolver (i.e. client) when a request to resolve a domain is sent to the DNS and cannot be resolved to an IP address. An NXDOMAIN error message means that the domain does not exist.
In the world of NetFlow and IPFIX, flow direction is a topic that can confuse some of the best technical minds. It is an important concept in relation to routers because where information (e.g. byte counters) is gathered can have a significant impact on perceived accuracy. This is sort of 3 part blog. Although it isn't totally necessary, it might help the reader to understand a different type of flow directionality first as posted in my other blog.
Are you looking for a Carrier Grade NAT Reporting solution? We took the time to understand the format of the NetFlow template coming from routers configured to export this unique data. We then built in some great searching and reporting capabilities.
Plixer International, Inc. is a leading threat detection and incident response provider focused at engineering the very best system for uncovering unwanted communication behaviors. Rather than depending on packet signatures, their strategy uncovers unwanted communications by leveraging flow data from the customer’s existing investment.”
As you are probably aware, the Domain Name Server (DNS) plays an important role in how end users connect to the internet. In order to gain some background before reading this blog, you may want to read my post on An Overview of DNS. Once you have a bit more technical information on the DNS behaviors, I think you will find this post more informative.
There is a growing interest in monitoring DNS NX responses and this is partly because attackers have been brewing up creative new ways to exploit a critical connectivity resource called the Domain Name Server (DNS). Even in tightly secure networks, many organizations rely on the firewalls to protect the DNS but, access to the DNS is often lax due to necessary routine updates and the volume of requests it must reply to. Attackers of course, are aware of this.
Here at Extreme Networks, we pride ourselves on delivering innovative and intelligent solutions to our customers. Our solutions are high-performance, open and scalable... for all your needs.
With a growing number of data breaches over the past several years, it’s no surprise that a collection of best practices is evolving to help prevent them and to respond to them when they do occur. And they will occur - because bad guys make a living by figuring out ways to circumvent security best practices.