Using NetFlow for security monitoring can be an effective strategy for both uncovering bad actors and play an important role in your malware incident response steps. This post will take a look at how flow technologies help reinforce your defenses against electronic crime.
Plixer Receives 2015 Internet Telephony Product of the Year Award: Scrutinizer Recognized for Industry Innovation
Are you interested in monitoring BYOD traffic headed to the Internet for security threats? You should be paying close attention to DNS traffic, specifically NXDOMAIN. The NXDOMAIN is a DNS message type received by the DNS resolver (i.e. client) when a request to resolve a domain is sent to the DNS and cannot be resolved to an IP address. An NXDOMAIN error message means that the domain does not exist.
In the world of NetFlow and IPFIX, flow direction is a topic that can confuse some of the best technical minds. It is an important concept in relation to routers because where information (e.g. byte counters) is gathered can have a significant impact on perceived accuracy. This is sort of 3 part blog. Although it isn't totally necessary, it might help the reader to understand a different type of flow directionality first as posted in my other blog.
Are you looking for a Carrier Grade NAT Reporting solution? We took the time to understand the format of the NetFlow template coming from routers configured to export this unique data. We then built in some great searching and reporting capabilities.
Plixer International, Inc. is a leading threat detection and incident response provider focused at engineering the very best system for uncovering unwanted communication behaviors. Rather than depending on packet signatures, their strategy uncovers unwanted communications by leveraging flow data from the customer’s existing investment.”
As you are probably aware, the Domain Name Server (DNS) plays an important role in how end users connect to the internet. In order to gain some background before reading this blog, you may want to read my post on An Overview of DNS. Once you have a bit more technical information on the DNS behaviors, I think you will find this post more informative.
There is a growing interest in monitoring DNS NX responses and this is partly because attackers have been brewing up creative new ways to exploit a critical connectivity resource called the Domain Name Server (DNS). Even in tightly secure networks, many organizations rely on the firewalls to protect the DNS but, access to the DNS is often lax due to necessary routine updates and the volume of requests it must reply to. Attackers of course, are aware of this.
Here at Extreme Networks, we pride ourselves on delivering innovative and intelligent solutions to our customers. Our solutions are high-performance, open and scalable... for all your needs.
With a growing number of data breaches over the past several years, it’s no surprise that a collection of best practices is evolving to help prevent them and to respond to them when they do occur. And they will occur - because bad guys make a living by figuring out ways to circumvent security best practices.
Being prepared for a cybercrime and having an incident response system or plan in place means that you subscribe to the notion that “Keeping the bad guys out is a losing proposition” Brian Krebs. I couldn't agree more but, what more can you do to make sure that your plans for taking action bring the best outcome given that no outcome will be optimal.
Are you tasked with building an Incident response team for your company or organization? Have you thought about what their responsibilities will be, how they will be engaged and who the key members will be?
Are you looking for a NetFlow Intrusion Detection System that will look for behaviors rather than deep packet signatures? If you are , there are several key enablers to look for that will help ensure you purchase the ideal solution. Lets take a look at each one:
If you are looking to learn about how to investigate malware, chances are you are already infected and under the gun to uncover the source and clean up the mess. Here are a few things to consider before you dig in.
Setting up an cyber security incident response system? Spend your money wisely and make sure you’re ready to invest a bit of time not only in the setup and preparation efforts but, also in maintenance and routine testing and training.
At a time when the presence of cybersecurity threats has never been more severe, you may be surprised to learn that the strategy used by many IT administrators to proactively guard against attempts to infect computers has changed little in the past five years.
Every day, your company is receiving tens of thousands of emails. Most of it is legitimate, work related stuff, but hidden within these messages could be phishing attacks. These insidious messages are emails embedded with links that when clicked, trigger the installation of software intended to perform malice on your network. The good news is that these emails are directed toward employees who usually recognize what is and isn’t a legitimate form of communication. As a result, 95% of these emails are simply deleted. However, attackers are persistent, clever and compensated to keep trying. Time is on the hacker’s side and eventually, someone somewhere clicks on a link thinking the correspondence was valid and ……
In talking with a customer recently about Cyber Incident Response, he helped me realize that when dealing with the cleanup of cyber threats we need to follow a methodical protocol. His focus on Detect, Respond and Contain helped inspire me to write about the topic and how flow collection allowed him to reach his investigation goals.
IXIA has released a Network Packet Broker (NPB) which is a compact, hardware-based, rack-mounted device that offers what they believe to be a new approach for handling and manipulating network packets. NPBs claim to optimize the access and visibility of traffic from one or many network links to monitoring, security and acceleration tools. NPBs gather vital traffic from TAP and SPAN ports and deliver communication details via NetFlow and IPFIX to multiple network monitoring tools.
Last year we had a customer contact us to help them invest in the ideal Riverbed NetFlow Analyzer. After receiving a good size packet capture, I spent some time with the other engineers developing a whole bunch of new reports.