Ecessa NetFlow support in Scrutinizer

Today I’m going to write about a company named Ecessa.  If you haven’t heard of them before, they have a long history of building networking hardware for businesses.  Since the inception of the company, one of their primary goals has been to ensure reliable and resilient Internet connectivity. Continue reading “Ecessa NetFlow support in Scrutinizer”

Malware Detection: Determining the cause

EVENT-SECURITY

Malware Detection and determining the cause of an incident is a requirement in todays connected world. The post U.K. Parliament’s computers tried to access porn 247,000 times in 2015 is a great example. From first glance you get the impression that people at the Parliament have way too much time on their hands. When you dig a bit deeper we start to see that this the problem isn’t an HR issues but network security issue. The good news is that with the adoption of NetFlow collection and  Flow Pro Defender Scrutinizer can monitor for malware. Continue reading “Malware Detection: Determining the cause”

Ransomware targets increase with IoT vulnerabilities

Face it—the information technology arena is an ever-changing monster and recent news about the increase with IoT vulnerabilities is no exception. A new technology can come around all of a sudden and change how we think and do things. Don’t get me wrong; it’s exciting and it’s what our world has been built on, but it’s also a little nerve-wracking. This becomes a bigger issue in the world of security, since newer technology tends not to be completely vetted. Continue reading “Ransomware targets increase with IoT vulnerabilities”

F5 IPFIX Support

A little while ago we posted an article on F5 IPFIX Support. I wanted to follow up on that and dig a little deeper on how to configure your F5 to send IPFIX and IEs to a collector. Remember, IEs are individual fields in an IPFIX template.  Under the F5 an IPFIX template describes a single Advanced Firewall Manager (AFM) event. Continue reading “F5 IPFIX Support”

Internet Threats: UDP Scans

Let’s talk about UDP scans and how they can be an internet threat. In today’s world, having multiple layers of Internet Threat Defense is a requirement. With Scrutinizer and the intelligence behind Flow Analytics it is easy to detect reconnaissance-style traffic patterns like UDP scans.  UDP scanning is common both on the Internet and internally. A common use on the Internet is to ID servers that can be used for DrDoS (distributed reflection denial of service) attacks, as DoS works much better on UDP. Internally, it can be used to ID open ports on machines. Continue reading “Internet Threats: UDP Scans”

Amazon: AWS Log Reporting

I was having a conversation with a customer the other day about Amazon AWS monitoring.  He had some interesting insight on his company’s overall migration to Amazon Web Service (AWS). He started with, “Here’s the core of it, cloud based deployment isn’t going away for us. Though there are no directives, by this time next year I’m expecting all but two of our public-facing applications to be sitting outside of our buildings.”  He even went on to say, “There’s a very real possibility that within 2-3 years we decommission half of our computer rooms”. Needless to say, any application that they use for network visibility and incident response needs to support Amazon AWS monitoring. I loved his input and because of it I decided to dig deeper. Continue reading “Amazon: AWS Log Reporting”

Ransomware targets increase with IoT vulnerabilities

Face it—the information technology arena is an ever-changing monster and recent news about the increase with IoT vulnerabilities is no exception. A new technology can come around all of a sudden and change how we think and do things. Don’t get me wrong; it’s exciting and it’s what our world has been built on, but it’s also a little nerve-wracking. This becomes a bigger issue in the world of security, since newer technology tends not to be completely vetted. Continue reading “Ransomware targets increase with IoT vulnerabilities”