Michael Patterson : Advanced NetFlow Traffic Analysis
Michael Patterson
Founder and Product manager for Plixer's Scrutinizer NetFlow and sFlow Analyzer as well as Flow Analytics.

What is a SD-WAN?

In a nut shell, SD-WAN is monitoring platform used to automate traffic routing over redundant paths based on predefined performance thresholds.  I’m...

Full Story »

Increasing Productivity is a key aspect of small business voice telephony solution

  There are lots and lots of features with voice telephony solutions.  It’s important not to get carried away with all of...

Full Story »

The Status of WebRTC

It’s been quite a while since I wrote about the status of WebRTC.   And quite a bit has happened in that time.  ...

Full Story »

Is It Possible to Outgrow an Open-source PBX?

Due to cost, many small businesses have started with an Open-source PBX such as Asterisk and FreePBX.  But once you have that...

Full Story »

Have You Reserved Your ITEXPO 2019 Booth and Sponsorship? #2

So excited to be back and share three more of the biz and tech expert types of people and businesses that typically...

Full Story »

Have You Reserved Your ITEXPO 2019 Booth and Sponsorship? #1

Practically every year since year 2000, one of my companies DIDx Inc has showcased services with an ITEXPO booth and given back...

Full Story »

Internet Trends and the Impact on Enterprise Communications

You might be wondering why last week I wrote about the Cisco VNI and this week I’m writing about the Mary Meeker...

Full Story »

What is a SD-WAN?

September 5, 2018

In a nut shell, SD-WAN is monitoring platform used to automate traffic routing over redundant paths based on predefined performance thresholds. 

Enterprise NetFlow Suggestions

February 20, 2018

In searching for the next flow collection system that will support your organization, most results will turn up solutions claiming to support the consumption of millions of flows/second. For the most part, I think there is some truth to these claims but, when the system is trialed, the limitations become obvious. 

Enterprise NetFlow Collections

It’s one thing to collect high volume NetFlow and quite another to report on it and that’s really where the rub lies.  The amount of engineering necessary to collect millions of flows per second and write them to some type of backend really isn’t all that hard for a seasoned developer. 

Best Free NetFlow Collector

November 7, 2017

I thought it was high time for me to write a post on how to go about selecting the best free NetFlow collector for your environment.  Before you make a decision, it is important to list out the features your team is going to need from the solutions you evaluate. Some of the features and functions might seem very obvious but, I’m sure I can list just a few that you may not have realized. 

  1. Easy to use interface: this doesn’t just mean an intuitive interface. 

Forwarding UDP Packets

August 1, 2017

Many threat detection systems rely on reviewing logs in order to uncover contagions on the network.  In most cases, these logs come in the form of syslogs, NetFlow and IPFIX.  In an effort to protect the corporate jewels from the growing attack continuum, some organizations resort to sending the same system logs to multiple security platforms which look for surreptitious infections in different ways.  It can become a problem when hundreds or even thousands of devices need to be reconfigured to send logs to a second, third or fourth source. 

What is Network Traffic Analytics

July 11, 2017

Traffic Analytics as it applies to the network and security is meant to help IT professionals who need to forensically investigate massive amounts of mostly internally generated logs and flows. Because threat prevention has largely failed in the industry with the gap continuing to widen, network and security analysts are forced to react to events on the network. This means wait for something to occur and then investigate:

  • when it happened
  • what it did once it was inside
  • who else was involved
  • what data was compromised

When answering the above, Network Traffic Analytics (NTA) or sometimes called Security Analytics are the umbrella terms that apply. Ultimately, the goal of NTA to improve security posture, reduce risk and gain deeper insight into each and every event.

WannaCrypt proactive measures with NTA

May 16, 2017

In an effort to help protect our company and our customers’ from wcrypt, we documented in this post a series of steps followed by our incident response team which temporarily re-enforced our cyber defenses. To gain some background on this ransomware, the initial infection was stopped by a researcher that stumbled across the kill switch and ended up saving a lot of people. However, this measure was only a stopgap as the malware author(s) or another person could easily repackage this contagion with a craftier sandbox test mechanism.  

Implementing the NIST Framework for Improving Cyber security

March 11, 2017

When reviewing or even building out an organizations cybersecurity infrastructure, the National Institute of Standards and Technology (NIST) offers a document that can be a great place to start. The document is called the Cybersecurity Framework and provides a high-level, strategic view on the lifecycle of an organization’s management of risk.  It does not make security appliance or specific solution recommendations to detect, defend against or investigate cyber events. Instead, it is intended to guide the teams responsible for cybersecurity through the process of making sure systems are in place. 

Threat Investigations Suffering from Lack of Context

November 28, 2016

Pretty much all companies fall victim to cybercrime eventually.  Whether it is directly or indirectly, the cost varies depending on the industry. Energy and financial organizations suffer the most in comparison to the automotive and agricultural businesses.  The costs incurred however, are not always withdrawals from the corporate bank account or the loss of top secret plans.  Some might be surprised to learn that the significant costs are actually in the clean up with small organizations suffering the highest cost per enterprise seat.  Source: HP.com

A Massive Wave of Cybercrime Coming

September 29, 2016

Get ready for biggest year yet in cybercrime.  We have learned over the last few years that hackers have honed their penetration skills to the point that any targeted company can easily become a victim.  Most business owners have accepted that being connected to the Internet means that they can and probably will be compromised regardless of the defensive measures taken.  It is more than just a game of probability. 

DNS Firewall

June 4, 2016

I don’t think I’ve ever spoken with a company – at least that I can remember that didn’t have a firewall in place.  Cisco ASA (Fire Power), Palo Alto, Checkpoint and Fortinet seem to be the more popular ones.  Barracuda, SonicWALL and StormShield we hear about as well.  These systems do a relatively good job at protecting our internal jewels.  However, what I find missing in most solutions, is their ability to stop DNS tunneling and other tactics that abuse the DNS protocol.

1 2 3 4 5 6 Next
Featured Events