Michael Patterson : Advanced NetFlow Traffic Analysis
Michael Patterson
Founder and Product manager for Plixer's Scrutinizer NetFlow and sFlow Analyzer as well as Flow Analytics.

netflow reporting

Securing Remote Networks Against Cyber Threats: part 2

July 5, 2013

IP Host Reputation

Today, some NetFlow collector vendors are comparing IP addresses found in flows to reputation lists.  This host reputation look up process is a routine that goes out to an Internet based reputation list provider every hour and downloads an updated list of known hosts that end systems on the network should not be communicating with. Typically this is a list of compromised hosts that have a reputation for sending nefarious traffic (e.g. C&C). 

Read part 1 of this series.

Migrating to Flexible NetFlow : BEST PRACTICES

March 8, 2012

Migrating to Flexible NetFlow (FnF) is a simple and for some of us, an exciting process. It is exciting because of the deeper and improved insight into network traffic monitoring. If your company is interested in migrating to FnF  from traditional NetFlow, there are a few things to consider.

NetFlow Behavior Analysis Systems : Limited Impact

January 13, 2012

NetFlow Network Behavior Analysis (NBA) systems have limited impact on detecting threats. They are only suitable as a second or perhaps third layer of threat detection. Some companies offering NetFlow Threat Detection tools would have you believe otherwise. Don't fall for it. "Gartner says NBA is suitable as a complementary technology to intrusion detection and prevention software, which is effective for addressing network attacks that can be positively identified." As a HUGE NetFlow and IPFIX supporter, I tend to agree that flow technologies can augment security practices, but can't replace them.

Featured Events