menu
Webinar: Top Tips for Effective Cyber Threat Hunting Watch Now
FlowTraq > Articles by: FlowTraq

Author: FlowTraq

TOP TIPS FOR EFFECTIVE CYBER THREAT HUNTING

By | October 11, 2018


Facebooktwitterlinkedin

Are the ever-evolving Advanced Persistent Threats (APT) keeping you up at night? come learn new techniques to find and combat them…

October 24th @ 10am PDT

Register Now

FlowTraq excited to join Manchester, NH Technology Ecosystem

By | February 22, 2017


Facebooktwitterlinkedin

Big news! FlowTraq will be relocating our headquarters to Manchester, NH later this month.

Why the move? There is tremendous tech talent in Southern New Hampshire, and within this environment, there is currently no better place to be than in the Millyards in Manchester.

With strong presences from local universities, such as UNH and SNHU, Manchester offers an environment that is surrounded by talented students who are looking to take the next step in their career. The “go where the talent is” strategy is clearly successful – many industry leaders such as Sitecore, Dyn/Oracle, AutoDesk, DEKA, and more all have offices in the Millyards.

(Photo courtesy of Amy Chhom)

FlowTraq may have been born in Lebanon, NH, but Manchester is home,” says Vincent Berk, CEO of FlowTraq. “I’ve been networking with people in Manchester for so long now that the Millyard really is the epicenter for where I go to discuss my business. It became clear to me that FlowTraq would benefit from being here. We are thrilled to be joining this technology ecosystem.

FlowTraq provides network security and DDoS mitigation management software solutions for organizations that need to protect their networks, customers, and data. FlowTraq works with some of the largest organizations – and the largest networks – in the world. Major enterprises, government contractors, and universities all rely on FlowTraq to protect themselves, their data, their clients, and their students.

FlowTraq is currently in the process of renovating its new headquarters, but will soon call 155 Dow Street its new permanent home.


Ready to experience FlowTraq for yourself?

To learn more about how FlowTraq can help your business, reach out today to schedule a demo or try FlowTraq yourself free for 14 days.

10 Tips for Surviving the Zombie Apocalypse

By | February 13, 2017


Facebooktwitterlinkedin

The FlowTraq team was recently at the RSA 2017 conference. While there, we enjoyed a great event learning, networking, and…helping you defeat zombies.

In this case, “zombies” are computers or Internet devices that get taken over by hackers turn against you by launching DDoS attacks. To help you protect yourself, we have compiled a list of “10 Tips for Surviving the Zombie Apocalypse”.


10 Tips for Surviving the Zombie Apocalypse

In the movie Zombieland, a virus turns most of the population into zombies, and the world’s surviving humans remain locked in an ongoing battle against the hungry undead. Four survivors band together and follow a list of proven survival rules and zombie-killing strategies as they make their way to a rumored safe haven.

Here is an updated version of Zombieland’s 10 rules of keeping you and your network optimally prepared for the ongoing zombie botnet apocalypse.

Tip #1: “Cardio”

Preparation is everything. When your cyber apocalypse comes, you have to be in great physical shape. This means you need to deploy today the defenses you may need tomorrow. And when it comes to zombie botnets launching DDoS attacks, our reference to good cardio means three things:

Visibility: You must have complete visibility to everything in your network, not sample data, and not just at the border. You also need full-fidelity where every record counts. Why? Because in the hunt for zombie devices, the control-channel communications are extremely small, and tend to go missing when using sampled flow.
Defenses: The means egress filtering on all your devices. If the source is not your net block, drop it. Most DDoS attacks rely on spoofing the source address. Often the spoofed source address is that of the attack (for reflection/amplification attacks). You are simply a good Internet neighbor by dropping any packet that has a spoofed source address.
Offenses: On-prem bad-packet scrubbing. Discarding any packet that is a protocol anomaly goes a long way in mitigating inbound and outbound DDoS. Look for same source and destination IP, protocol zero, no TCP flags, etc.

Tip #2: “Always Double Tap”

Once you catch a zombie, you will need to put it down. But re-imaging of the host is not enough. The hacker got in once – do you understand how? Can it be prevented from happening again? Understanding the attack vector, and closing it off permanently, is critical.

Preventing re-infection is a delicate game. You need to ensure you get all of them, because shutting zombies down will get noticed by the controlling hacker. This means he or she might change tack, and you lose your advantage. So when you identify the attack vector, make sure you close it down for all systems in your network!

The very best technique to ensure you understand the vector is simply inspecting your network traffic for the zombie device for the last couple of weeks or months. Full-fidelity flow is ideal for this effort since it is lightweight, and can give months of history for relatively little storage.

Full packet capture can also be helpful here. Ideally, you should attempt to understand the mechanisms of the zombie with insight into the hacker’s IP address/es, ports used, and the timing of the communication. This way you can quickly infer if ports need to be closed, IPs need to be blocked, passwords need to be reset, or applications need to be patched.

Tip #3. “Beware of Bathrooms”

Think quick: What is your most vulnerable position? In Zombieland, it is bathrooms, but it is a little more difficult to figure out on your network.

Remember that hackers don’t care what a particular box is, and what function it serves in your network. They search for any way in, which usually leads to the forgotten machine getting hacked first. And once in, the zombie infection spreads quickly. Weak credentials, bad internal security defenses, and bad patching practices allow one zombie to quickly become many zombie computers in your network.

So, to stick with the metaphor, beware of bathrooms and take a disciplined approach to applying security best practices. This will help you:
Educate: Educate your co-workers to recognize phishing email attempts, be suspicious of downloaded applications, and err on the side of caution.
Update: Update your operating systems and software. Once inside your network, zombie infections propagate through common exploits and weak credentials. Religiously apply patches to both operating systems and their software programs.
Separate: Separate your systems and resources. This is perhaps the least obvious rule, but it is much important. Eventually an infection happens, a vulnerability is exploited, or someone accesses a hacked device or connects a VPN from their compromised home computer. A hacker will get in. At that point, you want to make sure it is as difficult as possible for the hacker to move laterally. Deploy internal firewalls, enforce strong access controls, and keep key resources separated.

Tip #4: “Buckle Up”

Always be safe, which in this case means systems back up. This may seem obvious, but it’s often overlooked.

When the going gets tough, and you realize that half of your network is under control of an evil hacker, you may not have much of a choice but to throw a tactical nuke. Re-image all systems, restore your data, and get your organization operational again as soon as possible. But make sure you back up data separately from operating environments. Your OS backup may contain the “puppet master’s” evil control code.

Another common trick that zombies will perform is to encrypt all your data, and then ask you to pay some bitcoin to get the password to decrypt it (aka ransomware). So be extremely smart in your backup strategy – keep physically separate copies that go back many revisions. If you do daily backups, make sure you also have weekly and monthly backups. If the price of the ransom is too expensive, you can also considering restoring from backup.

Finally, to make sure you understand how the ransomware zombies got on your network in the first place, refer back to Tip #2: “Always Double-Tap.”

Tip #5: “Travel Light”

This one should be obvious. The more stuff on your network, the bigger the chances that our network could become a fertile breeding ground for large numbers of zombie devices.

However, this is not easy to avoid. As organizations move through projects, products, and various deliverables, new equipment, servers, and services are added. Similarly, holes are poked in firewalls, accountants may be shared, and credentials may be compromised.

But do you take them away when they are no longer needed? Most firewalls use old rules that are no longer needed. Networks are stacked with older services and services. And with the proliferation of virtualization, the number of servers quickly spun up (“just so we can try it”) has exploded. Especially those that use weak or frequently re-used passwords for easier access.

The problem is that few are ever shut down, and all of them run on powerful hardware. The strategy to overcome this challenge is a two-step process:

1. Put policies in place that track servers, applications, and accounts and enforce a planned expiration on all of them.
2. Conduct regular searches of network activity through skillful cyber hunting. This is important because all connected systems wind up communicating something on the network from time to time, even when they’re not in use.

So make sure you clean it up, clean it out, and travel light to give yourself a better chance of outrunning the zombie apocalypse.

Tip 6: “Don’t be a Hero”

Everyone likes the idea that some flashy new tool will do the job for you. No one likes the grind – the effort required to educate, update, and separate.

But it is the grind that is your best defense. After all, the groundwork in keeping your network resilient is extremely valuable when the zombie computers start popping up. Spend time each and every day hunting for bad guys in your network. Cyber hunting may seem like busy work, but the effort helps you learn much more about your network as you do, and you will soon start to recognize the good from the bad.

There’s little glory in prevention. When you catch that botnet and shut it down – successfully preventing massive downtime – few will cheer your victory. But cyber hunting prevents the agony of dealing with the aftermath: late nights cleaning up as zombies relentlessly blast their traffic while executives are forced to make nerve-wracking moves to limit brand damage.

Remember to:
Hunt for zombies daily
Patch often
Back up frequently

Don’t be a hero. Do your legwork and stay prepared!

Tip #7: “Limber Up”

In this tip, the idea of limbering up means to use overcapacity and plenty of reserves.

Your ability to weather a storm is directly proportional to the reserves you have in your environment. Although this may seem counter-intuitive, having overcapacity actually helps you in the fight against zombie botnets attempting a DDoS attack. Lots of capacity typically means that zombies can whip up a bigger DDoS attack. But when CPU capacity is plentiful, networks have plenty of overcapacity and firewalls and scrubbers are over-provisioned, giving you the tools you need to keep your organization operating under duress.

Typically, network capacity is plentiful as well as system CPU resources. But what is often overlook is the capacity of routers, switches, and firewalls to handle bandwidth. Their CPU power is a bit restrained, and although their links have plenty of capacity, the devices are unable to move packets fast enough. One more tip here: To determine your breaking point, run a small DDoS attack from one segment of your network to another. (But just make sure you do this during off-hours!)

Tip #8. “Know Your Way Out”

Have a backup plan. Or, even better, have three!

When the going gets tough, and you feel you might be losing the battle, make sure you have a plan to evade. This can include alternate internet paths, offsite data storage, and well-documented playbooks that can easily be followed by less-skilled helpers.

Here are a few more details on each of these topics:
Create alternate internet paths: This could be as simple as the wifi network at the local coffee shop, or as sophisticated as load-balanced redundant internet paths.
Take advantage of offsite data storage: Any operational data that can be stored off-site, including redundant email systems (think “cloud”), database-driven applications, or even backup file storage. It is a good practice to architect a business so that it may operate after a loss of access to the premises.
Write well-documented playbooks: This one is very important. An ounce of preparation here can make a huge difference. You should create playbooks for a variety of processes and procedures, including using off-site or redundant resources as well as cleaning up, re-imaging, and remaining operational. Make sure they contain concise instructions that can be followed by people with less technical skills. Practice your playbooks, and don’t be afraid to test your plans ahead of time with scheduled fire drills.

Tip #9: “The Buddy System”

When attempting to keep your network safe, don’t go it alone. Even when resources are constrained, try to pull in someone whose job is not necessarily a full-time network defender. By having a second set of eyes, you may pick up on patterns that you previously missed. Have each other’s back at all times. Also, remember that computers are not inherently evil, and they don’t hack each other by themselves. You are always hunting down a bad guy somewhere, and he/she is the one orchestrating this attack!

As you work with a partner, try to explain what a botnet is, how zombie computers work, and what you can do to catch them and shut them down. This can be very helpful in getting the two of you on the same page and even help find new ways to hunt. Sharing access to visibility tools allows others to pick up on patterns you may miss and accelerates investigations when you do catch something.

Tip #10: “Check Your Back Seat”

In Zombieland, this meant always checking the back seat of any car, just so you were never surprised when you were most vulnerable.

The same rule applies to cyber security. Once you catch a zombie on your network, stay cool, and study it carefully. Find out how it is communicating with the hacker. All of this represents your network’s “back seat” so make sure you check everything you can.

Then, using what you have learned by observing the zombie, details such as the IP addresses it talks to, the ports it uses, the timing of the communications, and any other information you can find, you can quickly start searching for other systems in your network with the exact same behavior. For this, you use full-fidelity flow data.

When you are going to take the fight to your adversaries, make sure you know where they all are. Then take them down all at once. It usually doesn’t take the hacker long to notice that his zombie devices are dropping, and he may switch tactics, or even stop completely.

Bonus: Tip #11: “Enjoy the Little Things”

We realize this was list of 10 tips, but we wanted to give you one more. With the constant stress of staying alive in today’s world of zombies, it is important to take a moment to smell the roses. Pausing should also serve as a grave reminder that the people behind the zombies may adapt, so what you did to protect yourself yesterday may not be enough for tomorrow. There are no silver bullets, and just as Rule #3 advises (“Don’t be a Hero”), you need to prepare yourself to do the work.

We hope these tips will truly help you avoid the zombie apocalypse. To keep a reminder of these tips, please download our Top 10 Zombie Tips infographic now.


Ready to flight Zombies?

To learn more about DDoS Mitigation, reach out today to schedule a demo or try FlowTraq yourself free for 14 days.

Why FlowTraq is the Global Leader in Network Insight, Analysis, and DDoS Mitigation – Plus, a Closer Look at our Partnership with A10 Networks

By | January 26, 2017


Facebooktwitterlinkedin

FlowTraq has been a trusted partner of network clients since our founding in 2004. And in the decade since, we’ve worked with systems admins, CISOs, and network operators to provide the most complete – and flexible – solutions for threat detection and mitigation on the market.

Not only were we the first to bring network analysis to the cloud for Big Data analysis, we have built our cybersecurity solutions on a best-in-class Distributed Denial of Service (DDoS) threat detection and mitigation technology. FlowTraq allows network operators to prevent disruptions to service and outages from DDoS and other malicious threats. We also give them the data and proficiency to conduct deep dives into their network flow that is necessary to improve the security of their networks.

Network operators face a variety of challenges as they maintain and optimize performance, guard against external and internal threats, and anticipate and architect for the capabilities of the future. DDoS traffic is intentionally generated to take out online services for a host of reasons: ego, extortion, or reprisal. Vigilant security requires knowing what traffic behavior is occurring on the network, what traffic types are involved, and where in the network your normal and abnormal traffic is occurring. Knowing what path this traffic takes allows you to respond intelligently and decisively.

a10-partyFlowTraq’s long-standing partner relationship with A10 Networks underscores how our joint expertise provides a flexible, scalable, and affordable solution for flow-based network insight, analysis, and DDoS mitigation. More, it is just one example of the Network partnerships that we have successfully deployed. In fact, FlowTraq and A10 Networks will be co-sponsoring an event together at RSA this February. (Send us an email at party@flowtraq.com to get your name on the list)!

Here’s How It Works

As traffic traverses the network, it is monitored by FlowTraq, which receives flow samples from routers in various parts of the network and determines traffic baselines. When a network anomaly is detected, FlowTraq, using A10’s RESTful API interface, tells the Thunder TPS line of Threat Protection Systems which protected object is under attack as well as which mitigation action is required.

ft-blog-image-of-flowA10’s Thunder TPS device, in turn, instructs the network to redirect the malicious traffic to the Thunder TPS. The traffic gets scrubbed of the malicious components, and legitimate traffic is forwarded to the target server.

The integration between FlowTraq Enterprise and Thunder TPS solution is best in class and one of the most effective and scalable ways to protect your network from bad actors. In near real-time, network traffic patterns are analyzed, can be accessed and presented to gain insight and provide protection against malicious DDoS attacks.

Deploying Thunder TPS with FlowTraq Enterprise provides:

Deep traffic analysis: FlowTraq provides insight at any level of your network traffic flows: border, core, and edge.

Automated detection and mitigation: Easily escalate suspect traffic to one or more Thunder TPS devices for further traffic validation and DDoS mitigation. FlowTraq analyzes normal network patterns and automatically determines when an anomaly is occurring. Thunder TPS quickly eliminates DDoS traffic, whether volumetric or targeted on the application layer or both.

All the benefits of a single pane of glass: FlowTraq becomes the operator’s eyes and ears into the mitigation by showing exactly how each TPS is doing, and how the attack is affecting all your network resources, from uplink to edge. By orchestrating the DDoS mitigation, FlowTraq allows the operator to interact in real-time with the attack, ensuring minimal impact of the DDoS attack.

Optimal latency: With FlowTraq and Thunder TPS, a dynamic and reactive deployment model can be deployed. FlowTraq continuously monitors the traffic and establishes baselines, and provides rapid detection of anomalies with no added latency. Thunder TPS can dynamically be inserted when necessary.

Additional Benefits of our Relationship with A10 Networks

FlowTraq is a full-fidelity security tool. When the going gets tough, and the bad guys get in, FlowTraq has all the data. You can cyber-hunt with speed and efficiency to find out what happened, when, and where your data went. Even during heavy DDoS attack, full-fidelity data is a powerful asset to fine-tune your mitigation and traffic routing.

FlowTraq scales to fit. This means you can deploy big or small to best fit your budget. Cloud or on-prem. Many small links? Then build an on-prem scrubbing center with A10 TPS, and let FlowTraq be your traffic cop. Big service in the cloud? FlowTraq will comfortably handle a 1.2Tbps scrubbing cluster built with TPS.

– Use FlowTraq to gain new levels of insight and visibility in your peering relationships. Understand where your traffic is going and where it is coming from. Tailor your mitigation strategy to handle the many small threats, the few big, and one monster attack. Only the visibility from FlowTraq gives you the power to take control.

Deploy efficiently and on schedule with a dedicated Technical Account Management team. FlowTraq has the experience to ensure successful deployment. We can help maximize and tune the TPS capabilities, which includes everything from generating net flow on high volume networks to integrating full visibility and control into your existing tools.

If you are evaluating the A10 TPS for DDoS mitigation, you should also talk to a member of the FlowTraq team to make the most of your deployment.

To learn more about how FlowTraq partners with A10 Networks, or to discuss how our solutions can work for your network or infrastructure, please contact me directly at jadelisle@flowtraq.com or signup for a free 14-day trial.


Ready to experience FlowTraq for yourself?

To learn more about DDoS Mitigation, reach out today to schedule a demo or try FlowTraq yourself free for 14 days.

3 Cyber Security Trends to Focus on in 2017

By | January 4, 2017


Facebooktwitterlinkedin

server roomIf you are a celebrity or a rock star, 2016 was a dangerous year. It was an even more difficult year to be an IT security professional, with cyber attacks and the associated costs continuing to rise.

What will 2017 bring? Many experts have already predicted top security trends for 2017, such as eWeek’s recent security slideshow featuring 17 different security experts forecasting their top cyber security trends for 2017.

One thing is clear: We all will face new challenges, a higher number of attacks, and require even more network visibility as cyber criminals are sure to introduce more advanced threats. As a result, IT security teams and business operations will have to work together very closely to ward off cyber-attacks in 2017.

After reviewing many of these lists and predictions, we believe the following three trends are the most likely to produce new threats.

1) An increase in vulnerabilities resulting from the Internet of Things (IoT).

In mid-October, the Mirai code was released on the Internet targeting smart devices. It resulted in an unprecedented distributed denial of service (DDoS) attack that disrupted web services giants such as Twitter and Spotify.

With nearly 5,000 new smart devices connecting to the Internet each minute, you can expect potential attackers to focus on opportunities like the Mirai code to launch more DDoS malware in 2017. Any smart device can become a significant vulnerability, from Android and iOS smartphone to fitness trackers and Bluetooth speakers. These attacks can happen quickly, requiring constant vigilance and immediate action.

2) DDoS attacks will escalate in frequency and damage.

Not the trend you were hoping to see, but the reality is that according to Akamai, DDoS attacks increase 125% year over year and 2017 is expected to be the same. For proof, consider the findings from a recent Cisco report, “The Zettabyte Era—Trends and Analysis”[1]:

– DDoS attacks have increased more than 2.5 times over the last three years.
– Globally, the number of DDoS attacks grew 25 percent in 2015 and will increase 2.6-fold to 17 million by 2020.
– The average size of DDoS attacks is approaching 1 Gbps, which is enough to take most organizations completely off line.

As described above, the Mirai code attack in October will likely embolden criminals lured by the potential disruption it managed to produce. Criminals also know that solutions deployed to protect against DDoS are often installed and forgotten, with most organizations not having sufficient resources to proactively monitor activity and scrutinize logs for early warning signs. It’s a vulnerability criminals simply won’t ignore.

3) The security skills shortage continues – particularly for cyber hunters.

With breaches at corporations and agencies rising uncontrollably, it is inevitable that customers will lobby for better protection and stronger privacy legislation. It is likely that the FTC will become an increasingly active player, depending in large part on what position President-elect Trump chooses to take on the issue of cybersecurity and increased privacy regulations.

That may not be good news for corporations already having a hard time recruiting security experts to help fortify their efforts. Professionals who understand how to secure an organization against a growing number of vulnerabilities are scarce, which means most organizations are only managing to plug holes as new threats surface every day.

Attracting and developing new talent will continue to be a challenge, as will identifying cost-effective security solutions to bridge the gaps. For example, many experts suggest that organizations should be much more proactive in using cyber hunters to identify threats that exist in the organization and eliminate them now – before it’s too late. Companies will need to give cyber hunters the right tools they need to be successful in this role.

The FlowTraq Advantage

Fortunately, FlowTraq’s network monitoring, analysis, and forensics tools provide complete visibility into what’s happening on your network so you can mitigate the risks of DDoS and enforce security policies. With real-time alerts into abnormal, potentially suspicious behavior, you get the information you need to take action without delay.

[1] Cisco, “The Zettabyte Era—News and Analysis,” June 2, 2016.


 

Ready to experience FlowTraq for yourself?

Sign up for your your free, no obligation  trial now! Set-up is fast and easy, and once you get started, your security will never be the same.

Welcome to the DDoS Battle, AWS!

By | December 7, 2016


Facebooktwitterlinkedin

Recently Amazon Web Services announced that they are offering both free and premium DDoS mitigation services during their re:Invent Conference, called AWS Shield.

We at FlowTraq wanted to take a moment and welcome Amazon to the DDoS protection space. There are many different types of attacks, as we have outlined in the past, and AWS Shield will end up being a strong name in the space in the months and years to come.

Attacks like the DNS one that was witnessed in October 2016 will become more and more common, and the complexity of the attacks will only increase. CISOs and NOC teams will need better diagnostics into what has occurred – and by whom. Tools such as FlowTraq will be used to provide insight, and to prove that their providers like AWS Shield have performed the mitigation they’ve claimed.

In addition to protecting you from DDoS, consider using VPC flow logs to feed FlowTraq and understand the full spectrum of security threats that your instances are facing. FlowTraq consumes the flow logs and offers the full spectrum of peering analysis, security detection, and traffic monitoring that customers are familiar with for their in-house infrastructure, all of which is available to their cloud deployed hosts. Read more about how to get started with AWS VPC flow logs in FlowTraq.

Fighting these DDoS attacks isn’t always about having the biggest weapon, but rather, having the appropriate arsenal and the right tools in your tool belt.

So today, we say to AWS, welcome the battle!


Ready to experience FlowTraq for yourself?

Request a product demonstration or start your free trial now! Your security will never be the same.

 

What Visibility Should Mean to You

By | May 12, 2016


Facebooktwitterlinkedin

Cyber security threats continue to grow. This evolution is seen in the sheer numbers of attacks, as well as the sophistication and complexity of attacks. Hackers are better funded and armed with more tools than ever. Hacking tools used for high-level security breaches, data theft and corruption, ransomware, and the infiltration of malware are readily available to hackers on the Dark Web. Shouldn’t your security tools be just as advanced, comprehensive, and powerful?

IT professionals often toss around the term ‘visibility’. Better visibility into the network, better visibility of systems and applications, better visibility of the end users and their devices, etc. But visibility should mean far more than simply the ability to see what’s going on in your network right now. It ought to mean visibility into the past, present, and even the future of your network and systems. Here’s what a comprehensive, fully-visible, network monitoring tool can do for your IT infrastructure.

What Has Happened in the Past


‘Leaving the past behind’ isn’t the best course of action when it comes to network security. You need to understand what happened in order to build better measures to stop similar events in the future.

Usually, a network that has been hacked once is likely to be hacked again. Once a vulnerability has been discovered, hackers will exploit it repeatedly, sometimes to get more information from an easily accessible source and other times simply for the fun of it. That’s why it’s important to have 100 percent visibility into what has already happened. Exactly what vulnerabilities were exploited? What can be done to close those network security gaps? Explore areas like software and firmware that wasn’t kept updated, user training issues, whether an inadequate mobile use policy played a part in the attack, and other potential lapses in network security.

What Could Happen in the Future

‘What could happen’ is why IT invests so much in firewalls, antivirus and antimalware protection, and other preventative measures. These are your preventative maintenance tools that stand in the way of overt and predictable attacks. The problem is depending on these tools to prevent all attacks, instead of continually assessing your vulnerabilities when it comes to sophisticated hacking tools and techniques that know how to subvert modern protective measures.

What is Happening Right Now


Network monitoring allows you to gain visibility into network traffic so that you can detect and stop any intruders that have manged to make their way around your security measures.

There’s a cat-and-mouse game that has played out between the ‘good guys’ and the ‘bad guys’ for millennia. The good guys get better protective weapons, then the bad guys get better attack weapons, forcing the good guys to up their game once again. It played out in the days of train robbers, during the Cold War, and it’s happening again in the arena of cyber security. That’s why strong network monitoring tools are so essential. Antivirus software and firewalls are like locks on your doors — these tools prevent someone waltzing in without much effort, but they don’t stop those willing to put forth the effort to get around those barriers. Network monitoring is how you catch the savvier villains once they’ve made their way past your gates and locks.

What Happens Following a Network Security Breach

“After action” is as critical as anything you do before an attack. An after-action plan is multifaceted. It includes cleaning up the mess left behind after an attack, but it also focuses on collecting forensic evidence of the attack. That forensic evidence can be used to help stop future attacks, but might also be crucial for bringing the hackers responsible to justice.

Do you truly have visibility into your network, including what has happened, what may happen, and what’s happening right now? Learn more about the modern era of multifaceted network monitoring and security when you download The Big Book of Network Flows for Security.

The Dangerous “Three Vs” of Big Data

By | May 9, 2016


Facebooktwitterlinkedin

Big Data. It sounds intimidating. It certainly sounds important. It even sounds dangerous. It can be all three. While Big Data has revolutionized the entire world of operations and commerce, there are three ‘V’s (notice how much that looks like ‘versus’) of Big Data that make network security more important than even a decade ago. The ‘Three Vs’ are: volume, velocity, and variability, meaning more data to secure, and having to secure it as its velocity accelerates and changes. The three V’s need to be taken seriously as the security issues that they are.

The Volume of Big Data

Think there’s a lot of data now? Wait until year after next, when there will be twice this amount to store and keep secure. Or, wait another five years, when there will be five times this much to contend with.

This is the single factor that most people relate to ‘big data’. It certainly is voluminous, and that poses many challenges when it comes to securing it. After all, it’s much easier to guard a single chicken coup than to try to secure the entire San Diego Zoo. Network security becomes even more complex when the data becomes accessible to users across the enterprise. Bits and pieces of the whole get stored, shared, and used outside the purview of IT and management — meaning that, eventually, nobody is really sure where all the data ends up. The only reliable way to ensure network security where big data is in play is with a good network monitoring solution that can identify anomalies in network traffic and pick up on oddities that indicate theft or intrusion.

The Velocity of Big Data

Big data is not simply marked by its sheer volume, however. Big data is also identified by the rapidity of its growth. Data isn’t just getting bigger, it’s getting bigger really, really quickly. Big data as we know it doubles in volume every two years — meaning that if you are struggling to store and secure a few petabytes today, you’ll be looking at 4.5 times that amount of storage within five years. You’ll also be faced with securing that massive volume of data. Concurrently, the velocity of attacks on that data is increasing. Cyber attack volume and velocity has grown by 1,100 percent since 2009, with no slow down in sight. More than 120,000 attacks are levied against businesses like yours every day. Network security has to be increased commensurately.

The Variety of Big Data

As the number of IoT devices nears 6 billion, the variety of data streaming in comes in different formats. The variety of attacks to be levied against the data, devices, users, and networks is growing, too.

This is perhaps the least understood quality of big data. Big data is tremendously varied. Part of the reason for this is the Internet of Things; data is streaming in from innumerous sources at any given time. Big data comes from social networks, mobile devices and apps, user profiles, text documents, image and video files, machines and sensors, and a plethora of software systems and applications.

Similarly, the variety of attacks has grown considerably. While the DDoS and data breach have been mainstays in the world of network security, those seem trivial next to the new waves of malware, ransomware, phishing scams, social engineering attacks, and other high-level attacks that are becoming more frequent and sophisticated by the day. Unless your network security solutions can detect and manage this type of variety in attacks, it’s only a matter of time until you are hit with (at least) one of these threats.

See how today’s top notch network security solutions can protect your business in the age of big data by scheduling a demo now.

10 Rules: Zombie Survival Guide Infographic

By | March 17, 2016


Facebooktwitterlinkedin

Learn the 10 Tips for Surviving the Zombie Apocalypse. These ‘Zombies’ are computers or devices that are under hacker control. Hackers collect vast armies of zombies which they use to launch DDoS attacks.

NH SAU70

By | November 21, 2013


Facebooktwitterlinkedin

Using FlowTraq, NH SAU70 Achieves a Perfect Balance Between Streaming Needs and Internet Abuses

This NH school unit firmly believes in enhancing education by giving faculty and students access to Internet resources but also needed to ensure movies and other copyrighted material are not illegally downloaded and shared. This requirement was particularly challenging because of the school’s policy of allowing end users to access the wireless network with their own devices including smartphones, tablets and laptops. (more…)

Next Page »