Charles Herring

When Enforcement Doesn’t…

Intelligently processing NetFlow records from the network infrastructure provides a reliable and accurate means of determining if enforcement mechanisms are properly handling traffic. Alerting can occur in real time, or historical analysis can be applied to validate designs. READ MORE

Looking East and West

While northbound (egress) monitoring is a necessary component in catching advanced threats, it is only one piece of effective network surveillance. To determine the impact of a breach and to create an accurate timeline, lateral (east/west) monitoring is also a critical component. NetFlow monitoring can provide a cost-effective means of cataloging this intelligence. READ MORE

When DDoS Happens to Good Networks

DDoS is difficult to defend against for at least three reasons, (1)innate vulnerabilities, (2)blocking the mob and (3)finding the perpetrators. The continued evolution of DDoS toolsets and their wide distribution through hacktivists and botnet-controlled machines requires not only mitigation solutions, but also network visibility that can make sense out of the fog that rises during a denial-of-service attack. READ MORE

Has APT1 Been Eating My Porridge?

Thanks to the Mandiant APT1 report appendices, we have a wealth of threat data we can use to flush APT1 out of the network. In this installment, we’ll take a look at how to accomplish that with Lancope’s StealthWatch System. READ MORE

APT Number One

This week's Mandiant report goes a long way in making the case that well-funded, sophisticated attackers are currently staffed for the purpose of stealing corporate trade secrets. The report also reveals a fundamental problem in the operational preparedness of enterprises to detect these types of attacks. READ MORE