Chris Smithee Chris Smithee RSS Feed

Senior Systems Engineer

Chris Smithee is a senior systems engineer at Lancope focused on flow based detection and analysis of InfoSec and network events. He has ten years of experience in telecomm industry with a strong focus in Network Security and Network design.

Lancope’s Cisco ASA Updates

NSEL data from Cisco ASA provides rich information and unique data points for advanced security troubleshooting. Lancope stitches Cisco ASA NetFlow records together with records from the remainder of the network, allowing StealthWatch users to understand not just the transaction path for network traffic, but also what happened to those transactions when they were handled by the ASA. Lancope has also recently added StealthWatch support for the NAT translations available from NSEL records. READ MORE

State of Security in the BYOD Era

The Bring Your Own Device movement is spreading through the industry. What is your company doing to secure your network from new risks created by employee owned devices? READ MORE

Is OpenFlow a new form of NetFlow?

How does OpenFlow relate to flow monitoring solutions like NetFlow, IPFIX, sFlow, etc...? We'll explore the high level differences of how OpenFlow differs from flow collection technologies and a scenario in which the two could be used for similar purposes. READ MORE

Tracking Worms with StealthWatch

While worms seem to be less prevalent than they were in the past, we do still see them appear now and then. Over the past few months we’ve seen Morto over RDP 3389/tcp and Duqu over SMB 445/tcp rear their heads. Luckily we can use flow data to identify these types of hosts within the network. With Morto, we can simply look for scanning over the RDP port. Ideally you’ll have some Dark IP subnets/ranges within your network making this a little easier if you don’t currently use Lancope’s StealthWatch. Finding incomplete sessions to these IP ranges becomes a red… READ MORE

Lancope’s StealthWatch System Now Integrates with Citrix AppFlow

Earlier this year, Citrix introduced AppFlow to provide an open standard for capturing application flow records. Lancope is excited to see more networking and security device vendors adding or enhancing support for flow data in their products. The more flow data we can collect and analyze with StealthWatch, the more complete network visibility we can provide to our customers to help ensure high levels of performance and security. An extension of IPFIX, AppFlow delivers application layer visibility across public and private cloud environments to provide business intelligence for web-based transactions. By seamlessly leveraging AppFlow records from Citrix NetScaler, StealthWatch provides… READ MORE