Lancope
NetFlow Ninjas Blog

Chris Smithee Chris Smithee RSS Feed

Senior Systems Engineer

Chris Smithee is a senior systems engineer at Lancope focused on flow based detection and analysis of InfoSec and network events. He has ten years of experience in telecomm industry with a strong focus in Network Security and Network design.

State of Security in the BYOD Era

POSTED BY Chris Smithee on 02.21.2012  |  0 comments
The Bring Your Own Device movement is spreading through the industry. What is your company doing to secure your network from new risks created by employee owned devices? READ MORE
CATEGORIES NetFlow, Network Security, Network Visibility
TAGS stealthwatch, netflow, security, network visibility, byod, mobile security

Is OpenFlow a new form of NetFlow?

POSTED BY Chris Smithee on 02.07.2012  |  0 comments
How does OpenFlow relate to flow monitoring solutions like NetFlow, IPFIX, sFlow, etc...? We'll explore the high level differences of how OpenFlow differs from flow collection technologies and a scenario in which the two could be used for similar purposes. READ MORE
CATEGORIES Flexible NetFlow, NetFlow
TAGS netflow, ipfix, openflow

Tracking Worms with StealthWatch

POSTED BY Chris Smithee on 11.18.2011  |  0 comments
While worms seem to be less prevalent than they were in the past, we do still see them appear now and then. Over the past few months we’ve seen Morto over RDP 3389/tcp and Duqu over SMB 445/tcp rear their heads. Luckily we can use flow data to identify these types of hosts within the network. With Morto, we can simply look for scanning over the RDP port. Ideally you’ll have some Dark IP subnets/ranges within your network making this a little easier if you don’t currently use Lancope’s StealthWatch. Finding incomplete sessions to these IP ranges becomes a red… READ MORE
CATEGORIES NetFlow, Network Security, Network Visibility, StealthWatch
TAGS stealthwatch, netflow, security, worm

Lancope’s StealthWatch System Now Integrates with Citrix AppFlow

POSTED BY Chris Smithee on 10.21.2011  |  0 comments
Earlier this year, Citrix introduced AppFlow to provide an open standard for capturing application flow records. Lancope is excited to see more networking and security device vendors adding or enhancing support for flow data in their products. The more flow data we can collect and analyze with StealthWatch, the more complete network visibility we can provide to our customers to help ensure high levels of performance and security. An extension of IPFIX, AppFlow delivers application layer visibility across public and private cloud environments to provide business intelligence for web-based transactions. By seamlessly leveraging AppFlow records from Citrix NetScaler, StealthWatch provides… READ MORE
CATEGORIES Virtualization
TAGS network performance, netflow, network security, network visibility, cloud, ipfix, appflow, application monitoring, citrix

StealthWatch 6.1 – Now with ASA Flows

POSTED BY Chris Smithee on 08.01.2011  |  0 comments
While I was attending Cisco Live a few weeks back I had more than a few people come up to the booth skeptical of what we meant when we said StealthWatch added support for the flow records from the ASA. I'm happy to say the people I spoke with had very positive comments about the way StealthWatch consumes this flow feed. A number of them asked why everyone didn't process the records the way we did. The issue is that while the ASA outputs statistics using a NetFlow export, the data contained within it wasn’t quite the same as a… READ MORE
CATEGORIES StealthWatch
TAGS stealthwatch, netflow, nsel, asa