Tag: Behavioral Analysis

Visual Investigations of Botnet Command and Control Behavior

Lancope's research looks at a collection of nearly two million unique botnet malware samples in an attempt to better understand how botnets use the Internet to communicate. Lancope created visualizations of the TCP and UDP ports that these malware samples used for command and control communications between 2010 and 2012, and compared that information to legitimate network traffic in a typical small office environment. Significant differences in the utilization of different ports are immediately noticeable from the images that Lancope created. READ MORE

Application-Layer DDoS Detection

In an earlier blog entry, I described how traditional, flood-based DDoS could be detected with Lancope’s StealthWatch System. With our upcoming release of StealthWatch 6.4, we are also introducing application-layer DDoS detection. READ MORE

Insider Threat Protection with NetFlow

Despite the fact that external attacks often get more attention in the media, recent data is proving that the threat posed by malicious, negligent or compromised insiders is indeed very real. The best way to detect and prevent insider threats is to have in-depth visibility into the internal environment and a means of filtering and prioritizing the massive amount of data available on the network into concise, actionable intelligence. READ MORE

Lancope’s Cisco ASA Updates

NSEL data from Cisco ASA provides rich information and unique data points for advanced security troubleshooting. Lancope stitches Cisco ASA NetFlow records together with records from the remainder of the network, allowing StealthWatch users to understand not just the transaction path for network traffic, but also what happened to those transactions when they were handled by the ASA. Lancope has also recently added StealthWatch support for the NAT translations available from NSEL records. READ MORE

Forrester Endorses Lancope and Cisco Approach for Combating Advanced Threats

According to a Forrester Consulting Technology Adoption Profile commissioned by Lancope and Cisco, “Enlightened organizations have adopted network flow analysis capabilities to augment their preventative controls, but fail to include the additional context necessary to truly identify malicious activity within their networks.” While there are many solutions on the market that simply collect and store flow data, or even provide basic analysis, Lancope’s StealthWatch System provides the additional context called for by Forrester. READ MORE