Obtaining the visibility, correlating the data, and knowing your network.
Given the current state of networking and security and with the prevalence of DDoS attacks such as the NTP Monlist attack, SNMP and DNS amplifications as well as the very directed techniques like...
View ArticleSSL decryption as a security technique: to intercept or not to intercept?
Of all of the security techniques, few garner more polarized views than interception and decryption of trusted protocols. There are many reasons to do it and a great deal of legitimate concerns about...
View ArticleData retention policies: lessons learned & what stays on the boat.
What seems like a lifetime ago I worked for a few enterprises doing various things like firewall configurations, email system optimizations and hardening of Netware, NT4, AIX and HPUX servers. There...
View ArticleIncident responders: Build or buy?
Incident responders: Build or buy?There is far more to security management than technology. In fact, one could argue that the human element is more important in a field where intuition is just as...
View ArticleViewing the Network as an Ecosystem
Many of us have or currently operate in a stovepipe or silo IT environment. For some this may just be a way of professional life, but regardless of how the organizational structure is put together,...
View ArticleRelated Attributes: NetFlow and Interface Traffic Statistics
For many engineers, operators, and information security professionals, traffic flow information is a key element to performing both daily and long-term strategic tasks. This data usually takes the form...
View ArticleRelated Attributes: Syslog, Interface Error Statistics, and Possibly More
Data, data, data. You want all of the data, right? Of course you do. Collecting telemetry and logging data is easy. We all do it and we all use it from time to time. Interrupt-driven networking is a...
View ArticleCross Referencing Alarms: Network Security Monitoring and Network Outage...
As anyone that has run a network of any size has surely experienced, with one alert, there is typically (but not always) a deeper issue that may or may not generate further alarms. An often overlooked...
View ArticleSeeing the Big Picture: Give Me All of the Data
The collection of operational and and analytics information can be an addictive habit, especially in the case of an interesting and active network. However, this information can quickly and easily...
View Article