In a previous post I gave a rundown of various software tools for collecting NetFlow data for use in network security incident response. NetFlow is pervasive in routers but another technology, sFlow, is nearly as prevalent in routers and can be collected from switches — an arena that NetFlow does not play in very much as of yet. sFlow is a packet sampling technology and can provide a depth of network visibility — a key component of network forensic and incident response — even beyond what NetFlow can offer. For more information on sFlow check out sflow.org.
There is not as much activity in free software with sFlow compared to NetFlow, however InMon has a great suite of tools that can help enterprises leverage sFlow data from routers and switches. Their sFlow Agent software can sniff packets off a network interface card and convert them into sFlow packets if you do not have a sFlow enabled switch or router but want to test what sFlow can bring to the table.
(more…)
2 Comments »
Computer security is not a static field. Some people call it job security; others call it life with a beeper that goes off always at the wrong time. However, for a dynamic field the nature of the threats don’t seem to change that much. Back in the day, Script Kiddies earned their name and most were only interested in defacing web sites. Today, these same attacks are coming from a much more educated group, working in unison, to gain personal information or monetary goals. To compound the issue, technology is always changing. Our users demand these technologies in the name of productivity, (I hear a lot of the world’s major issues have been solved with bitTorrent) but early adopters usually get rewarded with the latest zero day attack. The one thing that hasn’t seemed to advance is the savvy of our end users. Phishing and email scams continue to grow because they continue to work.
(more…)
1 Comment »
New Years is a time of reflection and preparation: reflection on the year ending and preparation for the year beginning. This year I thought I would share my New Years resolutions as they relate to my job as a security vendor:
- Go easy on the jargon. I will do my best not to say “IDS” and “PCI” and instead say “Intrusion Detection System” and “Payment Card Industry”.
- Be straightforward. Customers don’t have much spare time and I will do a better job of getting to the point. I will tell customers what they need to know and nothing more.
- Give users tools they want. Flashy interfaces may sell initially but what makes products stick is utility. I will focus on making software that makes security analysts more effective in their jobs.
(more…)
No Comments »
Entries (RSS)