A CIOs guide to “must have” methods needed to protect against Advanced Persistent Threats and even cyber-threats from other nations

Plixer International is one of the fastest growing companies, and a leading provider of NetFlow-based network traffic monitoring and threat detection technology, historical reporting and capacity base-lining for both physical and virtual environments. Merged with Somix Technologies, Inc. in 2006 and founded in 1999, the team at Plixer assists customers with implementing and troubleshooting: VoIP, Telepresence, Unified Communications, Cisco AVC and other time sensitive applications. Plixer tools have been used to analyze and troubleshoot irregular traffic patterns by IT professionals with some of the largest networks in the world. Many companies still spend the majority of their time focusing on reactive issues and individual equipment problems. Plixer solutions provide a holistic view of the entire enterprise regardless of equipment vendor. The company’s software engineers work directly with customers to ensure that the tools quickly help pin point slowdowns in the network and the applications which depend on it.

Network Products Guide: How do the Bring-Your-Own-Device (BYOD) movement, the use of cloud services such as file sync services and mobile file sharing impact compliance and data protection?

Michael Patterson: The BYOD movement has necessitated attention from Chief Security Officers due to their constant mobility in and out of the corporate environment. Even when they aren’t connected to the organization’s wireless network, they are often plugged into the laptop first thing in the morning. Once they sync up with the computer, they are able to upload and download just about anything. Connectivity isn’t a problem either when 3G and 4G connections can be maintained throughout the day.

Smart security professionals realize that efforts to keep BYOD off the corporate networks is almost futile when users can read and reply to emails in meetings or at lunch. Everything from confidential conversations to top secret attachments are available on hand held devices whether we like it or not.

With the Android operating system (OS) being open to the general public, developers of Malware can gain a better understanding of the OS and build more sophisticated threats. The BYOD environment is already the “wild west” of the Internet and to add fuel to the fire, along comes cloud services.

If for some poor excuse of a reason, the security folks still think their efforts to block BYOD have been successful, consumers are now leveraging cloud services such as icloud. Any notes taken on an iPhone, photos, contacts, documents, even some emails are all backed up to icloud without even thinking about it much. When these accounts are hacked, all this information becomes the property of someone it wasn’t intended for in the first place. The Microsoft OS might still be the #1 targeted OS by hackers, but more sophisticated attacks on BYOD devices are certainly on the horizon.

About Michael Patterson

Michael is the CEO, and Co-Founder of Plixer and the product manager for Scrutinizer NetFlow and sFlow Analyzer as well as Flow Analytics. As one of the founders of the company, he can be reached most hours of the day between work and home. He enjoys many outdoor winter sports and often takes videos when he is snowmobiling, ice fishing or sledding with his kids. Cold weather and lots of snow make the best winters as far as he is concerned.

Prior to starting Somix and Plixer, Mike worked in technical support at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the ‘Tron’ to start Somix.

Network Products Guide: How can CIOs enable productivity for mobile workers, while ensuring that corporate data is safe? How can they determine why their corporate network is acting slow?

Michael Patterson: Since any attempts to stop the BYOD movement have pretty much failed, here are some tips to capitalize on a great BYOD opportunity and increase productivity. Allow users to connect to the corporate network with their hand-held devices but, force them to authenticate with a username and password. By forcing authentication we can more easily track users. The Enterasys Mobile IAM strategy scans devices authenticating onto the network and discovers details such as IP address, MAC address, operating system (iPhone, Android, Blackberry, Microsoft, etc.) which can be correlated with NetFlow data. To track performance and the activity of BYOD devices, use NetFlow or IPFIX. These flow technologies provide nearly 100% of the communication details of all BYOD devices. The latest flow exports from companies such as Citrix, Cisco, Dell-SonicWALL and nProbe all provide details on utilization, layer 7 application, latency and more. All this without requiring a packet analyzer. If BYOD users are complaining about slowness, IPFIX and NetFlow reporting can deliver the details needed to isolate the root cause of the problem fast.

Network Products Guide: On heavy internet traffic days like “cyber-Monday”, are there ways to determine which employees are using company’s network for non-work related tasks?

Michael Patterson: If utilizing a proxy server such as Blue Coat or Squid, all Internet activity down to the actual URLs visited can all be tracked down to specific users on 100% of all connections. The logs from these appliances can be exported and correlated with flow reporting tools.

If a proxy server is not an option, many IPFIX and NetFlow supporting vendors are exporting URLs in their exports and companies can use these details to accurately track traffic to sites such as This can be done on every Internet facing connection on the corporate network. In some cases, routers or firewalls have to be upgraded to obtain the ability to export URL details in flow data.

Network Products Guide: What are some “must have” methods needed in place to protect against Advanced Persistent Threats and even cyber-threats from other nations?

Michael Patterson: Protecting your company from Advanced Persistent Threats (APTs) isn’t as easy as purchasing the best solution that obtains the highest position in the upper right of the Gartner Magic Quadrant. APTs as we know are very shrewdly written pieces of malware. They use email to launch phishing attacks and once a host is infected, they use the end users authentication to make SSL connections out to the Internet. Often times, they pass right through the firewall in both directions. The best strategy against APTs today is educating end users and the assumption that an APT is already on the network!

By scheduling emailed reports on the traffic patterns of key servers, administrators can often identify odd behaviors in the past 24 hours. If a host does appear to be communicating oddly, leveraging flow data to look back in time at the connection details in granular intervals allows security teams to uncover suspicious behaviors that warrant further investigation. Deeper forensic investigations may uncover encrypted RAR files either on the server or on the hosts communicating with the server. In other words, one of the best strategies today against APTs is to have the data history necessary to go back in time and investigate strange behaviors. Shop lifters enter stores every day. Make sure your CATV (camera system) is recording everything. In IT, NetFlow is the best way to archive all traffic on the network at all times.

Company: Plixer | USA

Categories: Technology