In this article, we explained the benefits of combining signature-based detection by Suricata IDS with behavior-based detection by Flowmon ADS. Now, let’s talk about how to enable this feature using Flowmon Probe and Flowmon ADS.

FIPS compliant cipher suites hold the U.S. government's seal of approval, guaranteeing their suitability for federal systems. On the other hand, non-FIPS compliant cipher suites may present security vulnerabilities due to outdated cryptographic algorithms and potential lack of perfect forward secrecy. As a result, it becomes paramount to monitor TLS network traffic for non-FIPS compliant cipher suites.

The MITRE ATT@CK® framework is one of the most widely known and used. The Flowmon Anomaly Detection System (ADS) incorporates knowledge of the MITRE ATT&CK framework. Using ADS and its MITRE ATT&CK knowledge makes detecting advanced threats against networks and IT systems easier and simplifies explaining the danger and risks when outlining an attack to all stakeholders.

The integration with popular collaboration platforms like Microsoft Teams and Slack marks a pivotal advancement in security workflows. We are introducing new capability to post events from Flowmon ADS into Teams channel or Slack to instantly notify security teams. Integrations scripts are based on simple webhooks and available out of the box on our support portal both for Teams and Slack.

Many organizations manage a hybrid infrastructure spread over on-premise and multiple public cloud platforms such as AWS, Azure and Google for specific business applications. The hybrid cloud approach has advantages but adds more complexity for IT teams responsible for keeping IT systems safe and secure. The monitoring tools system administrators use for on-premise infrastructure are often unsuitable for monitoring public cloud platforms.

Zero trust isn’t an approach that can be delivered by buying a single product that claims to provide it. Instead, it is an approach that needs to be understood and implemented in complementary ways across an organization’s IT systems. We recently hosted a webinar titled Applying Zero Trust to Data Centre Networks to provide guidance on how organizations can use zero trust to enhance the security of their IT systems. The webinar details are below, after a summary of the topics covered.

This model has benefits, but at the same time, it introduces complexity for the IT teams tasked with monitoring and securing IT systems. Existing network monitoring technologies that system admins use with on-premise infrastructure are typically not expandable to include infrastructure and services running on public cloud platforms. This is a problem as you cannot manage and secure what you cannot see.

Flowmon is not a stand-alone system used in isolation. It is part of an ecosystem of monitoring and security tools used across the enterprise. Recently, we have introduced new integrations with Splunk and ServiceNow to simplify interoperability and enable IT and security teams to be more efficient. This is a good opportunity to remind of all the integration options and resources we have.

The cybersecurity threat landscape facing every organization is constantly changing. Cybercriminals are always looking for new vulnerabilities to exploit or changing existing attack methods to bypass protections. They also go to great lengths to hide their activities within regular network traffic and application activity. The attack surface that organizations present to attackers is also in a constant state of flux.

The risk from insider threats has grown massively, with perpetrators frequently getting around organizations' increasingly complex perimeter protections. It is one of the most common ways customer data or industrial and trade secrets leak. This very complex topic includes many types of threats and techniques. Let's discuss how you could detect insider threat activity at a network level.