108470 éléments (108470 non lus) dans 10 canaux
This year has been another brutal one for breaches and data loss, with 400 new threats emerging every minute by some reports. Most security administrators and architects have been shoring up defenses inside networks in order to better detect places of compromise and attacker movement. Many organizations recognize that one of the fastest ways to beef up detection capabilities is to add context-based network analytics like those provided by Security Information and Event Management (SIEM) systems and NetFlow security analyzers.
Adoption has been brisk, the SIEM market is one of the strongest with a forecasted growth of 12 percent annually reaching $4.54 billion by 2019. And recently, Cisco further highlighted the importance of network telemetry to security with the acquisition of NetFlow analysis veteran Lancope for $453 million.
NetFlow and IPFIX have long been understood to offer critical insight to insider threat detection in that they provide contextual information about network traffic. In order to surface anomalous patterns on the network, NetFlow/IPFIX analyzers look at the packet metadata and group similar information into the bigger picture of attacker operations inside networks.
NetFlow/IPFIX records from some sources may contain additional metadata including URL, CDP and SIP user information. For instance, a DDoS attack that hits a web resource one too many times is sure to be flagged by analyzing the record for every packet hitting that resource.
Another rich source of security intelligence is contained in HTTP response codes. These may be appended to NetFlow records in order to centralize metadata intelligence. HTTP response codes are divided into five categories:
For the casual web user, an encounter with a 404 error code means trying a couple more times and then moving on after unsuccessfully accessing the page. But amass all of these codes over time, and through the power of analytics tools, a picture of suspicious and nefarious activity can come into view.
For instance an analysis of 2XX codes, which denote successful access to resources that require special authorization, might surface an atypical or unauthorized user getting through. A flurry of unusual HTTP 2XX codes from your servers that is well above what has been benchmarked as normal for the network could mean an attacker has found a way to send malicious requests successfully that are being answered by the target servers.
3XX codes can be analyzed for indication of redirections that are anomalous and may lead to security sensitive URIs inside target networks. Finally, too many 4XX codes in a short time span can signal that an infected machine is searching to make contact with a command and control server.
The bottom line is that these codes are a trove of network intelligence and the key to unlocking it is having access to this data and being able to analyze it. The value of NetFlow and network metadata to security analytics is undeniable. The challenge for security teams is to understand how NetFlow is being generated in their environment.
For instance, if teams are relying on routers to generate NetFlow, they may get sampled records which give an incomplete picture from a security perspective. The other item to consider is which tools and utilities the organization has for collecting and analyzing NetFlow, IPFIX and network metadata.
To have the most effective metadata analytics framework organizations should aim to centralize NetFlow generation to a security delivery platform that can offload routers and switches and provide full un-sampled NetFlow records. Security stakeholders should ensure that their NetFlow generation capabilities offer additional network information like URL/URI, CDP, SIP, as well as HTTP response codes.
Finally ensure that you have analytics tools that can consume unsampled NetFlow and metadata to provide security analytics at scale. This will give organizations the best chance of surfacing threats and malicious actors, even if they are operating "low and slow".
Johnnie Konstantas is a senior technology marketing executive at Gigamon.
Photo Credit: honglouwawa/Shutterstock
Second top Wikio des blogs seo, ce classement dresse une liste des différents blogs francophones traitant essentiellement de référencement, en fonction de leur popularité (critère basé sur le nom de liens entrants depuis les articles d’autres blogs). Quelques mouvements dans ce classement, changement de « leader » avec en première place désormais, le blog de Sébastien Billard. Retrouvez en exclusivité les 20 premiers du classement Wikio de janvier 2010…
Suite et source : Top Wikio Blogs SEO Janvier 2010
Note : Le top blog complet de janvier 2010 sur [wikio.fr] n’est pas encore à jour…
Nouvelle thématique dans les classements de blogs Wikio, voici le Top Blogs SEO. Découvrez dès maintenant les 20 premiers blogs traitant de référencement de ce classement Wikio ; classement basé exclusivement sur les liens rappelons-le.
Source et suite de l’article : Top Blogs SEO Wikio » Antoine, Référenceur
Après les Sitelinks classiques et les Sitelinks en ligne, voici les Sitelinks en fil d’Ariane ! Non ce n’est pas une hallucination, quelques internautes ont pu remarquer ce nouveau test de la part de Google pour enrichir les résultats de recherche. Ce nouveau type de sitelinks en test, semble se baser avant tout sur la présence d’un fil d’Ariane puis le reproduit à la suite de l’URL de certains sites internet. L’auteur de cette observation a pu remarquer la présence de cel autant pour les résultats de forums, de blogs et sites traditionnels…
Source et suite de l’article : Des sitelinks en fil d’Ariane ? (ou inversement)
A l’occasion d’une probable Google Dance pour le PageRank des sites web, Google semble faire évoluer également ses pages de résultats de recherches en innovant sur les Sitelinks, liens de sites.
De nouveaux types de sitelinks sont apparus dans les pages de résultats de Google, plus petits, plus discrets et ne touchent pas uniquement le premier résultat comme les sitelinks “traditionnels”. Google fait des efforts pour modifier ces pages de résultats, un peu d’évolution ne fait jamais de mal!
Les sites du gouvernement sont nombreux, mais ne vous êtes vous jamais posé la question de l’audience que peuvent engendrer ces sites?
En janvier l’audience des sites gouvernementaux connaît une hausse de +18,8 %, soit 17,15 millions de visiteurs uniques[...]
Données: Internet.Gouv.fr Stat@Gouv
Source: Stat@gouv: statistiques des sites gouvernementaux
Sur le ton de l’humour, voici une illustration qui donne tout de même l’état d’esprit des référenceurs face au géant Google dont parfois il est difficile de comprendre le fonctionnement.
Source et suite de l’article: Wheel Of Fortune : The Google Game Show