Enriched Metadata for Comprehensive Network Security

Metadata Enrichment for Network Security

Ensuring the overall security of your networks and your clients’ networks continues to be a growing challenge. Companies are often left scrambling to manage complex network security solutions that are capable of providing sufficient protection but are often performing sub optimally due to SecOps teams not fully understanding all of the capabilities of their own security solution. At NetQuest, we can help make sure you are at least extracting the right data from your network for optimizing your network security solution. Here’s what you should know about how you can use enriched metadata to enhance network visibility and security and how to get the assistance you need with ongoing cybersecurity demands and challenges.

What Is Content-Enriched Metadata?

Content-enriched metadata takes the process of analyzing metadata for anomalies a step further. It often uses artificial intelligence or machine learning technology to add critical information to segments of metadata. Enriched metadata easily organizes and classifies information and allows you to use search refinement to weed out irrelevant results. It can also detect important information about a set of data, including application information, DNS data, personal account numbers, names, addresses, locations, organizations, and more. This information is organized in an easy-to-access way that can be sorted, refined, and manipulated in various ways to provide nearly endless ways to look at your network’s security.

What Are the Benefits for Businesses?

There are numerous benefits of content-enriched metadata for businesses, especially those with large cloud-based or hybrid networks that may not have the resources to manually investigate packet information in the event of a security breach. Some of these advantages include but aren’t limited to:

  • Enriched metadata can capture almost as much data as a packet analysis system. You don’t have to compromise the amount of quality data sampling you can otherwise obtain from rich metadata. More than 90% of critical network information is captured by extracting enriched metadata from a network, which is just shy of what a packet analysis system can do, albeit the packet analysis system uses significantly more compute resources.
  • Enriched metadata improves a company’s overall cybersecurity. When a suspected or confirmed security event occurs, your team goes into investigation mode, pulling records and data from every transaction to identify the malicious actor and what data may have been lost or compromised. Content-enriched metadata cuts down dramatically on the amount of data that must be analyzed making it easier than ever for SecOps teams to provide valuable details in real-time.
  • Content-enriched metadata can help you understand the intent and tactics of would-be hackers. To effectively fight malicious entities that would benefit from the theft of your company’s sensitive information, you need to put security in context. Enriched metadata helps your organization better understand the TTP (tactics, techniques, and procedures) of hackers that attempt to infiltrate your network and steal data. This information can then help you make decisions about additional security layers you may want to consider adding to prevent similar attacks in the future.
  • Personal Identifiable Information (PII) can be more easily extracted, removed, or protected in enriched metadata systems than blob-type data (packets, images, videos, speech) that require detailed extraction algorithms.
  • Network security solutions leveraging content-enriched metadata use only about 2 to 10% of the storage and compute resources when compared to solutions relying solely on full packet analysis. The reason is that the metadata uses a fixed number of defined fields to summary each specific network flow. In other words, you get the who, when, what, and where (the analytics figures out why) of the conversation rather than having to watch, listen and store the data for a whole conversation between two people. 

As cybersecurity threats continue to evolve, organizations must stay at the forefront of keeping their networks and sensitive data safe. Enriched metadata evolves along with threats, providing dynamic intel on how a threat operates, helping you isolate the attack and develop new security measures to eliminate ongoing threats.

How NetQuest Can Help You Deploy Content-Enriched Metadata

Migrating network security solutions from packet-based data capture systems to enriched metadata analysis can seem like an overwhelming task, especially when your team is already maxed out meeting the needs of your business and its clients. NetQuest has been providing sophisticated cybersecurity and network monitoring solutions to businesses since 1987 and can help your company tailor a customized security strategy to meet your specific industry’s needs. Contact us today to learn more about how we can help your company obtain a secure, easy-to-navigate network security solution that keeps your data as safe as possible.

What is The Future of Cybersecurity? | Trends & Emerging Technologies

OMX3200 - Scalable Network Visibility and Cyber Security Solutions for 100G and 10G networks

Cybersecurity is crucial for the constant evolution of the digital world. Whether you are a business owner or consumer, you must be prepared to adapt to new technologies, rules, and strategies that will help build a safer and more secure online space. Thus, the prevalence of exposed network surfaces forces us to invest in increasingly sophisticated defense systems.

It is impossible to progress in the modern digital world without strengthening your cybersecurity protocols. Data and system protection in a frequently “connected” environment is essential to ensure users, businesses, and governments’ integrity. And with the complexity of security requirements increasing for several reasons, it poses a more significant challenge to develop advanced security systems. Therefore, our continuous defense against hackers and cyber criminals should influence the future of cybersecurity with enhanced data monitoring solutions.

As per Larry Ellison, CTO of Oracle Corporation, “We need a cyber defense system that automatically detects vulnerabilities and attacks. The security flaw must be corrected before an attack occurs.”

Cloud Computing and Internet of things (IoT)

Cloud computing allows you to transfer data and other computing services (including servers, databases, software, storage, analytics, networking, and intelligence) over the internet, shared not limited to a single device but accessible from several points. For businesses and users, this represents an advantage in terms of efficiency and cost.

However, this technology allows cyber attackers to open a breach that could give them unwanted access. Anyone wishing to harness the enormous potential of cloud computing will therefore need to pay increased attention to their own security. No system is entirely immune to attack, but adopting advanced network visibility solutions dramatically reduces risk.

The same goes for the Internet of Things (IoT) or the network of interconnected devices and interfaces. It is not only smartphones and PCs involved in the network but also the hundreds of sensors and other devices.

The Importance of Cybersecurity

The accelerating cybersecurity threat is overtaking efforts from a defensive perspective.

A cyber attack is characterized by the multiplication of cyber-catastrophes, which is unlikely to occur – except for a possible escalation situation between nations or states. Although it belongs to a specific geopolitical logic, the possibility is frightening, and the outcome could be detrimental.

For example, the economic consequences of cybersecurity risks are increasingly troublesome. It seems that the acceleration of digital transformation would ultimately affect economic growth. The quality network security systems is becoming one of the most critical competitive advantages or disadvantages for companies.

There is a culture growing within cybersecurity that limits the most severe damages of cyberattacks. Companies that have successfully developed defensive solutions may even decide to commercialize them to give access to the public. This new context favors the emergence of secure cyber defense networks, including corporations, public institutions, university research centers, start-ups, private cybersecurity groups, etc.

3 Emerging Technologies Influencing Cybersecurity

Three prominent technologies are emerging due to the digital transformation that continues to highly affect required cybersecurity solutions.

Artificial Intelligence (AI) and Machine Learning

Artificial Intelligence (AI) and Machine Learning will increasingly and continuously influence the evolution of cybersecurity.

Security will invariably evolve in an ever-changing cyber environment. Instead of obeying a specific design, security should become more organic and autonomous, much like our immune system. Ongoing training and adaptation will enable systems to recognize and respond to new threats.

Cyberattack detection becomes more widespread, so IoT ecosystems will rely on AI and machine learning’s line of defense to assess data reliability. The algorithms for processing data from the network sensors will not implicitly trust a single sensor node. Instead, they will seek consensus from surrounding nodes. Machine learning algorithms can continue to evolve to improve spam and malware detection, making it possible to identify fraudulent transactions quickly.

Predictive Defense

As the attacks are becoming more sophisticated, cybercriminals are also starting to concentrate on large organizations, states, and companies. The defenses must therefore try to evolve on a more advanced level.

Predictive defense and control need to be constant. Because, even if we can’t achieve zero-risk security, detecting an attack and intervening in the shortest possible time often makes all the difference. The most crucial weapon lies in “preventive” cybersecurity, which will become “predictive” through its evolution. Defense systems will be able to analyze signals that anticipate an attack. The challenge is indeed complicated and will play out in a fight where artificial intelligence will play a key role. However, we must not forget that the original idea (both the attack and the protection system) will remain human.

Hybrid Cloud

The emergence of new hybrid cloud environments invites a new approach to cyber defense, involving machine learning and autonomous systems in the service of cybersecurity. Organizations tend to move away from traditional security strategies and turn to intelligent SOCs capable of automatically predicting, detecting, avoiding, and responding to threats.

For example, many companies are adopting new cloud environments and switching their applications to SaaS solutions to gain agility, scalability, and operational ease. Thus, new hybrid cloud environments are gradually emerging within the informational system. The abundance of these unique environments encourages us to think about a new approach to cyber defense. Forward-looking organizations are moving away from traditional security strategies and turning to innovative SOCs. These security operations centers aim to automatically predict, detect, avoid and respond to threats automatically. SOCs must also correlate vast amounts of data and extract actionable insights.

Developing A Trustworthy Society

These emerging technologies stemmed from different societal scenarios highlighting the significant factors of cybersecurity evolution. They also show the importance of interactions between multiple data security elements.

Technology in itself will not be the only answer. It must be integrated into more comprehensive defensive approach strategies. Above all, change can only materialize if, at the same time, a society of trust develops in the communities. If consumers feel that a hyperconnected community cannot ensure data protection, technological disruptions will be wiped out.


To protect individual, private, corporate, and government information systems and prevent increasingly sophisticated threats from penetrating, organizations should opt for flexible, intelligent cybersecurity technologies. Artificial intelligence (AI), machine learning algorithms, predictive defense, and hybrid cloud deployments are just a few of the industry’s emerging technologies. Furthermore, security operations centers (SOCs) must also increase current proactive security strategies to address pressing protection issues. These security measures should accelerate the future of advanced cybersecurity protocols for all users.

NetQuest provides service providers, large enterprises and government agencies scalable network visibility solutions for advanced cyber intelligence and network security applications. Visit us here to learn more about our products and services and the industries we serve.

Learn the 3 Biggest Challenges of Big Data Analytics Now

Big Data Analytics

Big data security analytics utilizes advanced strategies to analyze and manage large sets of data. This may include structured or unstructured data, data from various sources, and different sizes of data, from terabytes and petabytes to exabytes and zettabytes.

The amount of data generated by just one business is staggering. For example, data is created each time a customer:

  • visits your website
  • makes a purchase
  • opens an email
  • calls your customer service department, or
  • interacts with your company in any way.

Data is also constantly created internally within your supply chain, human resources, marketing and R&D. Analyzing this data is critical to securing your business operations, however, this can sometimes be challenging. Here’s how.

1. A Shortage of Capable Data Scientists

The exponential growth of data volume over the last several years has created a significant demand for professionals who can manage and make use of such a large amount of valuable data.

Unfortunately, few data professionals today understand the importance of big data analytics and how to effectively analyze big data and mobilize the results for actionable intelligence.

A marked lack of capable big data scientists plagues the network security industry and is a challenge for companies who need in-house data management. Currently, there is simply a larger demand for big data security analytics than there are knowledgeable professionals who can effectively work with it.

2. Extrapolating Actionable Intelligence From Security Analytics Reports

Handling big data doesn’t stop at categorizing and storing it. The most important part of big data security analytics is being able to extrapolate meaningful insights that allow your business to protect its intellectual property and pursue growth opportunities.

Many businesses are overwhelmed by the sheer volume of data to be analyzed, along with the inability to manipulate it in ways that indicate trends and network anomalies. Without proper data analytics, your business may continue to invest in ineffective network security tactics leaving you open to attacks or data theft. This, in turn, could cause your bottom line to take a hard hit.

When managed properly, analytics reports can tell you which network security efforts to terminate and where to invest additional money. Companies may find these challenges difficult to overcome, especially without an experienced data scientist at the helm.

3. Large Volume Data Security

Keeping big data safe in today’s technological climate is difficult as hackers grow more sophisticated. This challenge increases significantly the more data there is, meaning that big data sets are at a high risk of being hacked.

This is particularly true for companies in industries like healthcare and finance since the data can be used to commit various types of fraud, such as:

  • identity theft
  • credit card theft
  • check fraud
  • healthcare fraud

Companies with big data sets have greater cybersecurity needs than companies that don’t have large volumes of data. That’s why it’s important to ensure only authorized parties are allowed onto your business network. Because big data is often stored together, once a hacker gets in, they quickly gain access to all the data.

This can be detrimental to your bottom line and your company’s reputation. In many cases, big data thieves have done so much damage that it has led to the closure of businesses across most industry sectors.

How NetQuest Can Help Your Business Manage and Benefit From Big Data Security Analytics

NetQuest can help your business find effective security solutions to manage and analyze big data in ways that provide your company with valuable insights and actionable information. Contact us today to learn more about how we can help you manage, analyze, and keep your big data safe.

The Future of 5G: Is The Cybersecurity Community Ready?

The Future of 5G: Is The Cybersecurity Community Ready?

As the fifth generation of broadband cellular technology — or 5G — becomes more widespread, cybersecurity threats will continue to grow in number and sophistication as new methods of attacking the network become available. Network infrastructure providers, virtual mobile network operators (VMNOs), and communication service providers (CSPs) play a critical role in the design and rollout of 5G networks.

With 5G technology, keeping everyone involved on the same page and acting synchronously will be more difficult than ever before. Here are some privacy and security improvements and challenges the cybersecurity community needs to be ready for and how to get the support you need as you scale your business and protect your investments in a fifth-generation world.

5G Networks Use Digital Routing Instead of Hardware-Based Switching

Fifth-generation cellular broadband networks have migrated away from hardware-based switching in a centralized location to digital routing defined by various software applications. Centralized hardware hubs allowed for checkpoints where traffic coming in and out of the network can be inspected and monitored. Virtualizing the routing process makes it more difficult to create a single checkpoint for security control. This means that organizations will have to coordinate with operators in order to implement visibility devices.

Virtualizing High-Level Network Functions Increases Security Risks

5G networks allow for high-level functions to be performed digitally instead of by physical computer hardware. While this does increase the speed and accessibility of higher-level functionality, it also creates unique vulnerabilities. The standardized protocols that serve as building blocks for the execution of digital functions are well-known to hackers, making the infiltration of 5G networks faster and easier.

Additionally, the short-range, low-cost antennas needed for 5G networking also become targets, and since they have a much shorter range than 4G antennas, there are many more of them in urban areas. Each of these sites is a hub for a number of data streams that also carry their own cybersecurity risks.

Organizations will have to know how their connectivity footprints are deployed as more applications and business services will be utilizing the capability 5G affords running on top of mobile networks, rather than traditional wired infrastructure.

5G Impacts Home Workforce Security

As a large portion of today’s workforce began operating from home, the technology industry realized there was a limit to cloud availability and connectivity across the globe. Increasing the number of remote devices connected to a network and spreading out their location not only makes networks more vulnerable but also creates a greater need for infrastructure support. Businesses need enterprise solutions for intelligent, responsive networks that can withstand congestion and ensure the security and integrity of critical data.  

5G Networks Connect Billions of Small, Hackable Smart Devices

There are currently billions of internet-connected devices in the world, most of them small and portable. These devices are often easy to hack, and when connected to a 5G network, can easily allow a malicious user to access a plethora of data contained within the network.

Identity security is also an issue as International Mobile Subscriber Identity (IMSI) catching attacks uncover the identifying information of mobile device users. In some cases, bad actors are even able to download exploitation software on 5G-connected devices. NetQuest can help telecom providers discover monitoring solutions for more secure portable device management.

How NetQuest Can Help Your Business Increase Privacy and Security in a 5G Climate

Despite security concerns, upgrading to 5G networking is necessary for companies to continue doing business successfully in today’s climate. It’s an essential growth factor for securing the sustainability, scalability, and profitability of your company now and in the future.

By weaving security, monitoring, and privacy protocols into the very architecture of 5G networks, the entities who deploy them can be proactive in protecting the privacy of their networks’ users.

NetQuest can help your company ensure that important information about the location, identity, and behavior of your users is kept safe. Contact us today to learn more about privacy and security for 5G networks or to schedule an appointment to discuss your digital security needs with one of our experienced professionals.

Does your organization view SecOps as a profit center? It should.

OMX3200 - Scalable Network Visibility and Cyber Security Solutions for 100G and 10G networks

Does your organization view SecOps as a profit center? It should.

By Mike Seidler, Director of Product Management, NetQuest Corporation

SecOps, or Security Operations teams, have the ability to provide tremendous value to the organizations they work with. As technology continues to grow at breakneck speed, reliable SecOps will become absolutely critical to enterprise profitability. Don’t underestimate the merit a good SecOps team has on your organization’s ability to generate revenue — here’s how they’ve transformed the landscape of security operations for businesses worldwide.

Shifting the Perception of Cyber Security Value

The relevancy of good cybersecurity isn’t focused solely on regulatory compliance, loss prevention, and risk reduction; in fact, this fails to incorporate the primary goals of nearly every business, which is revenue generation and the overall growth of the organization. SecOps teams are shifting the perception of the value of data security by discovering new ways to use technology to solve customer problems and create value.

Helping Cyber Security Teams Drive Revenue

Many organizations see cyber security as a necessary drain on resources, not the potential for client opportunity and revenue that it can be. SecOps can help companies increase their bottom line, much more so than they invest in cyber security strategy.


They build relationships with customers who become loyal to your organization’s brand. SecOps teams that work directly with your customers to provide them with data security services tend to develop long-lasting business relationships with them that in turn create clients that are loyal to your brand. An established track record of keeping your own company data secure can also play a helpful role.

Strong network security principles appeal to customers by framing cyber security efforts as a social responsibility. SecOps can assist organizations with the reframing of their cyber security efforts in a way that demonstrates industry leadership and customer commitment. By helping your company develop an approach that positions data security as a moral and ethical social responsibility, SecOps teams can create messaging that better resonates with your customer base.

SecOps teams allow your organization to offer premier data security products and services at a higher price. The market for simple security solutions that customers can use to protect their data and privacy online is growing, and companies can offer these services as upgrades or add-ons to basic cyber security bundles for an additional charge. This enables SecOps teams to drive engagement with premium security solutions your organization provides.

SecOps teams can help you create a better customer experience. Today’s customers not only desire a strong sense of security when they’re making a financial transaction online, they absolutely demand it. Your organization can only create a rich, engaging experience for customers once your SecOps team has taken the necessary steps to ensure that your network’s security is top-tier and no area of your network is unprotected.

They establish and protect current and future revenue generation. Every organization has proprietary data and intellectual property that hold the answer to future growth and revenue generation. Your SecOps team can help your company ensure that your trade secrets, personal identification (PI) data, and business critical processes and data are protected. A close working partnership with your customers and your SecOps team shows that their PI, data, and business processes are under a watchful eye from malicious hackers and cyber attacks. This creates a meaningful perception and value that both companies’ successes are tied together.

Is Your SecOps Team Doing Enough For Your Business?

If your organization doesn’t have a dedicated SecOps team or your team isn’t doing enough for your company, NetQuest can help. We’ve been helping SecOps teams by providing comprehensive network visibility solutions solutions to organizations since 1987 and are committed to offering our clients unparalleled value for their investment. Contact us today to learn more about how we can help your company drive revenue through smart cyber security efforts.

IPFIX 101: The Lowdown On The NetFlow Upgrade

Scalable Network Visibility and Cyber Security Solutions for 100G and 10G networks

IPFIX 101: The Lowdown on the NetFlow Upgrade  

By Mike Seidler, Director of Product Management, NetQuest Corporation

IPFIX, or IP Flow Information Export, is the technical term used by network engineers and cybersecurity specialists to describe the process of analyzing network data by using a standard method for generating metadata to summarize network flows. IPFIX can be used to establish typical network behavioral patterns so that anomalous activity can be detected. The majority of the industry refers to IPFIX as NetFlow since the two technologies are very similar, however, there are some key differences that we believe highlight why IPFIX is a NetFlow upgrade.

Need high-level visibility into your company’s network? Welcome to IPFIX 101.

What Is IPFIX?

IPFIX is a standard developed by the Internet Engineering Task Force (IETF) to expand upon NetFlow v9 to create a more flexible solution for collecting and analyzing critical network data. The IPFIX protocol uses very similar procedures as NetFlow for exporting network traffic data, however, IPFIX was designed with additional extensibility and is considered the “upgraded” version of the protocol.


IPFIX uses a unique set of terms that may be familiar to most networking specialists, but we wanted to include them for engineers. 

  • Metadata refers to a subset of information that can easily be used by databases, e.g. Source IPv4 address, rather than reading and describing an entire packet record. 
  • Flow Record (or Flow) refers to a complete network conversation between endpoints, usually represented in metadata format. Flows can be bidirectional (both sides of the conversation – talking and listening), or unidirectional (from the perspective of one endpoint talking to another – talking but not listening).
  • Template is a numbered dataset which is encoded with IPFIX data records. Each template is numbered to indicate what unique data records are present.
  • Exporter is a device that can create IPFIX flows (see Metering) from packet streams.
  • Metering is a process that creates IPFIX flow records from a packet stream. Usually IPFIX Exporters are performing flow metering. 
  • Collector is a system or device which receives flow records for analysis. 

How Does IPFIX Work?

IPFIX uses a predetermined set of protocols to export a network flow record to a “collector,” who then further segments and analyzes the data to produce accurate and real-time insights into a network’s behavior. These protocols are flexible and customized to capture user-defined data, so you’re always reviewing the most critical data sets. With this technology, a single IPFIX “exporter” can send information to more than one collector and there’s no limit to the number of exporters from which a collector can obtain information.

Why Use IPFIX?

In most cases, IPFIX serves as a NetFlow upgrade providing increased flexibility and many more customization options than NetFlow v9. This can greatly increase visibility into critical network traffic parameters for increased threat identification and a more robust security solution. Driven by the desire of vendors to break from the litany of differing vendor-specific flow standards and leveraging the popularity of NetFlow v9, IPFIX was designed to offer open standards freedom to tailor your flow gathering data for maximum network visibility.

Comparing IPFIX to NetFlow v9

Why is IPFIX an upgrade over NetFlow? Here’s how IPFIX and NetFlow v9, its predecessor, stack up against each other:

  • NetFlow v9 supports about 100 standard elements, while IPFIX offers almost 500, including all of the NetFlow elements.
  • IPFIX supports the flexibility to add vendor-specific data extensions.
  • IPFIX supports customizable data templates allowing users to choose which of the close to 500 elements to include in the transmitted data set. NetFlow’s support for customization is much more limited.
  • IPFIX offers variable length fields, which is quite useful when exporting raw data like URLs, DNS or HTTP host names.
  • Custom input of vendor IDs to allow proprietary information to be placed in a flow record.
  • Increased fidelity of IPFIX is essential for using flow data in security monitoring applications.
  • Did we mention IPFIX offers increased flexibility versus NetFlow v9? This cannot be overstated.

To be fair, with added flexibility, IPFIX can sometimes create compatibility challenges. NetFlow’s narrow focus is typically supported in almost all standard collectors and analysis tools, making tool integration a foregone conclusion.

Improve Your Network Security With IPFIX Today

Comprehensive network monitoring and security solutions are critical for your organization to reduce risk and streamline workflows. NetQuest can help. IPFIX is a key feature for us and we provide high-performance solutions that create IPFIX records and export them to other tools for detailed analysis. Check out our OMX3200 high-bandwidth sensor and how it can used to scale network flow analysis for security solutions.

We’ve been providing full-scope cyber security and network administration tools to organizations both large and small since 1987 and can assist you in developing security protocols that fit the unique needs of your company. Contact us today for more information.

Your Company Has Been Hacked. Will You Respond or React?

Scalable Network Visibility and Cyber Security Solutions for 100G and 10G networks

Your Company Has Been Hacked. Will You Respond or React?

by Chip Mesec, Senior Product Manager, NetQuest Corporation

Breathe and Think

While reading about the U.S. Treasury and Commerce Department hacks on Krebs on Security, it got me thinking about the panic going through the minds of the SIOs across the world. In fact, it made me sad to think of what their holiday season will be like having to deal with a hack of this magnitude in addition to COVID-19, year end pressures, the economy, and other demands on their time. Companies in the business of securing IT systems, as we are, share customers. There is a mindset in all of us:

We’re the good, fighting against the evil underground hoards!

This hack is so sophisticated that the SolarWinds Orion software to manage IT systems did not have a vulnerability.  It appears that the hack was built-in as a trojan by the Russians – which changes the game entirely. It is always easy to blame a single company, but SolarWinds is a wonderful company and creates a great set of products that are respected in the industry. When you are dealing with hacks of this level of ingenuity, you go through your mental list of what could have been done to prevent the intrusion in my company, my code, my systems – have we done enough?

Watch Dogs for Watch Dogs

All of this gets me thinking about how intelligence groups have operated throughout history: the group that watches the enemy, the groups that watch the groups that watch the enemy, and so on. My first inclination is to create a group to watch IT, and a group to watch them. It all fizzles and begins to look like the script for a Mel Brooks movie about a government coup in a small Eastern European country.

Analysis or Rabbit Hole?

When you do the analysis, it’s not long before fear creeps in. If you can choke that down there are some positive learnings that we can gain from this exercise.

  • We as human beings have become very good at-risk reduction and mitigation – it is built into our DNA – flight or fight, go around the long way, wear your seatbelts.
  • We perform risk vs. reward analysis very quickly – What is vulnerable? Who had access? How far do I go back to get a clean system? What was taken and how do I get it back? What is the number of my lawyer?

What Ifs and Worst Case

Here are some things to think about that may open your mind to think outside the box with respect to security and worst-case scenarios.

  • How would you operate your business if every piece of software you used was vulnerable or being manipulated – how would you survive?
  • Is there a zero-trust model that you could put in place so that every action within your IT framework provides a high-degree of confidence?
  • How do you create a test to validate or invalidate your assumptions?

Another way of looking at it…

  • What if I ran a bank and all the tellers were thieves?
  • How could I get to work if my tire gets flat every 5 miles?

I do not have a magic potion or a product which will drop in and cure your ills – there is no company that can offer that. But when dealing with the “first of its kind” type of seminal hacks, it opens your mind to solving difficult problems and that is why most of us got in the business.

Consider it on the job training.

Cyber Security Threat Identification At Scale

Scalable Network Visibility and Cyber Security Solutions for 100G and 10G networks

As Internet usage continues to expand exponentially at breakneck speed — particularly in the business sector — companies should be prepared not only for new revenue generation and growth opportunities, but also for facing challenges with network security and reliability. Just as applications, compute infrastructure, and the number of connected devices increase, the network scales as well, typically exponentially. Maintaining cyber security threat identification at scale is important to track as your network infrastructure evolves via on-premises expansion or cloud migration. It is imperative to ensure the protection of critical data and to minimize the risk of a security breach as your network complexity increases.

Here is what you need to know about network monitoring and cybersecurity threat identification as your network evolves.

Using Flow-Based Analysis vs. Packet-Based Analysis to Detect Cyber Security Threats

Monitoring your network for potential threats is critical to your corporate health as the network is literally the corporation’s lifeblood. Older security guidance recommended viewing every packet to detect all network anomalies and expose potential security threats. Newer methodologies have emerged favoring inspection of flow-based data (information summarizing each network conversation) over packet-based data. Monitoring network flows can be equated to measuring your temperature and blood pressure to quickly detect health, rather than using detailed lab tests and x-rays for every doctor visit.  Both packet-based and flow-based tactics have advantages and drawbacks for network security analytics; here is a quick look at each and how to combine them for maximum efficacy and scalability.

Packet-Based Analysis


  • Packet-based analysis has been preferred by many IT professionals for years simply because it is so thorough; this type of analysis does not miss any important details.
  • Firewalls and Intrusion Detection systems are at their core – packet analyzers.
  • The packets contain all the information for every transaction in your business.


  • Processing packets for securing high-speed networks or carrier backbones requires stacks of costly servers for storage and analysis.
  • Processing packets within standard cloud infrastructure is expensive due to the cost of bandwidth – you are paying for traffic twice.
  • Packet-based visibility systems cannot view encrypted traffic which can consist of over 50% of all traffic on typical network links.

Flow-Based Analysis


  • Flow-based analysis provides a summary of packets within a flow and can reduce network traffic to your security tools by nearly 98% while still providing 100% visibility to subtle threats.
  • Modern flow-based analysis can identify applications and other useful application-layer information even if the traffic is encrypted.
  • Flow-based data can be created, collected, stored, and analyzed at a significantly lower cost than packets.


  • For fine-grain detail that is required to detect a particular malware variant or other data located deep within a packet, a packet-based system is required.
  • Some network flow deployments rely on sampled collection, only viewing 1 out of every 1k or 1 out of every 10k packets. Unfortunately, this is not useful in standard security applications.

Using Flow-Based Analysis to Complement Packet-Based Analysis: The Best of Both Worlds

Fortunately, your organization does not have to choose between flow-based or packet-based analysis. You can have the best of both worlds by using a network service node (a probe with more capability) — a network device that reconfigures raw packets into unsampled flow data, while at the same time steering targeted packets for deeper level forensics. A network service node can also “clean” packet data by stripping headers and tunnels to access innermost IP packets for delivery to downstream analytics tools. Complementing packet-based analysis with flow metadata is an excellent strategy for comprehensive network monitoring that can be scaled as needed.

What Is IPFIX?

Internet Protocol Flow Information Export (IPFIX) is an IETF standard defining a mechanism for extracting detailed flow information from network routers, switches, and probes. IPFIX is based on NetFlow, a Cisco-created network protocol designed to network performance by monitor incoming and outgoing IP network traffic.

Understand the difference between NetFlow and IPFIX

How IPFIX Is Used

Managed IT security providers and other IT professionals use unsampled IPFIX flow data to:

  • Observe network traffic 24/7/365 in real-time
  • Preserve a picture of the network at any given time
  • Detect low-and-slow security attacks against the network, web servers, or Enterprise IT system.
  • Provide multiple layers of defense against internal and external cyber security threats
  • Collect data about network flows to allow for adequate traffic engineering and capacity planning

Sampled or Unsampled Flows?

Sampled flow data is a technique used by switches and routers to provide general information about a network’s behavior by inspecting a small representative percentage of the traffic – usually 1 of every 1k or 1 out of 10k packets. This enables traffic engineers to gain visibility into how the network is being used. The drawback in using sampled flow data is that this technique is not useful for fine-grain security threat analysis.

Unsampled flow data is a technique typically supported by more advanced network probes, sensors or service nodes. These appliances provide information detailing every flow traversing the network link. SecOps teams are increasingly using unsampled flow data to maintain cyber security threat identification at scale.

Get Help with Your Network Monitoring Today

NetQuest has over 30 years of providing high-speed WAN monitoring and service provider backbone packet processing for scalable network visibility. NetQuest’s OMX3200 IPFIX sensor generates unsampled flow data to security analytics tools helping SecOps teams avoid network blind spots. Learn more about intelligently scaling your network visibility fabric and safeguarding your company from malicious cyber threats by contacting NetQuest today.

Chip Mesec, Senior Product Manager, NetQuest Corporation

Are You Scaling Your Network Security Intelligently?

Scalable Network Visibility and Cyber Security Solutions for 100G and 10G networks

Scaling network security can prove to be difficult for organizations that aren’t prepared. Scaling your network security intelligently means being aware of ineffective tactics, understanding ahead of time what you need to scale up or down, and getting professional support when needed. Here’s what you should know.

3 Network Security Scaling Strategies That Don’t Work

Not all network security scaling strategies are effective or successful. Here are three inefficient scaling tactics your organization should avoid:

1. Investing In More Boxes

Many organizations make the mistake of simply adding more of the same physical boxes they are currently using when they need to scale their network monitoring infrastructure. If not done intelligently, this can be costly and inefficient. It is important to properly evaluate the available technology to ensure optimal visibility.

  1. Inspecting Less Traffic and Hoping It’s the Right Strategy

The other option is to select a section of traffic that is the lowest risk and allow it to pass through uninspected. This can lower the cost required to scale your network security solution but this strategy relies on a certain level of trust that you’ve selected the right type of traffic to be inspected and leaves your network vulnerable to specific low and slow types of cyber attacks.

  1. Scaling Without Paying Attention to Cost

Another problem organizations often encounter when scaling is doing so without keeping an eye on cost. It’s easy to scale up and realize later that your organization is unable to sustain the cost to manage and maintain the upgraded monitoring infrastructure.

What Your Organization Needs to Scale Network Security

Beyond examining unsuccessful strategies for scaling network security, it’s also critical to understand what you do need to scale appropriately. This includes but isn’t limited to:

A Scalable Mentality

While scaling can be hard on your existing network visibility infrastructure, it’s crucial that your organization have a scalable mentality. This means investing in continuous evaluation of existing tools and emerging technologies so that you are ready to scale your current network security solution up or down when the need arises.

Proactive Defenses Against Cyber Threats

Responding to cyber threats after your network has been hit typically results in the inefficient use of a security team’s resources. The cost of a reactive approach to mitigating cyber threats can be difficult to even calculate. For cost-effective scaling of any threat identification scheme, organizations should employ proactive defenses against cyber threats to minimize the impact of attacks.

What to Keep In Mind When Upgrading Your Security Controls

Once you’ve scaled your network monitoring infrastructure, you’ll need to adjust or upgrade the security controls you employ to take advantage of those changes. Here are some things to keep in mind:

Security On-Premise and in the Cloud

It’s not uncommon for organizations to address on-premise security while neglecting data they’ve stored on the cloud. When adjusting your security controls, be sure to include both on-site and cloud network tools.

Controls Classified by Session

Where security controls are applied should be done so intelligently. Not all traffic requires the same level of security, in fact, running all security controls for every session can be costly and time consuming to manage.

Consistent Security Controls

After determining the nature of the session, your organization should have the ability to apply consistent security controls to all sessions of that same type. For example, if you’re receiving traffic from an encrypted stream, TLS/SSL decryption software will be your first step. However, you are likely able to avoid more advanced security controls on sessions running between two trusted and secure network segments.

Get Help Scaling Your Network Security Intelligently with NetQuest

Identifying cyber security threats in today’s complex networks is essentially the same as looking for a needle in a haystack. Security operations teams are constantly on the lookout for new ways to protect their networks from malicious attacks as they scale because monitoring full packets at max capacity is expensive and uses too much valuable space in your network infrastructure.

NetQuest is proud to offer a completely scalable, enriched metadata solution that can reduce network traffic to your security tools by nearly 98% while still providing 100% visibility to harmful attacks. Learn more about scaling your network intelligently and protecting your organization from bad actors by contacting NetQuest today.

By Jesse Price, CEO, NetQuest Corporation

Will The Coronavirus Break the Internet?

Scalable Network Visibility and Cyber Security Solutions for 100G and 10G networks

By Jesse Price, CEO, NetQuest Corporation

As the novel Coronavirus has been dominating the news and conversations on a global basis, it also is likely to create some novel issues for the internet as well.   If we consider the scale of what is unfolding, the networks and systems that comprise the internet are likely to exhibit symptoms that are directly related to the virus and some may be acute.  Consider the following:

  • Telecommuting (working from home) is not something new, in fact we have been talking about and doing it for decades. Yet, we are about to scale the use to levels never seen before.
  • Expect increases in business videoconferencing and web conferencing as business travel is dramatically curtailed for sales calls, team collaboration and even industry events.
  • Online Learning is not something that is entirely new although it is constantly evolving to provide a more collaborative learning environment using more bandwidth intensive applications. As expected, the academic community at all levels is rapidly transitioning lesson plans to the use of this technology. The scale in the use of online learning tactics that are about to unfold is unprecedented.
  • Mass reductions of public gatherings, entertainment events and increasing quarantines are causing the entire population to spend more time at home. Expect peaks in streaming video content, online gaming and generic web surfing as people’s desire for both information and diversions escalate.
  • Global stock market volatility is upon us as breaking news is creating wild swings that haven’t been seen in over a decade causing automated trading circuit breakers to trip and halt trading.
  • Social media should expect to see large increases in usage as people replace human to human interactions with online communications services.

All of these factors correlate directly to the amount of bandwidth the network must carry and while users often measure network performance at our own personal point of access (i.e. our phone or wifi connection), it is the core of the network that will be tested as the situation escalates.  But beyond bandwidth, the anatomy of a single modern-day internet session is a complex array of systems and network services all working together in harmony.  A breakdown anywhere in the network has the potential to interrupt or block a critical application or service.

We are entering a bold new period in our ever-evolving world, no one can be certain how systems will behave since this type of situation is impossible to simulate or model.   What we do know is that we are all in this together, large and small countries, rich and poor individuals, those with and without healthcare, the virus is indiscriminate, and it isn’t going away anytime soon.  Here at NetQuest Corporation, we are focusing R&D efforts on securing the highest capacity Internet links on which we’re all becoming more dependent upon.  Rest assured that those responsible for keeping our world connected will be proactive and prepared to respond.