Volume 9
Champions Edition connaissance that uploads information about the network it is hosted on .
In an effort to stay under the radar of threat detection systems , many forms of malware are written to operate in a low and slow fashion without scanning the network .
These infections first observe the behaviors of their host , make note of the network resources they connect to as well as the protocols they use to transfer data . Only then , after learning what is normal for the infected host do they start connecting to the same systems , scanning directories , installing infections and then moving on to the next system .
This methodical spreading tactic allows the bad actor to set up entire camps of infected machines . Once valuable data is identified , files can be moved slowly , in some cases over several days all while trying to avoid detection .
( Hear from the Author directly , in this initial training series , to learn more . Courtesy of plixerweb and YouTube )
Although flow technologies are most often used for forensic investigative work , the security industry is coming to the realization that they are also excellent for unearthing slow moving - furtive infections as well as for mitigating real-time attacks such as DDoS that are powered by Mirai .
User element behavior analytics is emerging as a way to use statistical analysis or machine learning to find anomalies that humans are unlikely to uncover .
This strategy watches for specific events in several ways using thresholds , baselines , correlation and pattern matching . Triggers can occur for behaviors that to the human eye have a high probability of being a false positive .
However , by weighing the individual security events from multiple systems and totaling their value over time , probability indexes can be compiled with the goal of identifying extremely stealthy forms of malware that could contain Mirai .
NetFlow and IPFIX have become staple information sources for this type of detection .
About the Author
Michael Patterson , is the CEO of Plixer International .
Michael worked in technical support and product training at Cabletron Systems while he finished his Masters in Computer Information Systems from Southern New Hampshire University .
He joined Professional Services for a year before he left the ‘ Tron ’ in 1998 to start Somix which eventually became Plixer .
64