Cloud Native Full Packet Capture to Meet the DoD SCCA

Posted by Marshall England on Apr 19, 2021 2:17:29 PM

How a cloud native packet capture platform can meet the DoD SCCA Requirement

Traditionally full packet capture systems exist to obtain the network communications between various hardware devices – servers, switches, routers – in a physical network environment. With the advent of Kubernetes and cloud native environments that type of traditional approach is no longer effective (or relevant) to provide information into ephemeral resources. Information from microservices and containers such as pod-to-pod, namespaces, and intra-pod communications, etc. are critical for continuous observability and forensic inspection for performance, security, and reliability engineering applications. The evolution of infrastructure and network communications has evolved into virtualized and cloud native architectures such that new technologies are needed to operate and monitor those systems.

Recently, we were approached to partner with a global cloud service provider (CSP) to meet the Department of Defense Secure Cloud Computing Architecture Functional Requirements PDF (DoD SCCA) for Full Packet Capture (FPC) by providing a cloud native FPC solution for their new environments.

Read More

Tags: network preformance, cyber security, mantis, containers

NSA: detect and fix out-of-date encryption protocol implementations

Posted by Peter Dougherty on Jan 11, 2021 2:11:27 PM

The recently announced NSA "instructions for National Security System (NSS), Department of Defense (DoD) and Defense Industrial Base (DIB) system administrators on how to detect, prioritize and replace unauthorized or deprecated TLS protocols with ones that meet current standards.”

Encrypting communications is one of the most critical tools for protecting data. However, if older and out-of-date encryption protocols are in use, that presents a vulnerability that could be exploited to gain access to systems or networks. Updating to the latest TLS 1.3 and the heavily supported TLS 1.2 along with compliant cipher suites and strong authentication is recommended.  

Read More

Tags: cyber security, Real-Time Monitoring, mantis, cybersecurity

Father Time's Cyber Reflections

Posted by Peter Dougherty on Jan 7, 2021 4:24:03 PM

As another year is completed, now is the time to spend reflecting on the state of technology, cybersecurity and innovations. The year 2020 (and previous years) has revealed some uncomfortable truths, despite our best efforts towards improving the future prospects for clients and our industry. We are confronted with some key issues to take to heart, to improve on what has been brought to light through recent cyber events – including the Marriott, TikTok, & Solarwinds incidents - among the growing list of breaches.

Read More

Tags: cyber security, mantis, containers

Can Your Packet Broker Do This?- Part 3

Posted by Mike Fecher on Mar 5, 2020 12:55:05 PM

This is a continuation of our blog series on the advanced functions for network visibility solutions with fully programmable data pipelines. Read our introduction to the series here.

Another great example of the power behind fully programmable pipelines is the ability to gain insight into the actual visibility solution itself. Solutions such as the MantisNet RFP-NG are able to leverage the processing logic of these pipelines to better visualize what types of events are unfolding on the wire over time and provide metrics related to the rules that are running. Once again, let’s simplify things here for a moment to best understand this concept….

Read More

Tags: network preformance, cyber security, IT operations, Real-Time Monitoring, DNS Monitoring, mantis

Can Your Packet Broker Do This?- Part 2

Posted by Mike Fecher on Mar 5, 2020 12:45:41 PM

This is a continuation of our blog series on the advanced functions for network visibility solutions with fully programmable data pipelines. Read our introduction to the series here.

The biggest elephant in the network visibility room has always been the fact that you don’t know what you are missing. If there are packets with structures that fall outside of your fixed-function ASIC-based chip/solutions capabilities (and trust me, there always are), you are not only going to drop those packets, but you also have zero indication that you just missed a packet. The packets simply fail to parse, and you will not know that you are missing that information. You can’t control, what you can’t see.

Read More

Tags: network preformance, cyber security, IT operations, Real-Time Monitoring, DNS Monitoring, mantis

Can Your Packet Broker Do This?

Posted by Mike Fecher on Feb 24, 2020 1:40:27 PM

This is the first in a series of blog posts that examine the topic of fully programmable data pipelines and their potential to transform the network visibility industry. Within this series we will be discussing what a programmable pipeline actually is, how solutions built with programmable pipelines differ from what has been available on the market, and the advantages organizations stand to gain by adopting such solutions.

Before we begin, it is important to note that programmable pipelines are here today due to a key innovation made in the networking switch world- the development of a programmable ASIC/chip. This new chip, along with the open source language used to program the chip, have allowed a new breed of network visibility solutions to emerge. These solutions are dramatically different than legacy network packet brokers- solutions which are built using static, fixed-function ASICs.

Throughout this blog series we will make sure to cover the differences between these two solutions, as well as highlight the advanced visibility functions that are now available to users for the first time thanks to fully programmable data pipelines.

Read More

Tags: network preformance, cyber security, IT operations, Real-Time Monitoring, DNS Monitoring, mantis

DNS observability and managing DNS workflows the foundation for network monitoring and cyber defense

Posted by Peter Dougherty on Jan 6, 2020 5:04:29 PM

DNS. A necessary mechanism that makes global network communications work, connecting services to the internet or private network, thereby powering our digital lives can also present confounding and problematic engineering challenges with cybersecurity implications. Site not responding, nefarious applications, applications not resolving, broken network connectivity…many initial responses are Is it DNS? it’s DNS, “It’s always DNS”.

DNS, the domain name system, connects domain names to IP addresses that locate and route information and traffic from a source location to a client can be the bane of many network and cybersecurity engineers as they maintain networks or investigate potential threats on the network.

We’ll look at this critical network component, its threat value and how you can make DNS an actionable component

Read More

Tags: network preformance, cyber security, IT operations, Real-Time Monitoring, DNS Monitoring, mantis, cybersecurity

Automating Threat Detection and Response - Panel Discussion

Posted by MantisNet on Oct 29, 2019 12:30:39 PM

We had the pleasure of participating in a panel discussion with Michelle Drolet, CEO of Towerwall, Peter Dougherty, CEO of MantisNet and moderated by Diana Kelley, Cybersecurity Field CTO at Microsoft on automating threat detection and response.

Below you can read some of the highlights of the discussion and you can register (click the play button) to listen to the full discussion.

Read More

Tags: cyber security, Real-Time Monitoring, mantis

Network-centric Zero-trust and Software Defined Perimeter Controls

Posted by MantisNet on Aug 21, 2019 11:28:09 AM

In the beginning, networks and the Internet writ-large were designed with the notion of intrinsic security based on a perimeter wherein a person, application or third-party was verified and subsequently granted an all-inclusive ‘trusted’ status. Suffice to say, this approach has resulted in damages and incalculable losses on a global scale. Trust placed on verification at only of a few points of access has proven to be lacking. To put it mildly, according to the Cloud Security Alliance in their Software-Defined Perimeter Architecture Guide, “Today’s network security architectures, tools and platforms all fall short of meeting the challenges presented by our current security threats.”  With recent (network) technology advances, we are now capable of building continuous verification to enable zero-trust.

Read More

Tags: network engineering, cyber security, Real-Time Monitoring, mantis

Network Traffic Analysis: Real-time Identification, Detection and Response to Threats

Posted by MantisNet on Jun 25, 2019 10:14:53 AM

Digital transformation and the growing complexity of IT environments present new vulnerabilities that can be exploited by attackers for reconnaissance, delivering malicious payloads or to exfiltrate data. Using live network traffic for analysis to expose hidden malicious or anomalous activities and security threats among the complexity is fundamental for improved detection and response. So much so, that Gartner recently published an inaugural market guide for network traffic analysis (NTA), to help organizations understand what to look for (more on that later).

What is network traffic analysis (NTA)?

Network traffic analysis uses network communications and their protocols for detection, identification and analysis of cybersecurity threats and potential operational issues. As you’ll read, we propose doing this in real-time, with wire-speed network data and analytics to meet the demands of digital business and to gain an edge on reducing mean time to detect (MTTD) / mean time to respond (MTTR).

Read More

Tags: cyber security, Real-Time Monitoring, mantis, cybersecurity