Flowmon Detects Windows DNS SIGRed Exploitation

The vulnerability called SIGRed (CVE-2020-1350) has been around for 17 years, during which time it was present in Windows Server operating systems from version 2003 through 2019 and received a maximum severity rating of 10. It was finally patched in July 2020. As the vulnerability allows an attacker to perform remote code execution on Windows Server via DNS, it poses an extremely serious danger and can propagate over the network without user interaction.


How to Block an External Attack with FortiGate and Flowmon ADS

It’s a question we hear often - how to use Flowmon to block an attack? Flowmon is not an inline appliance to stand in the path of inbound traffic, so we partner with 3rd party vendors who supply equipment like firewalls or unified security gateways. In this post, I’m going to show you how to instruct Fortinet’s firewall FortiGate via Flowmon ADS to block traffic in response to a detected anomaly or attack.


ADS 11.2 - More than ordinary blacklists

Improve your security posture with community Indicators of Compromise and use reputation data to detect threats in encrypted traffic. On the digital battleground, it pays to stay on your toes, but there are ways to make the work easier. Flowmon ADS 11.2 brings you new and refined methods of avoiding known threats and learning from attacks carried out against others. Main news.


How Flowmon Helps to Detect SUNBURST Trojan Attack in Your Network

Flowmon Anomaly Detection System from Kemp now contains Indicators of Compromise (IoC) for the SUNBURST trojan specifically. Users of the Flowmon network detection and response (NDR) tool can check if they are under attack and set up measures to detect SUNBURST. This December, the world shook at the news of several US government bodies falling victim to a highly sophisticated attack.

Enhance and automate your cybersecurity operations

Watch Keysight and Flowmon present a cybersecurity solution reaching into the layer one transmission and utilizing behavior analysis to identify a hacker’s fingerprint.  Keysight will give a high level explanation on how to build an efficient visibility architecture utilizing Taps and Network Packet Brokers. Keysight will then provide an introduction to Threat simulator, a breach and attack simulation platform, which will be used in the demonstration to provide realistic attack traffic to the Flowmon.