Infrastructure Management

From the perspective of network administrator and operator, the fundamental requirements for network applications are the same regardless of the environment they are running in. They need to have their network communication fast, reliable and secure. To meet these requirements, we need to have relevant data about the application traffic. For this purpose, the flow data from Progress Flowmon Probes fits greatly with a slight difference in comparison to the flows generated in a standard network. It is necessary to correlate the flow data with particular network applications or services running in Kubernetes (k8s). For this purpose, we use k8s metadata rather than relying on IP addresses, as pods are regularly created and destroyed meaning that the traffic for a specific application can be made up of many different IPs in a short period of time. It's also likely that the same IP address will be associated with multiple applications in a limited period of time.

Flowmon QRadar integration provides a single pane of glass to detect and respond to Flowmon ADS events directly in IBM QRadar. The integration packages were updated to support the latest version of Flowmon products and the IBM QRadar platform.

Over the last few years, the number and severity of cyberattacks against organizations have significantly increased. These attacks come in various forms, including ransomware, distributed denial-of-service (DDoS), data breaches, insider threats and many more. Despite the best efforts of many cybersecurity professionals to minimize these threats, it appears there will be no decrease in the threat level in 2024. As a result, cybersecurity teams are under immense pressure to reduce the risk to their organizations. They need to focus on identifying and mitigating the most significant threats that will likely occur in 2024 and in the future.

The initial response to a ransomware attack is crucial for determining the damage in terms of downtime, costs, data loss and company reputation. The sooner you detect the activity associated with ransomware, the sooner you can slow its spread. From there, you can take remedial actions to significantly reduce the effects of the attack. In this blog, we’ll outline key steps organizations should take during the first 48 hours after a ransomware infection is detected. We’ll link to a recent Progress Flowmon webinar on the topic that also discusses how national recommendations and regulatory frameworks, such as NIST and NIS2, provide guidance on cyber responses. The webinar outlines how Flowmon solutions can help with early detection and response to ransomware attacks.