NetFort Advertising

NetFort News

The NetFort news category of our blog covers many different areas of our company and our network monitoring solution. Here you will find details of conferences and exhibitions we will be attending, announcements about forthcoming versions of our LANGuardian, and feedback from our customers. If you are looking to work with one of the most innovative companies in network security, the NetFort news category is the first place to look for a satisfying and rewarding career.

Announcing NetFort LANGuardian 14.5. A look at the new features

18 January 2019 NetFort News By: Darragh Delaney

LANGuardian 14.5

NetFort is delighted to announce the availability of our latest LANGuardian release, V14.5.

“One of our objectives is to ensure that our customers always have ‘eyes on their traffic,’ including their data centers, hybrid and public cloud,” said John Brosnan, CEO.

LANGuardian 14.5 includes:

  • AWS flow log support.
  • PCAP (packet capture) import and export options.
  • Passive username capture from RADIUS traffic.
  • Migration to Suricata IDS.

AWS Flow Log Support

Amazon AWS VPC Flow Logs can now be processed by LANGuardian and generate similar metadata to NetFlow. The VPC Flow Logs are merged into sessions, GeoLocation information is then added and saved into the NetFort database. Read more about it here.

Username Extraction from RADIUS Traffic

RADIUS stands for Remote Authentication Dial In User Service. Typically, a user login consists of a query (Access-Request) from the NAS to the RADIUS server and a corresponding response (Access-Accept or Access-Reject) from the server. The Access-Request packet contains the username, encrypted password, NAS IP address, and port.

RADIUS username metadata capture from network traffic

Our latest release includes a decoder for RADIUS traffic so user names can be captured directly from network traffic and stored within database tables on LANGuardian. You can then use this information to associate network and application activity with usernames. Read more in this blog post which looks at passive capture of usernames from RADIUS traffic.

PCAP Import & Export

LANGuardian 14.5 has a single page for the import and export of PCAP (packet capture) files. You can now extract network packets with or without filters by using the PCAP File Management page. Read more in this blog.

Migration to Suricata IDS

LANGuardian 14.5 now uses Suricata, which is a modern multi-threaded, high performance IDS. Suricata inspects network traffic by using a powerful, extensive rules and signature language. It also has strong Lua scripting support to detect complex threats.

We Are Hiring – Senior Software Engineers

26 October 2018 NetFort News By: Darragh Delaney
Senior Software Engineers

DESCRIPTION

At NetFort, we design and develop software that analyzes network traffic using deep packet inspection techniques to give our customers a unique level of internal visibility, including user activity, file and database monitoring, intrusion detection, bandwidth usage and Internet access.

We are located in Galway, a great cultural and sporting city, and one of the fastest growing cities in Europe.

Our engineers work on core R&D projects from requirements capture and analysis through design and coding to deployment and support.

As a Senior Software Engineer you will be involved in the following life-cycle activities:

  • Software architecture and detailed design, helping to interpret and analyze requirements
  • Software development to written technical specifications and coding standards
  • Testing, finding and fixing faults
  • Participation in reviews during the life-cycle

You will be part of a multi-skilled team working closely with specialists from across several disciplines, including systems engineers and project managers. You may be working on a number of projects at the same time.
Our projects range from rapid developments where tight timescales apply (a few weeks) to full scale developments (up to 2 years).
You will learn exciting technologies. We offer competitive salaries and share options.

ESSENTIAL CRITERIA

  • UNIX, C, Python
  • Technologies: TCP/IP networking, UNIX and kernel programming
  • Experience in developing high performance code solutions
  • Excellent communication, presentation and writing skills
  • Degree in IT, Electronic or Computer Engineering or related discipline
  • At least 5 years design and development experience.

DESIRED CRITERIA

  • Familiarity with Linux operating system concepts, GIT and JIRA
  • Professional and positive approach
  • Self-motivated and capable of working on your own initiative
  • Team player, dynamic and creative.

Meet us at RSA Conference 2018 – San Francisco

18 April 2018 NetFort News By: Darragh Delaney
RSA 2018

We are heading to the RSA Conference next week, as we do every year! This year, we expect there will be a lot of noise around compliance such as GDPR and CIS CSC 20 Ransomware, Network Security and User Monitoring, Network Traffic Analysis and Visibility and much, much more.

As one might expect, with any 4-day conference in the Moscone Center, there will be tons of technologies on show with organizations spending every dime to ensure their booth is as big as the next.  The RSA Conference is always a great event for us, and we don’t expect this year to be any different other than bigger and better, making for a robust Network Security dialogue.

If you plan on attending and would like to meet up, leave a comment below or DM us on Twitter @NetFort, we would love to chat!

NetFort Customer Webinar Featuring Newly Released LANGuardian Version 14.4.1

9 April 2018 NetFort News By: Darragh Delaney
LANGuardian 14.4.1

NetFort Customer Webinar Featuring Newly Released LANGuardian Version 14.4.1

Date: Thursday, April 12, 2018

Time: 4:00 PM BST

Presenter: Aisling Brennan

Aisling Brennan

Join us as we highlight the key enhancements and top new features of LANGuardian version 14.4.1.

This LANGuardian release includes a series of reports and dashboards to demonstrate technical security compliance with various standards including CIS CSC 20 and GDPR.

In addition to hearing about improved ease of implementation, enhanced features and enhanced functions, there will also be a time at the end for Q&A.

Register today as there is limited spaces available. If you cannot attend on the day we will send you a recording straight to your inbox provided you fill in your details on the form.

Announcing NetFort LANGuardian 14.4.1

LANGuardian v14.3

LANGuardian 14.4.1

NetFort are delighted to announce the availability of the latest major LANGuardian release, V14.4.1. This release introduces some changes and new features to help with compliance monitoring, including a new compliance section presents reports for monitoring technical security compliance with CIS CSC 20 and GDPR. Highlights of this release include:

  • SMB fileshare alerts on failed attempts to map network shares, create or read files and folders.
  • Encrypted sessions analysis of SSL/TLS/QUIC versions and ciphers used
  • Detect new server ports in use on your network
  • New Applications in use black/whitelist.
  • Allign report names more with compliance standards.

SMB fileshare alerts on failed attempts to map network shares, create or read files and folders

For some time now we have included a file activity monitoring feature in our LANGuardian product. It passively generates an audit trail of file and folder activity using network traffic as a data source. LANGuardian 14.4.1 extends this monitoring to now include the capture of failed access attempts. Many compliance standards require this so that you can detect anomalous activity where a user or device is attempting to access sensitive data.

You can read more about this feature in this blog post which looks at why is it important to monitor for failed access attempts. The screen shot below shows an example of the report output.

A closer look at the LANGuardian failed access reports

Encrypted sessions analysis of SSL/TLS/QUIC versions and ciphers used.

Since the mid 1990’s, SSL/TLS encryption has underpinned much of online security and is the defacto choice for encrypting our web based online shopping and payment transactions. SSL/TLS keeps our transactions private and unaltered. However, researchers and attackers have identified and published weaknesses in the aging versions of the protocols, from SSL2.0, SSL3.0, TLS1.0 and TLS1.1. and in the ciphers that they use.

LANGuardian 14.4.1 includes features that are useful for monitoring the status of SSL/TLS on your network. They include:

  • Inventory of SSL/TLS servers
  • Report on all the SSL/TLS sessions that have occurred on the network
  • A filter is also provided for the ciphers that are used

Learn more in this blog post which looks at how to detect weak SSL/TLS encryption on your network. The sample report below shows how LANGuardian can be used to show use of weak SSL/TLS versions.

Report showing use of weak SSL/TLS versions

Detect new server ports in use on your network

Opening new ports on a server increases that servers attack surface. Keeping the attack surface as small as possible is a basic security measure. New ports become active if you install new software or if you enable a new service on the server. For important servers on your network you should have an inventory of what applications or services are running so that changes can be detected.

If compliance standards such as GDPR are a concern then server monitoring is not just a nice to have, it becomes mandatory. You must maintain an inventory of who is connecting to what if you store sensitive or personal data. LANGuardian 14.4.1 now logs certain information when a port becomes active on a server for the first time. Read more in this blog post which looks at how to detect new server ports in use on your network using LANGuardian. The screen shot below shows an example of the report output.

LANGuardian Network Events (New Server Ports) report

Applications in use. Build white or black lists

LANGuardian uses an advanced application recognition engine to report on network activity. Instead of matching up port numbers with application names, it analyzes packet payloads to work out what applications are in use. LANGuardian 14.4.1 now includes new report filters which allow you to build lists of white or blacklists. You can then use these lists to detect new applications in critical areas such as your server VLAN.

You can access these new filters in the Applications in Use report. Click on the Protocol dropdown to start to build application lists.

Select multiple protocols or applications to build white or black lists.

You can include or exclude certain applications.

One you have made your selection, you can save this as a custom report which will include the filter.

In my example I selected a series of email protocols which I can then use to watch out for any new email protocols in use.

Combine the application lists with an IP range to focus in on your server VLAN for example.

Protocols in use on network

Align report names more with compliance standards.

LANGuardian 14.4.1 includes a new compliance section which groups reports for monitoring technical security compliance with CIS CSC 20 and GDPR standards. Many reports have been renamed so that they are more aligned with compliance standards. For example Top DNS Servers was renamed to DNS Servers. A full list of reports which were renamed can be found within the 14.4.1 release notes.

Video Guide: LANGuardian 14.4.1

NetFort attending Networkshop 2018

14 March 2018 NetFort News By: Darragh Delaney
Networkshop 46

Both Noeleen Hussey, Sales Director and Aisling Brennan, Customer Technical Support Manager will be attending Networkshop46 at the Liverpool Guild of Students this month, on Tuesday 27th March in Liverpool.

The conference agenda will be build around nine key themes and includes cyber security, cloud and data centre services and wifi and mobility. Take a look at the programme.

We would be delighted to make some new contacts and meet our current customers to discuss your way forward with LANGuardian, our roadmap and your current and future priorities and projects.

We hope you enjoy your visit, and if you plan on visiting the conference and would like to meet us, please feel free to contact us at: support@netfort.com and we will make the necessary arrangements for you.

Storm Emma, GDPR and the CIS CSC 20

GDPR Storm

It is back to work and school this week, following the most severe blizzard in years to hit Ireland, storm Emma (Emma, who decides the name?). The country was under the highest weather warning, a red alert, as the worst snow in 35 years swept north across the island. All shops were closed because of the weather and because they had no fresh meat, bread or milk left!  There seemed to be more talk regarding the lack of bread on shelves than the weather which is really unusual for the Irish. I saw some students walking home from the stores with cases of beer, pizza, beer, movies, no mortgage to pay, no worries, happy days, good for them!

Anyway, this storm has reminded me of another one that is on the way, and will also have a severe impact, the ‘GDPR’ storm.  GDPR is a hot topic for many people and organizations all over the world at the moment, not just across the EU but for also for ‘non-EU’ companies, even if they are not based in the EU. It is such an important market and as a result, they have EU ‘data’ and they are impacted.

It is such an important market and as a result, many organizations have EU ‘data’ and they are impacted. The port in this storm for many companies may be the CIS CSC 20.

Obviously, there is also a lot of hype and companies jumping on the bandwagon. Some of our customers have mentioned that they are sick of receiving sales calls from vendors, consultants, etc at this stage on the subject.

We in NetFort have been contacted by our customers, mostly our Irish and UK ones to date, asking us how we can help. ‘We have already purchased a LANGuardian, have been a good customer for years, we want to buy as few tools as possible, how can you help?’ Makes sense, most companies already have too many point security solutions and are trying to consolidate, NOT buy more.

We have also secured some new EU customers in central Europe. One for example, when asked why they purchased, came back with the following interesting information:

On our side, our GDPR” requirements are (so far):

  • Who is doing what on any shared file?
  • Who is sending or receiving a file on the Internet?
  • What is done on a database (SQL query is fine)?
  • What rights are given to some user?
  • What Admin are doing (reading CEO files or mail for example)?
  • What email is sent, to whom, with an attachment- for SMTP’
  • Some kind of IDS (have we been attacked) from either the internal network and the outside’

The image below shows a section from our CIS CSC 20 reports which we built using customer feedback like that shown above.

CIS CSC 20 Dashboard with reports

So we have taken the approach of firstly trying to work with and help our current customers and taking it from there.

Our LANGuardian  analyses raw network traffic or wire data, extracts application specific metadata and integrates with Active Directory to enrich the traffic metadata and add usernames. It enables visibility, drill down, context into both Internet and internal network user and device activity including shared Data (file shares and SQL databases)  Inventory, Users, and Applications.  The LANGuardian is ideal for continuous monitoring, troubleshooting, forensics and as result an ideal data source or tool to help demonstrate visibility, control, and compliance. It retains an audit trail of network activity very cost effectively for long periods but we needed to convince ourselves first of the compliance and GDPR usefulness, then discuss it with our customers and get their reaction.

Our or my first piece of learning was that GDPR is very vague, time-consuming and difficult to read and understand. I’m an engineer, I want hard facts, the detail I can read and believe in. I understand GDPR is still in its infancy but at the moment it is almost so vague it is frightening a lot of organizations and as a result, they are waiting to see what will happen. Risky approach.

From a security perspective, Article 32 specifically compels companies to look at existing best practices. For example, The UK’s National Cyber Security Centre “10 Steps to Cyber Security’ or ISO 27001 or the CIS CSC 20 Security Controls.  In our opinion, one very practical and detailed option is the CIS Critical Security Controls, originally the SANS Top 20.  Lot of good information here: https://www.cisecurity.org/controls/

So we have studied them and tried to understand the detail. There is a lot of good practical information, readable which is critical but also realistic. GDPR aside, organizations should use these or an equivalent as guidelines, a good checklist. Recently I have met a number of our customers face to face and made a presentation on the CIS CSC 20 and how they can help. I wasn’t trying to sell to them, they are already customers. Just trying to have a discussion and get their reaction.

I was surprised to discover that about 50% of them to date had been studying the CIS CSC 20 and the current goal was to target the top 5 and be able to demonstrate compliance with these by May:

  1. CSC 1, Inventory of Authorized and Unauthorized Devices
  2. CSC 2, Inventory of Authorized and Unauthorized Software
  3. CSC 3, Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
  4. CSC 4, Continuous Vulnerability Assessment and Remediation
  5. CSC 5, Controlled Use of Administrative Privileges

Seems like a good approach to us, take it step by step, be realistic. Be able to demonstrate that you are trying, taking it seriously, doing your best to be compliant. The goal is not just a checklist, it is to improve security and AVOID a breach. Everybody wins.

So now we ARE on a mission, on the CIS CSC 20 bandwagon because they are a very good practical set of security guidelines and realistic for organizations of all sizes.  We are trying to leverage them and show how our LANGuardian internal visibility and continuous monitoring of network and user activity can try and help our customers.

We now have a GDPR and CIS CSC 20 tab on our LANGuardian system, access it directly here.

Stay tuned to this blog for more and more practical information and learnings.

John Brosnan

CEO, NetFort

Announcing NetFort LANGuardian 14.4

Span port monitoring with NetFort

LANGuardian 14.4

NetFort are delighted to announce the availability of the latest major LANGuardian release, V14.4. It includes a number of major enhancements including GeoIP traffic reporting, improvements to the alerting engine and the ability to capture network traffic and generate a PCAP via any LANGuardian sensor on the network.

The main themes of this release are to improve traffic analysis, better alerting and to enhance the product so that it is better able to address compliance standards such as a CSC and GDPR. LANGuardian 14.4 includes:

  • New GeoIP filtering and displays.
  • New MetaData alerting GUI and rules support.
  • New user credentials from SMB sessions.
  • New Windows Services (DCERPC) decoder.
  • New full packet capture mechanism to save PCAPs from any LANGuardian sensor.
  • Improved accuracy of Google QUIC fingerprinting.
  • New PDF format option for scheduled reports.

New GeoIP filtering and displays

GeoIP is a feature where IP addresses are automatically matched with the country where they are registered. This is very useful if you want to track which countries are connecting to your network or what countries clients on your network are connecting to. Use this for improving your network security or to meet data export compliance regulations, such as GDPR.

We have included two new reports which can be found under the Traffic Analysis report category.

  • Top Countries by Client Location. This report shows the total bandwidth, displayed by the country location of the client.
  • Top Countries by Server Location. This report shows the total bandwidth, displayed by the country location of the server.

The image below shows an example of the report output.

Top Countries by Server Location

New MetaData alerting GUI and rules support

We regularly host customer days where users of our products can review our roadmap or try out beta versions of our software. One of the most common recent requests was a need for better alerting. Customers want an easy way to configure alerts so that they are automatically notified of security or operational events that matter to them.

LANGuardian 14.4 has an updated metaData alerting GUI and rules support, to alert on a wide range of conditions and events that LANGuardian monitors for, such as authorized applications, unknown DNS servers, inter-subnet access attempts and much more. Use this to implement network usage policy alerting for security and compliance. This is a upgrade on the previous version and further enhancements are planned in the next LANGuardian version.

The image below shows an example of how an alert is configured. This alert will trigger if any user deletes a file called budget2018.xlsx off the network.

network traffic metadata rule

New user credentials from SMB sessions

One of the unique selling points of LANGuardian is its ability to associate network activity with actual usernames. It does this by working out what users are assigned what IP addresses on the network. However, it is possible to logon to the network with one username and then use another username to connect to a Windows file share.

LANGuardian 14.4 can now passively capture what usernames and being used to connect to Windows files shares. This is very useful for reporting on what users are connecting to file shares using administrator accounts. It is also very useful when it comes to compliance standards such as GDPR where you may have to identify sharing of credentials to comply with Identity and Access Management (IAM).

The following image shows an example of domain user association with network file share activity. The user logged onto the workstation that accessed the Profit & Loss file was darragh.delaney

Domain user accessing file

The next image shows an example of the new passive username capture from SMB sessions. The actual user that was used to connect to the file server was darragh.

network user accessing SMB file share

Windows Services (DCERPC) decoder

New New DCE/RPC, short for “Distributed Computing Environment / Remote Procedure Calls”, is the remote procedure call system developed for the Distributed Computing Environment (DCE). This system allows programmers to write distributed software as if it were all working on the same computer, without having to worry about the underlying network code.

A lot of Windows applications use DCERPC to communicate between clients and servers. Examples of this would be network based printing or some Microsoft Exchange services. Previous versions of LANGuardian were able to detect DCERPC but could not drilldown to see what applications were in use. LANGuardian 14.4 now includes a DCERPC decoder so you can drilldown and see what applications are in use.

The screenshot below shows an example of the drilldown. Here we can see how DCERPC is being used mostly for printing and Exchange on my network.

Distributed Computing Environment / Remote Procedure Calls

New full packet capture mechanism

We introduced a full packet capture feature in LANGuardian last year. Customers wanted the ability to capture unprocessed network traffic so that they could take a look at it outside of LANGuardian. The first version only allowed you to take packet captures off local network interface cards.

LANGuardian 14.4 now allows you to save PCAPs from any LANGuardian sensor on your network from a centralized GUI. Leverage your LANGuardian installation to get complete coverage for troubleshooting or forensics. The image below shows the packet capture option in use. Clicking on the network interface dropdown now allows you to select any sensor.

Packet capture

Improved accuracy of Google QUIC fingerprinting

QUIC (Quick UDP Internet Connections, pronounced quick) is a transport layer network protocol designed by Jim Roskind at Google. The most common use of QUIC today is for streaming YouTube videos. If you use a Chrome browser then data associated with your YouTube activity uses the QUIC protocol.

LANGuardian 14.4 includes improved detection capabilities for this protocol. The screenshot below shows a typical drilldown. Majority of traffic will be associated with YouTube but you will see QUIC associated with other Google services.

Google QUIC Protocol

New PDF format option for scheduled reports

Automated email reports are popular with our customers. Many will choose to get reports like Top Network Events, Top Users or Top Applications delivered to their mailboxes every day. For some time these reports were delivered in HTML format. LANGuardian 14.4 now includes a new option where you can get your reports delivered as PDF attachments.

PDF email attachments

Video: A quick tour of the new features in LANGuardian 14.4

You can download a 30 day trial of LANGuardian from here.

Another Successful NetFort Customer Training Course Complete!

24 October 2017 NetFort News By: Aisling Brennan
LANGuardian Training

Last week, NetFort ran a successful one-day customer training course on the topic of Continuous Network Traffic and Security Monitoring, held at SureSkills training centre, Dublin.

The training was held in the form of a one day workshop covering modules from Network Traffic Monitoring to User Forensicsdelivered by our in-house technical experts Darragh Delaney and Aisling Brennan. In addition to the lecture sessions, there were lots of hands-on lab practical sessions which took a deeper dive into LANGuardian.

The course was very well attended by those who are primary users of LANGuardian and who maintain the platform in their workplace.

Now that the dust has settled from last week’s training; we would like to extend a BIG thank you to those of you who attended. It was an intense day of learning for everybody; your questions, level of engagement and participation, infused our team with new energy and excitement for the future.

We hope you had many actionable takeaways that you were able to apply immediately!

Thank you once again; we hope to see you at our next training day!

NetFort LANGuardian Training Course for IT Professionals

10 October 2017 NetFort News By: Darragh Delaney
languardian training

LANGuardian Training Course: Continuous Network Traffic & Security Monitoring

Last month, we launched our new one-day training course on the topic of Continuous Network Traffic and Security Monitoring.

The first delivery of this hands-on training course will take place at SureSkills, 14 Fitzwilliam Place, Dublin 2 on Thursday, 19th October 2017.

Course Modules:

  • Network Traffic Monitoring: Choosing the optimal points on your network for capturing network traffic
  • Customization: Report variables, custom reports, dashboards and application names
  • IDS: How to get alerts, what reports to look at, write your own rules and remove false positives
  • Analyzing Traffic Flows: How to identify suspicious inbound/outbound activity and troubleshoot bandwidth Issues
  • Ransomware: What to watch out for (renames/trends) and build your own dashboard
  • Web Monitoring and User Forensics: Proxy/non-Proxy
  • Network Inventory: DHCP servers
  • 3rd Party Integrations and Roadmap

Our technical experts, Darragh Delaney and Aisling Brennan will facilitate this one-day training course.

If you would like to reserve a seat on this upcoming training course, or indeed enquire regarding our next course; call a member of our Customer Support Team today on +353 (91) 426 565

NetFort to present at GDPR Partner Conference, Madrid

8 September 2017 NetFort News By: Darragh Delaney
GDPR DotForce Partner Conference

DotForce Partner Conference – September 27th 2017, Madrid, Spain

We are delighted to partner with DotForce, our Spanish channel partner in presenting at their upcoming General Data Protection Regulation (GDPR) partner conference on Tuesday, September 26th, Madrid, Spain.

With less than 256 days until GDPR is enforced – May 28th, 2018; it’s imperative that organizations start to prepare now. After this date, organizations that hold personal data of EU citizens will need to have a process in place for identifying, investigating and disclosing a breach.

Come along to this half day event, and hear NetFort’s Director of Product Management, Darragh Delaney explain the impact of the GDPR and how LANGuardian can help your organization comply. For more information on this channel partner event, visit https://www.dotforce.es/gdpr-conference-2017/

NetFort Releases New Version of LANGuardian

1 August 2017 NetFort News By: Darragh Delaney
LANGuardian v14.3

NetFort LANGuardian 14.3 adds GEO IP Database and Improves Performance of Data Acquisition, Reporting and Alerting

Galway, Ireland – August 1st, 2017NetFort today announced the latest version of LANGuardian, its flagship network traffic and security monitoring software. This new release introduces significant feature and performance enhancements, and delivers improvements in performance, usability, alerting and reporting designed to offer IT professionals more intuitive data and faster time to resolution for network issues.

NetFort LANGuardian provides comprehensive visibility across an organization’s network in minutes. It’s unique powerful deep-packet inspection technology can be used on physical or virtual networks of all sizes, for investigating, monitoring, and reporting on network and user activity.

LANGuardian 14.3 significantly enhances the performance of data acquisition and reporting with a rebase to CentOS 7 and significant updates to NetFort applications including traffic analysis and traffic database boosting acquisition rates to 10G.

A significant addition to this release is the new GEO IP database feature which identifies the country of origin and destination of traffic and data flows in and out of the network to aid security, compliance, and governance.

Continuous GUI improvements include a simpler and more robust Active Directory Integration, new notification messages, new scrolling, new layouts in the Configuration and Settings menus, improved mobile version and new tool tips.

Reporting and Alerting are improved with more context, improved presentation and drill-down and a more sophisticated metadata alert rules capability, including alerting on files, folders, websites and other resources.

“Our customers and partners shape our LANGuardian roadmap, ensuring that we deliver innovative technology that is practical and easy to use in a business environment,” said Andrey Lyubka, Director of Research and Development. “We are committed to continuously improving our product ensuring we deliver a solid and reliable solution. Because we have proven network traffic and security monitoring expertise, we are uniquely positioned to help IT professionals monitor their networks – having a single solution like ours, makes life easier for our channel partners to deploy too.”

For additional information on this significant release, please see LANGuardian 14.3 release notes

NetFort celebrate a successful Customer Event

NetFort Customer Event London

A few weeks ago, we held yet another successful customer event, this time in Central London, on Fenchurch Street – which by the way is a terrific location for an event! This event brought together a community of our customers to network and collaborate on our latest LANGuardian release.

The event kicked off with welcoming comments from myself, followed by a number of dynamic presentations which were jointly delivered by our Technical Director, Darragh Delaney and myself. Throughout the half-day event, we presented the latest features in LANGuardian, shared our road map and gave an overview of our technical integrations along with several product demonstrations.

We love to host such customer events, as it gives us the opportunity to share our recent announcements, meet our customers face-to-face and listen to their feedback on what they would like to see in future product developments. Additionally, we were on hand to answer any critical issues from novice and experienced users alike.

A wide range of training topics were delivered throughout the morning, ranging from:

Creating a Ransomware Monitoring Dashboard
How to detect SMBv1 use on your network
• How to use the Direct Packet Capture option on LANGuardian, so that it saves packets from a flow when a particular trigger is asserted
• How to use our DNS Traffic Decoding feature to collect DNS queries for all running sensors

NetFort Customer Event London

We were thrilled with the post-event feedback, so I thought I would share a small sample of this here:

• “It was all good, very informative” – Infrastructure Support Specialist, Financial & Insurance Services
 “I thought it was great overall, although it could be a whole-day training session with more hands-on” – R&D and Infrastructure Engineer, Managed IT Outsourcing
• “The most useful part of this training for me was the demos, especially for Ransomware + DDoS” – Infrastructure Operations Manager, Housing Association
• “Very useful, would be good to have it on an annual basis. We were very impressed with the communications on the WannaCry outbreak; it was very useful” – Network Technician, UK University

Are you a NetFort customer who would like to attend our next event?
Watch out for our upcoming events on our website, community forum or email aisling.brennan@netfort.com to register your interest.

Thanks!

LANGuardian Customer Feedback

6 June 2017 NetFort News By: Darragh Delaney
NetFort Customer Feedback

LANGuardian Customer Feedback | WannaCrypt Ransomware Attacks

We are delighted to receive this wonderful feedback below from one of our LANGuardian customers during the recent WannaCrypt attacks.

Thank you Shawn for taking the time out to send us this email and for allowing us to use this feedback here.

 

Bernie Browne

Director of Marketing

Customer Feedback

———- Forwarded message ———-
From: Shawn Bridglal
Date: 15 May 2017 at 16:37
Subject: RE: How NetFort LANGuardian can help you protect your network from Ransomware
To: Netfort support

Good Day fine folks at Netfort,

I just want to say how happy I am to be a LG subscriber and have a LG sensor deployed in my network this past weekend during the wannacrypt mayhem that was happening globally.

Using the information provided below and I was able to detect the SMBv1 nodes on my network and look for any possible infections. This was an extremely beneficial bit of information to possess to be able to effectively respond with critical proactive measures.

Knowing which nodes were most vulnerable, we were able to focus on those as a priority and develop a plan to address the lesser critical network segments.

It is my opinion that, knowing what to look for at the right time is very crucial to effective defense and remediation activities. Effective, resilient, proactive defenses are not only limited to functional firewalls, IPS, anti-virus, patch management and other and the other slew of mixed defense technology, but also a security strategy that incorporates vigilant and detailed insight into the network makes a huge difference. LG makes this difference a reality.

Being the first responder and having IT security responsibility and accountability, I would attribute the value and capability that LG offered as the turning point in our proactive defense strategy to the wannacrypt epidemic.

KEEP UP THE EXCELLENT WORK ! ! !

Regards

Shawn

Meet us at InfoSecurity London 2017

6 June 2017 NetFort News By: Darragh Delaney
Infosecurity London

Meet us at InfoSecurity London

InfoSecurity at the Olympia, London is the place to be this week for everything you need to know in Information Security. We will be in attendance from Wednesday, June 7th through to Thursday, June 8th inclusive. With more than 345 exhibitors and hours upon hours of seminars attracting visitors from every segment of the industry – it’s a show, we will not miss!

We look forward to hearing the latest news and innovations in the industry from security thought leaders to industry experts, as we expect there will be lots of chatter around the recent WannaCry Ransomware attacks. Throughout the two days of face-to-face business, we will meet with current and prospect clients, new channel partners and industry analysts; so we expect it to be an actioned packed few days!

If you plan on attending the show and would like to meet up over a coffee, then drop us a line to marketing@netfort.com as we would love to chat all things #NetworkSecurity

The NetFort Team

Meet us at Networkshop 2017 – Nottingham, UK

3 April 2017 NetFort News By: Darragh Delaney
Networkshop 2017

Networkshop 2017 organised by JISC will take place from 11 – 13 April at the Nottingham Conference Centre in Nottingham, UK.

Networkshop is an education and research technical networking conference which provides a unique opportunity to hear from those managing advanced network services and applications in the UK’s education and research sectors, as they present and discuss technology developments and practice.

If you plan on attending Networkshop and would like to meet up with us during the show, email us at support@netfort.com as we would love to chat all things #NetworkUserMonitoring #NetworkSecurityMonitoring

Join NetFort at CoSN 2017, Chicago

22 March 2017 NetFort News By: Darragh Delaney
CoSN 2017

CoSN 2017 | April 3rd – 6th | Chicago
NetFort Stand # P35

We are excited to be exhibiting at the annual CoSN 2017 conference from April 3rd – 6th in Chicago.

CoSN (Consortium for School Networking) is the professional association for education technology leaders. Each year, this conference brings together K-12 technology professionals to enhance their leadership in the development, implementation, operation and maintenance of the K-12 technology infrastructure.

Join NetFort at stand #P35 while you are at CoSN 2017 to learn how Fauquier County Public Schools, VA are using LANGuardian to gain a greater visibility as to what is happening on their network than ever before.

Louis McDonald, Director of Technology Services at Fauquier County Public Schools will be on our stand during the Opening Reception at CoSN on Monday April 3rd from 5:45 – 7:45pm and he will be happy to share with you how they are using our network activity monitoring and analysis tool – LANGuardian.

If you are experiencing high network congestion on your school’s WAN and you need to have a greater level of visibility into what is happening behind the scenes on your internal network; then stop by our stand #P35, where our top experts will be on hand to:

• Give you a short LANGuardian demo
• Answer any burning questions you may have pertaining to bandwidth issues
• Demonstrate how to detect security issues such as phishing and ransomware
• Show you how to passively monitor your school’s confidential data

We looking forward to meeting you there!

 

NetFort recognized on the Cybersecurity 500 List for the Third Consecutive Year

3 March 2017 NetFort News By: Darragh Delaney
Cybersecurity 500

March 2nd 2017, Galway – Ireland; NetFort, a global provider of network traffic analysis and visibility solutions, announced today it has been recognized in the Cybersecurity 500 – Q1, 2017 list of the world’s hottest and most innovative companies in the cybersecurity industry, which was officially released yesterday – (March 1).

Published by Cybersecurity Ventures, this is the third consecutive year that NetFort has ranked on Cybersecurity Ventures list among the most impressive cybersecurity companies from around the globe.

Cybersecurity Ventures evaluates a mix of criteria to determine the list of up-and-coming vendors, including company customer base, management team, notable implementations and feedback from chief information security officers (CISOs), value-added resellers (VARs), system integrators and other IT security decision-makers.

“We strongly believe that continuous network and user visibility is the cornerstone of any IT security program and should apply to organizations of all sizes,” said John Brosnan, CEO, NetFort. “We are thrilled to be included in the Cybersecurity 500 list and to be recognized for our network traffic analysis and visibility solution – LANGuardian”.

View the official press release here

 

 

Meet us at RSA Conference 2017 – San Francisco

8 February 2017 NetFort News By: Darragh Delaney
RSA Conference 2017

Chatter at RSA Conference 2017!

In a recent NetworkWorld article written by Jon Oltsik (thanks for the mention!); he anticipates there will be a lot of chatter at RSA Conference 2017 in San Francisco (February 13th – 17th) around Network Security – who are we to disagree!

We are heading to the RSA Conference next week, as we do every year! This year, we expect there will be a lot of noise around Ransomware, Machine Learning, Automation, Network Security and User Monitoring, Network Traffic Analysis and Visibility and much, much more.

As one might expect, with any 4-day conference in the Moscone Center, there will be tons of technologies on show with organizations spending every dime to ensure their booth is as big as the next.  The RSA Conference is always a great event for us, and we don’t expect this year to be any different other than bigger and better, making for a robust Network Security dialogue.

If you plan on attending and would like to meet up, leave a comment below or DM us @NetFort, we would love to chat #NetworkSecurity!

NetFort attends HEAnet National Conference 2016, Galway

1 November 2016 NetFort News By: Darragh Delaney
HEANET 2016

HEAnet is Ireland’s National Education and Research Network, providing internet connectivity and associated ICT services to education and research organizations throughout Ireland, including all primary and post-primary schools.

The HEAnet National Conference is an annual event which attracts delegates from across the Education and Research Sector, as well as industry leaders and technology experts. It provides a unique opportunity for you to learn about, present and discuss the latest developments in networking technology and services for the research and education community.

When: November 9th – 11th 2016

Where: Radisson Blu Hotel, Galway

 

NetFort to announce new partnership with Renaissance at TechTrade 2016

3 October 2016 NetFort News By: Darragh Delaney

TechTrade 2016, Leopardstown Pavilion, Wednesday 19th October

Along with the many new innovative solutions that Renaissance will showcase on their stand at this year’s TechTrade event, we are particularly excited to announce our new partnership with them and where better to make this official but at TechTrade 2016.

Renaissance will distribute NetFort’s flagship product – LANGuardian which provides network traffic and security monitoring software for virtual and physical networks.  It is unique in the marketplace thanks to its powerful deep-packet inspection technology that can be downloaded and deployed on standard physical or virtual hardware to provide comprehensive visibility in minutes; in fact LANGuardian offers better visibility than you can get with NetFlow, solving problems faster. There are many organizations in Ireland who already depend on LANGuardian for a wide range of solutions from network security monitoring, bandwidth troubleshooting, monitoring user activity and file activity monitoring just to mention a few!

So, if your customers are looking for complete visibility and phenomenal detail across their networks, then this unique product offering is a must see! Drop by the Renaissance stand throughout the day, where their friendly team will be on hand to give you a demo of the LANGuardian product and answer any questions you may have.

We look forward to welcoming you to the stand!

NetFort releases new version of LANGuardian

5 August 2016 NetFort News By: Darragh Delaney
LANGuardian 14.3 dashboard

Latest Version of NetFort LANGuardian Brings Significant New Features; Improves Performance; Makes Network Traffic and Security Monitoring Practical and Affordable

 

Galway, Ireland – August 4, 2016 – NetFort today announced the latest version of LANGuardian, its flagship network traffic and security monitoring software. This new release, introduces a number of significant new features and performance enhancements designed to offer IT professionals more intuitive data and faster time to resolution for network issues.

NetFort LANGuardian provides comprehensive visibility across an organization’s network in minutes. Its unique powerful deep-packet inspection technology can be used on physical or virtual networks of all sizes, for investigating, monitoring, and reporting on network and user activity.

Version 14.1 significantly enhances performance of data acquisition and reporting; while the new features include:

  • Periodic Backup which can be set to schedule an automatic backup
  • SSL Inventory enables LANGuardian to detect servers with expired or vulnerable SSL certificates

“Our customers and partners shape our LANGuardian roadmap, ensuring that we deliver innovative technology that is practical and easy to use in a business environment,” said Andrey Lyubka, Director of Research and Development. “We are committed to continuously improving our product ensuring we deliver a solid and reliable solution. Because we have proven network traffic and security monitoring expertise, we are uniquely positioned to help IT professionals monitor their networks – having a single solution like ours, makes life easier for our channel partners to deploy too.”

For additional information on all new features in LANGuardian 14.1, please see our release notes.

– ENDS –


 

About NetFort

NetFort provides network traffic and security monitoring software for virtual and physical networks. NetFort’s flagship product, LANGuardian, is unique in the marketplace thanks to its powerful deep-packet inspection technology that can be downloaded and deployed on standard physical or virtual hardware to provide comprehensive visibility in minutes. Organizations worldwide depend on LANGuardian solutions from monitoring user activity to file activity monitoring, web activity monitoring, network security monitoring, bandwidth troubleshooting, wire data analytics, network forensics to packet capture.

To see LANGuardian in action – try our interactive demo today!

End-of-life announcement for LANGuardian v12

1 June 2016 NetFort News By: Darragh Delaney
End of Life LANGuardian v12

NetFort announces the end of life of all LANGuardian versions in the Major Release 12 family. Effective December 1st 2016, we will cease provision of maintenance releases and fixes for LANGuardian 12, and technical support for v12 will no longer be available.

We strongly encourage you to upgrade to LANGuardian version 14 which delivers the functionality of Release 12, along with increased performance, and many new features from an intuitive new interface for ease of use, redesigned dashboards and reports providing easy-to-read, real-time and historical reporting to an integrated search bar that can quickly locate your favorite reports and critical data.

View our latest release notes to learn what’s new.

You can see what version of LANGuardian you are running and upgrade your system at the following page. https://x.x.x.x/sysadm/softup.cgi
Edit the IP (x.x.x.x) and replace with the LANGuardian management IP address.

We have endeavored to make the upgrade to LANGuardian 14 as seamless as possible. However, should you require assistance at any stage, please feel free to email to support@netfort.com

 

Major New Features added with Release 14 of NetFort LANGuardian

18 April 2016 NetFort News By: Darragh Delaney
NetFort LANGuardian 14

Major New Features added with Release 14 of NetFort LANGuardian Network Traffic and Security Monitoring Software

  • Simple to install with intuitive new interface for ease of use

  • Redesigned dashboards and reports provide easy-to-read, real-time and historical reporting

Galway, Ireland – April 12, 2016 – NetFort today announced the launch of LANGuardian Release 14, the latest version of its flagship network traffic and security monitoring software.

NetFort LANGuardian provides comprehensive visibility of an organization’s network in minutes. Its unique powerful deep-packet inspection technology can be used on physical or virtual networks of all sizes, for investigating, monitoring, and reporting on network and user activity.

Release 14 includes a simple three-step installation and configuration wizard for even easier setup. LANGuardian’s visual dashboards have been completely redesigned, giving network managers real-time and historical visibility into activity across an organization’s network including users, mobile devices, applications, and virtual platforms.

This new release introduces an integrated search bar to quickly locate favorite reports and critical data. The categorized search results present combined events, flows and metadata in simple and coherent views that provide detailed context to investigate security incidents, network trends and monitor assets. The search results page supports fast traversal of many result categories, making investigations simpler and more productive.

With Release 14, LANGuardian becomes one of the world’s first security and monitoring tools that can run on virtual machines operating either VMWare ESX and Microsoft Hyper-V and process packets from external SPAN ports.

LANGuardian is a passive network traffic analyzer and simply requires a SPAN or mirror port to reveal the true state of any network. It doesn’t require expensive, dedicated appliances or high-capacity storage to keep data over long time periods.

Commenting on the launch, John Brosnan, Chief Executive Officer of NetFort, said: “Our engineering team have placed huge emphasis on the simplicity of LANGuardian v14, in terms of implementation and ease of use. The graphic user interface (GUI) has been completely redesigned to ensure organisations can implement our network traffic analysis solution on any site or segment of the network providing comprehensive visibility in less than 30 minutes. The new intuitive GUI focuses on simple and quick navigation to ensure users can easily get the visibility, detail and context required to really understand what is happening on their network. With a few simple clicks, organizations can now get detailed network traffic analysis without any complexity”.

— ENDS —

NetFort Attending HEAnet 2015 Conference

11 November 2015 NetFort News By: Darragh Delaney
HEANET 2016

HEAnet is Ireland’s National Education and Research Network, providing internet connectivity and associated ICT services to education and research organizations throughout Ireland, including all primary and post-primary schools.

The HEAnet National Conference is an annual event which attracts delegates from across the Education and Research Sector, as well as industry leaders and technology experts. It provides a unique opportunity for you to learn about, present and discuss the latest developments in networking technology and services for the research and education community.

Dates: Wednesday 11th – Friday 13th November 2015
Venue: Rochestown Park Hotel, Douglas, Cork: www.rochestownpark.com

NetFort will be attending HEAnet 2015 on Thursday November 12th and you can contact us to arrange a meeting. Learn about:

  1. New developments from NetFort including an upcoming major redesign of LANGuardian
  2. Find out how LANGuardian can be used on college networks to hunt down the sources of Malware and Ransomware
  3. Hear how universities are using deep packet inspection technologies to keep real time and historical Internet reports. Ideal if you need to respond to requests from third parties
  4. Learn how SPAN and mirror ports can be used as a data source for student and staff activity

Network Visibility Survey 2015

20 October 2015 NetFort News By: Darragh Delaney
NetFort would like your help and feedback on your priorities with respect to Network Activity Monitoring.

What level of visibility do you need and where?

This brief network activity monitoring survey consists of 9 questions and should take no more than 5 minutes of your time to complete.

Start survey
amazon voucher

Readers completing the survey will be automatically entered into a prize draw to win a $50 Amazon gift certificate and will also be sent a copy summarizing the results. Winners will be drawn during the week commencing 16th November.

NetFort 12.4 – Network Traffic and Security Monitoring

LANGuardian 12.4

New Version of NetFort LANGuardian Provides Customers with a Single Point of Reference for Network Traffic and Security Monitoring.

NetFort, a leading provider of network traffic and security monitoring (NTSM) solutions, today unveiled version 12.4 of the LANGuardian application. The new version ensures network teams today have the visibility required to collaborate and work with their security colleagues and manage the daily security issues prevalent in today’s world.

Version 12.4 includes a number of significant changes:

  • SMTP Email Decoder Enhancements
  • HTTPS Website Use Reporting
  • Updated BitTorrent Decoder
  • Snort 2.9
  • SYSLOG Forwarding Feature

SMTP Email Decoder Enhancements

The SMTP decoder is a great feature from a network security monitoring point of view. It is a powerful tool if you want to monitor email for phishing type network attacks. Malicious attachments have made a comeback as top attack vector. An interesting post on this here.The SMTP decoder has been upgraded to record the following information

  • Attachments to SMTP emails, including attachment name, MIME type and description. A sample report is shown below, some information is blurred as it came from a live network.
  • Embedded hyper Link detection in emails. This is a beta release for evaluation. Where an SMTP email contains a hyper link, but the link target doesn’t seem to match the description, LANGuardian will log the link target and the description.
SMTP Decoder

HTTPS Website Use Reporting

The Website monitoring module has been upgraded to now report on HTTPS domains. Domain information (such as https://facebook.com) and traffic volumes are recorded. As packet payloads are encrypted, Individual URIs cannot be reported.

SSL Traffic Reports

Updated BitTorrent Decoder

BitTorrent continues to be a popular protocol for downloading and uploading media from the Internet. LANGuardian has the ability to detect  BitTorrent use and record metadata such as Infohash values and IP addresses. In 12.4 the BitTorrent decoder has been upgraded to record Peer Exchange messages (PEX). This increases the detection rate for BitTorrent activity and will record media titles, if included in the PEX message.

Bittorrent Protocol Decoder

Snort 2.9

Snort is a network-based intrusion detection system (NIDS) has the ability to perform real-time traffic analysis and packet logging. Snort performs protocol analysis, content searching and matching. LANGuardian 12.4 now includes Snort version 2.9.7. This allows LANGuardian to take advantage of new keywords supported in IDS signatures for Snort 2.9, distributed from the ET Open project

Snort 2.9

SYSLOG Forwarding Feature

Many customers choose LANGuardian as it can integrate with existing tools like SolarWinds, McAfee or WhatsUp. Version 12.4 extends this functionality with the addition of a new configuration page to manage the forwarding of events to external syslog collector (SIEM) systems.

This means you end up with a centralized dashboard for all network activity or as one customer described it “single point of reference for network and user activity monitoring and first stop in troubleshooting any issues”

LANGuardian SYSLOG Support

Version 12.4 is available from our download page and it can be deployed on physical or virtual platforms.

Download LANGuardian
LANGuardian Interactive Demo

LANGuardian Customer Feedback – Concare IT

LANGuardian Customer Feedback – Concare IT

Straight talking customer feedback

More interesting feedback on our LANGuardian product from a new customer, Concare IT.

Concare IT A/S are focused on providing high quality IT services and CRM solutions, IT outsourcing services, vendor consulting and cloud solutions to international clients.

With over 160 employees located across 6 countries, Denmark, United Kingdom, Germany, Poland, Italy and United Arab Emirates they provide solutions and consultancy for both mid sized businesses and large companies. They have recently purchased our LANGuardian and gave us the following feedback and permission to reuse it with no modifications.

LANGuardian Product Feedback

Q. How did you hear about NetFort Technologies /LANGuardian?

From the Internet.

 

Q. What issue/requirement has the LANGuardian addressed for you?

Network, bandwidth, file shares, users and protocols monitoring.

 

Q. What is you view of the LANGuardian evaluation process?

Functionality, it offers wide spectrum of deep packet inspection and protocols.

 

Q. Did you evaluate any other products as part of the evaluation process if so can you share this information with NetFort?.

Yes, I have already evaluated ManageEngine, PRTG, SolarWinds products.

 

Q. Has the LANGuardian replaced any other product?

No.

 

Q. What is your reason for purchasing the LANGuardian?

Increase security level.

 

Q. How would you describe the LANGuardian?

Easy to install, deploy, manage and in my opinion has really good deep packet inspection engine.

 

Kamil, Systems Administrator

Concare IT

NetFort would like to thank Kamil and Concare for allowing to use this feedback and of course for purchasing the LANGuardian. We always welcome and really appreciate all user feedback, it is absolutely critical to help us develop our messaging and improve our product.

We are delighted to have Concare as a customer, a great validation for us as they have a lot of experience in networking and security across organizations of all sizes in many different countries.  The range of ‘pains’ or use cases the LANGuardian has addressed for Concare are very interesting ‘Network, bandwidth, file shares, users and protocols monitoring’ as is the reason for purchasing ‘Increase security level’.

A user recently described the LANGuardian as ‘The cornerstone of network visibility’ and mentioned that this deeper insight has also increased security. He is not alone, it is important especially these days to have continuous visibility and have it also internally, at the core of the network not just at the edge.

John Brosnan
NetFort CEO

NetFort participate in Croí charity cycle

8 June 2015 NetFort News By: Darragh Delaney
Croí is a Heart & Stroke charity

Croí charity cycle 2015

The 20th Tour de Lough Corrib charity cycle took place on Sunday, June 7th 2015. It is one of the biggest charity cycles in the West of Ireland with all funds raised going to Croí.

Croí is a heart and stroke charity and they support life-saving work in communities throughout the region. Cyclists had a choice of 45KM or 120KM routes through the picturesque setting of Connemara.

Pictured above is NetFort CEO John Brosnan with legendary Irish cyclist Sean Kelly. Sean was one of the most successful road cyclists of the 1980s. From turning professional in 1977 until his retirement in 1994, he won nine monument classics, and 193 professional races in total.