Cybercrime is a major risk to countries all over the world, including those situated in the European Union. It is a major threat to the security of citizens, privacy, democracy and the economy. By 2021, cybercrime is expected to cost the world around $1 trillion per year. Already this year, ransomware attacks alone cost us $5 billion, a massive increase compared to the $325 million figure of two years ago. This is supported by a recent study of 237 companies in six countries by Ponemon Institute which revealed the severe reputational and financial consequences of cybercrime. In particular companies lose $9M, on average, each year due to cybercrime. Against the backdrop of this rapid growth in costly cyberattacks, IBM’s CEO Ginni Rometty states: “cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world.” To counter this ever evolving digital threat, collective efforts are necessary to bring together industry leaders and develop innovative solutions. That’s exactly why the SHIELD project was launched.
Whether it’s AWS, Azure or Google Cloud, the cost of having your services in the cloud is reducing, and the ability to save IT expenditure is probably the main driver behind the global trend to shift more and more services and data into the cloud. IT budgets receive another boost through cloud technology usage as its costs typically fall under operating expenditure (OPEX) instead of capital expenditure which allows for more financial flexibility. As a result, cloud technology allows companies with less resources to get access to the best technology previously only available to big enterprises.
Talaia’s monitoring algorithms are based on the de facto industry standard protocol known as NetFlow.
In this whitepaper we will clarify what NetFlow is, explain its intrinsic characteristics, and why it is the best possible approach to monitoring network data, specially on high-speed links.
A couple of days ago Cisco announced a vulnerability in some of their NetFlow appliances. The vulnerability itself was not especially grave: an error in processing certain SCTP packets could be abused to remotely hang or reboot the appliance. The SCTP protocol is not widely used, and that is, most likely, one of the reasons why such a vulnerability stayed undetected for a long time.
Australia has passed laws that force Communication Service Providers (including ISPs) to perform metadata collection and retention for use for security purposes by a few government agencies.
Complying with such metadata retention laws is not an easy task from a technical standpoint. We have compiled a whitepaper reviewing the requirements imposed on service providers and how they can comply without too many headaches.
Just last month, a major cyberattack brought down the likes of Twitter, Soundcloud, Spotify and Airbnb for a few hours. Interestingly, rather than directly attacking the infrastructure of these companies, the assault targeted the domain name system (DNS) host Dyn, which is relied upon by the sites above. This is how a single attack could bring down so many sites at once.
(As you may already know, DNS a bit like the yellow pages of the Internet - but rather than mapping people's names to phone numbers, it maps domain names to IP addresses, which computers require to communicate. Hence, if the DNS provider of a site is down, it cannot be accessed by its users.)
One might imagine that pulling off an attack of this magnitude would require extreme sophistication. In practice, the disruption was caused by a rather rudimentary Distributed Denial of Service (DDoS) attack that overwhelmed the DNS servers of the aforementioned sites.
Last week we attended SCEWC 2016, and it was a great experience overall. SCEWC '16 was a great opportunity to get in touch with companies froman entirely different ecosystem, one we have not been in touch with until now. By providing our network visibility solution to government bodiesof different countries — and the companies focused on helping build the smart cities of the future — we can help realize the vision that a city is smart only if it is well connected.
It's been three years since Talaia Networks was born. During this time, a lot has happened.
Talaia started as a vehicle to commercialize the research of the Broadband Communications research group of UPC-BarcelonaTech. Long story short, our cloud-based NetFlow collector took off as our main product. Fast forward to today: we are now growing quickly with customers all around the world. We believe now is the right time to rethink our brand and prepare it for the future.
Any router vendor worth its salt supports NetFlow (or IPFIX, or sFlow, or compatible protocols). However, in practice, sometimes NetFlow is simply not available. In our experience, this happens for two main reasons:
- A consumer-grade router is installed in a small office or remote location.
- A suitable router that does implement NetFlow is available, but it is externally managed, and the service provider won’t enable it, because it’s out of the scope of their contract.
Either way, because of a technical limitation or otherwise, how does one go about gaining network visibility in such a scenario? In this post, we propose a simple, inexpensive solution to add NetFlow to an existing network, and send this NetFlow to Talaia‘s collector.