Since v5 ntopng has the ability to detect periodic activities, i.e. activities that are repeated periodically at a given pace (note that each activity can have a different frequency, and ntopng is able to detect them). Periodic activities are not … Continue reading
What’s New in ntopng: Network Assets
Hello everybody! Welcome back to the weekly blog post of this serie used to update you with the latest ntopng features and graphical changes. Please let us know your feedback! Today we are going to talk about the Asset Map. … Continue reading
What’s New in ntopng: Periodic Activities (a.k.a beaconing) !
Hello everybody! Welcome back to the weekly blog post of this serie used to update you with the latest ntopng features and graphical changes. Please let us know your feedback! Today we are going to talk about the Periodicity Map. … Continue reading
Malware Traffic Analysis in ntopng
ntop users have started to use our tools for malware analysis as contrary to packet sniffers or text-based security tools, ntopng comes with a web interface that simplifies the analysis. For this reason we have recently: Added the ability to … Continue reading
Using Blacklists to Catch Malware Communications Using ntopng
A category list is a control mechanism used to label traffic according to a category. In nDPI, the traffic classification engine on top of which ntop applications are built, there are various categories including (but not limited to) mining malware … Continue reading
What is CyberScore and How it Works: a Technical Overview
ntop users as familiar with concepts such as flow risk and cyberscore. This week we have presented a conference paper [slides] at 2022 IEEE International Conference on Cyber Security and Resilience where we describe in detail what is cyberscore, how … Continue reading
Introducing nDPI 4.4: Many New Protocols, Improvements and Cybersecurity Features
This is to introduce nDPI 4.4 that includes the development activities of the last six months. As with previous releases we are improving protocol support, automatic testing to harden the code for critical environments, and introducing new cybersecurity features for … Continue reading
How ntopng monitors IEC 60870-5-104 traffic
Busy times for OT analysts. Last month the number of known OT (operational technology) malware increased from five to seven. First malware discovered is Industroyer2 which was caught in the Ukraine. As nowadays popular, security companies name the malware they … Continue reading
Incident Analysis: How to Correlate Alerts with Flows and Packets
In incident analysis it is important to provide evidence of the problem at various level of details: Alerts Alerts are the result of traffic analysis (in ntopng based on checks) that have detected specific indicators in traffic that triggered the … Continue reading
Short ntop Roadmap for 2022
Those who attended our latest 2021 webinar, had a feeling of what are ntop plans for this year. In summary we keep focusing on cybersecurity and visibility, planning to further enhance our existing tools as follows: nDPI: we plan to … Continue reading