Taking Care of Business: The FTC Guidelines Part Two

20699620022_47e832b2ee_oThis post is a follow up to Part 1 of Taking Care of Business: Information Retention & Responsibility. Here, we will be covering items six through ten, with a wrap-up of what this document means and what we can do to help you stay secure, ethically responsible, and on the right side of the FTC’s standards.

Item six on their list is, “Secure Remote Access to Your Network.” Their bulletin points under this heading are Ensure End Point Security, meaning that you must control who can log on remotely and determining that they are doing it safely. One way is to require two factor authentication for logins. This demands that each user have the ability to generate a token on a separate device (a cell phone) and use that in combination with a token created by a key fob. Biometrics and PINS are also considered types two-factor authentication.

The FTC would also prefer that businesses limit the amount of access that users have when away from the office. This is the part where it is useful to discuss third party access. By restricting the amount of data and the type of data that a third party or an off site worker can get to means that the truly important data has a better chance of staying safe. Offering limited, one-time access is a great way to approach giving accessibility to a third party user.

Item seven on the list is, “Apply Sound Security Practices When Developing New Products” and the first subheading asks that you “train your engineers in secure coding.” This is something tackled at the pre-design stage. It is up to your software developers to create code that is secure and will not unnecessarily put your business and clients at risk. For that to happen, they must be trained effectively on how to do so. A lack of education and foresight at this stage could be fatal before your product or service even launches.

The FTC’s second sub-heading involves following platform guidelines for security. Secure development practice guidelines are out there, and available for use. Failing to follow these can allow you to open your business up to man-in-the-middle attacks through mobile applications and other dangers. It is not a requirement that one reinvent the wheel, but instead use resources that are already available in regards to creating secure software.

The last two bullet points are closely linked, “Verify that privacy and security features work” and “Test for common vulnerabilities.” This is something that even the big guys miss, much less the smaller companies out there. Often, it is smart to invest in an individual or company that provides penetration testing (pen testing). It is their job to try to get into your network in as many ways as possible. They will evaluate any weaknesses that exist within your code, and review the results with you. Large companies such as Microsoft and others, offer Bug Bounties, meaning that if a hacker (with their permission and under their conditions) finds a bug or security issue with their software, that hacker is rewarded and the bug can be fixed. Adobe, after some major security gaffs, has enlisted the help of the Bug Bounty program to help tighten up their software.

Issue eight of the last ten states, “Make Sure Your Service Providers Implement Reasonable Security Measures.” Since points six and seven warn you to get your software and users in line, the natural progression leads to the idea that you should evaluate anyone that you do business with. They advise that you “put it in writing” and “verify compliance.” Your security measures matter as much as the security measures of the individuals that provide you with valuable services such as connectivity and cloud computing, just to name a few. Taking someone’s word or accepting a hand-shake with the assumption that any promises they make outside of writing will be upheld is inadvisable at best. Any company’s website should list their regulatory compliance information, which is easy to verify. This is ours.

In point nine, “Put Your Procedures in Place to Keep Your Security Current and Address Vulnerabilities That May Arise,” they put their focus on not only how you go about maintaining your security practices, but also those of any third-party vendors you may work with. This is where documentation is essential, to prove that should you be summoned to court that you have been maintaining a good-faith relationship in regards to your security. Also, even after the pen-test phase, it is vital to keep on top of any perforations in your company’s defense against adversaries. If six months or nine years after a product is released, one you are responsible for, you must act upon any reports warning of a security risk with your product. Put together a way of collecting these issues and a mechanism in place to address them. Do not let them get lost in the shuffle and ignore them at your peril. This of course, also requires that you stay on top of any third-party services or vendors you may use to make sure that they are making good on their promise of security to you.

Last but not least, the FTC advises that you, “Secure Paper, Physical Media, and Devices.” Everything that was already recommended in regards to your network and digital data also applies to any hard copies. The FTC asks that you, “securely store sensitive files,” “protect devices that process personal information,” “keep safety standards in place when data is en route,” “dispose of sensitive data securely.” All of this may seem like common sense and somewhat of a no-brainer but it is worth remembering that if enterprises, both small and large, did these things the FTC would have never had to address gaffs in data containment by Rite Aid, CVS Caremark, and many unfortunate others.

We decided to use this precious blog space to bring these ten items to your attention, as it is our goal to keep you and your data safe. The MetaFlows MSS is continually evolving to help you better protect your enterprise from adversaries and the potential legal fallout from any success that they might have not had otherwise. A tired truth is that a best defense is actually a good offense and in the world of business and information security, having the right service in place can make all the difference.

InfoSec and the Great Gender Gap: The Revolving Ten Percent

love2d beginner game programming workshop at the Berlin Google office in August 2015 as part of Women Techmakers.That there is a dearth of women in the Information Security (InfoSec) community is not news. The news would be if that number were to ratchet up to fifteen or twenty percent, in keeping with the growth that other STEM positions are close to hitting. Women make up only 27% of the population in Science, Technology, Engineering and Math (STEM) careers; 12% of the computer science degree holders were women according to a census in 2011. The number of women currently holding positions in Information Security is a marginal 10-12%. Even as other areas of STEM show an improvement in numbers, the Information Security field remains stagnant.

It is easy to look at these numbers and agree with InfoSec professionals retort that women just are not suited to this kind of work. They cite a lack of women in university courses, training events, and conferences as a sign that women do not seem interested and/or incapable of producing the kind of results that the job requires. Sure, women might start in the industry and if they disappear, the reasoning falls along the lines of imaging they left to start a family or something along those lines. Looking inward, to assign blame, is often quite difficult and not the most natural, first reaction.

“The shortage of women in the field creates a vicious cycle. The profession is seen as unwelcoming by women first choosing a career. And women who are already in the profession can find themselves singled out and stereotyped. That, in turn, makes women feel devalued and passed over for promotions, and means that they are more likely to leave their companies”, according to a recent report from the Anita Borg Institute.

The misogyny is not necessarily entirely mean-spirited and the perpetrators may firmly believe that there is nothing wrong with their behavior. However, after attending Beyond The Gender Gap: Empowering Women In Security at Black Hat 2015, and talking to the four women at my table, it became clear that this is an ongoing/recurring issue. The offenses listed by my table companions, women employed at such companies as Microsoft and IGX, range from what some call passive misogyny which includes:

  • companies sponsoring competitions offering prizes that are only suitable for male contestants,
  • assuming that if a woman is present at an interview/meeting she must be the project manager, or human resources liaison or quite possibly even the secretary duty bound to fetch refreshments,
  • not addressing sexist language/objectionable materials in the work place,
  • and using gendered language in their job proposals.

They also cited more active forms of misogyny that include but are not limited to:

  • being passed over for advancement,
  • and actively denied mentorship.

All of these issues seem to occur as a default to the expectations of former societal norms with outdated expectations, and a focus on exclusivity rather inclusivity. Why bother promoting or investing in a woman, as she will doubtless leave to start a family and default on the investment of on-boarding her in the first place?

If a woman does manage to brave the obstacles against her, the path does not become easier, but presents only new difficulties. Recently, the #ILookLikeAnEngineer campaign highlighted some of the key issues of women in tech. When Isis Wenger started the Twitter hashtag, it was because she fell under heavy criticism for an advertisement campaign run by her employer. “People generating discussions about whether or not I really was a platform engineer for OneLogin were also rather shocking,” she said. The reason behind questioning the legitimacy of the ad is simple yet profoundly disturbing; Wenger was considered too attractive to be an actual platform engineer.

She is an engineer.
She is an engineer.

When one openly acknowledges that they are a minority and comes to the startling conclusion that if they are not willing to plow the way ahead for the next one, well, no one will. However, the acceptance of this path comes at a steep personal cost and the numbers reveal that women, when it comes to working in the InfoSec profession, have decided that it is not worth it. As more women enter STEM, one would imagine that the number of female InfoSec professionals would grow but that is not the case. Women entering the profession are only doing so at a rate that replaces the number of women leaving the profession. The reasons for this can be intensely personal, as well as professional.

According to Marsha Wilson in her article, A Woman’s Journey to Cyber Security, “Being a woman in infosec requires you re-demonstrate your chops with every new IS dude gang. It gets exhausting but I find it is just part of the culture. If you don’t like it, you better build a thick skin or go elsewhere.” In short, a woman in the InfoSec community had best accommodate herself to an environment created exclusively by men, for men. This environment certainly does not come across as an inviting atmosphere; her use of the words “exhausting” and “dude gang,” indicates exactly what is likely preventing women from staying in the field once they gain employment.

While the answers to the quandary regarding women in the InfoSec community will likely not be solved tomorrow, all statistics prove that the sooner the gender gap is closed, the better. This blog post barely scratches the surface of what appears to be a complex and ever-evolving problem. However, it behooves us to conclude on a positive note. There are people who have made it their goal to help women join the InfoSec community and their visibility on the web is growing. All of the groups and communities listed below contain inspirational articles, information on classes/workshops, and links to even more resources. The InfoSec community is one of growth and in truth, it needs more women.

Double Union

Executive Women’s Forum (EWF)

Girl Develop It (GDI)

Girls Who Code (GWC)

Women in Cyber Security (WiCyS)

Women in Technology MeetUp

Women Who Code (WWC)

Taking Care of Business: Information Retention & Responsibility

16666571547_6cc99092d3_o

Every business accrues data about their current patrons and prospective clients. What information do you collect about your customers? Do you collect only what is relevant or pursue all of the data you can possibly accumulate? No matter what your approach to data collection, or the why behind it, the FTC thinks that it is time that you reviewed those policies. The Federal Trade Commission (FTC) recently released a document entitled “Start with Security: A Guide for Business.” This may initially seem both dry and somewhat irrelevant. However, choosing to ignore or dismiss these guidelines out of hand will ultimately prove to be expensive. On Monday, a ruling from the United States Court of Appeals for the Third Circuit Court has ruled that the FTC has the ability to take actions on the behalf of consumers against companies that do not follow these guidelines. Established within this document are “10 practical lessons businesses can learn from the FTC’s 50+ data security settlements” and for the purpose of this blog post, we will take a look at the first five points on the list.

The first of which asks that you start with security in mind. Until security is breached, companies are often quite confident in their in-house or SaaS security solutions. The issue with this, of course, is that it is a reactionary strategy to security, not a proactive one. If an in-house security team is not given the tools that they need to do the job properly, expecting them to stay ahead of cyber threats is more than a bit unrealistic, it is irresponsible.

The FTC also advocates that companies do not collect personal data that they do not need or retain data longer than necessary. In translation, you are in charge of making decisions regarding exactly what and how much data that you acquire from your customer base and how long you hang on to it. It is worth keeping in mind that whatever you do choose to collect and store, you are responsible for it. The more data you have, the stronger the security solution you will need, so as not to be found liable should that data become compromised.

When considering stored data, one must also consider who within the company has access to what and how much. The FCC recommends creating user accounts for employees based on a need-to-know basis. (This also includes paper data as well as copies stored on external memory hardware including drives and disks.) Companies should not only restrict access to sensitive data but also limit the administrative access of each user. Much of cyberterrorism functions as partially pure code hacking and the rest social engineering. If an employee is tricked into opening a compromised document or visiting a hijacked web page, they may unleash any number of terrors upon your network. Certainly, every business should invest in backups but beyond that, by controlling employee access one also controls the amount of potential employee damage.

The third point the FTC has chosen to make revolves around passwords. It is responsibility of every business to safeguard their data to make sure only the right people can access only the necessary information. They recommend that businesses “insist on complex and unique passwords,” “store passwords securely,” “guard against brute force attacks,” and “protect against authentication bypass.” When considering password safety, creating and reinforcing password protocols is an absolute necessity. Criminals should not be able to guess their way into your system through weak passwords, reveal unencrypted documents that contain sensitive information, take down your network through the use of automated programs that guess at passwords, or be able to discover back doors that allow access.

Information travels and transferring sensitive data is an absolute requirement. This can be accomplished through cryptography, the use of Transport Layer Security/Secure Sockets Layer (TLS/SSL) and other methods. If data is not resting securely, or being transferred securely in the span of its life in a business, then that business can be held liable should predators acquire that data. By using “industry-tested and accepted methods” business owners can take advantage of all the security research that has come before and has been confirmed as functional and safe. Of course without the proper configuration of all of these elements, businesses become vulnerable to such man-in-the middle attacks that are rather infamous in the world of information security. They allow priceless data to slip through the business’s poor execution of the standards they have put in place.

The fifth and final point we will cover is the requirement to “segment your network and monitor who’s trying to get in and out.” This by far, is one of the most vital items on the list. Firewalls are a very effective tool for regulating access to information by segmenting your network. While it is tempting to connect everything, doing so puts your data and your reputation at risk. You are also required to monitor the activity on your network. This may seem like a daunting task, all of those hackers trying to get in to your system so they can get out with sensitive materials. However, there are products available to help you perform this necessary task

The best way to address the first five points is to use a multi-part IDS, such as MetaFlows MSS. Providing your security team with the best software on the market is the only way to make sure that you are in compliance with the most vital of the FTC’s requirements. If a business’ network is compromised because they did not follow these guidelines to the best of their ability, the FTC can and will take action. In just the first five bullet points of the PDF businesses such as Twitter, DSW, Fandango, and Credit Karma were all publicly revealed as companies with insecure systems and networks. It should never be anyone’s goal to join them.

Common Threads in Black Hat 2015

130659908_922e26a071_oWhen discussing the need for tighter, and better cyber-security one of the common themes discussed at Black Hat centered around the lack of research and preparation on the part of software developers. Katie Moussouris, in speaking at the special event, “Beyond the Gender Gap: Empowering Women in Security,” mentioned that her career revolved round encouraging software developers in major corporations to address security at the design stage or as early as possible in the development phase. The issue with this, of course, is that if a potential exploit is discovered, the individual responsible for that discovery would receive no credit for it. The fix would simply exist as a part of an after-thought – thus encouraging the habit of sitting still, waiting for the problem to become evident, and then offering a security patch. When internal efforts fail, it would behoove developers to seek outside assistance. However, this solution is one that is not readily accepted. In the panel, Moussoris cited Microsoft’s initial commitment to not pay individuals to hack their product, and the challenges she faces in encouraging software developers in their creation of their Bug Bounty programs on sites such as Moussoris’ HackerOne.

In the instance that companies like Adobe institute their Bug Bounty programs, they range in effectiveness as participants can be awarded in everything from cash to a high-five for their efforts. However, when one considers how many vulnerabilities continue to crop up in Adobe’s software, a high-five may not be enough. Given the compromises that their Flash updates have caused, it is clear that Adobe’s approach is failing. The gravity of this issue is especially evident as Cisco’s most recent Midyear Security Report and resulting blog entry call upon companies, “To reduce the occurrence of these common code errors, software developers should participate in regular security training to build awareness of current vulnerabilities, trends, and threats.” Although the ball for creating, publishing, and updating secure software lies within the hands of software developers, only a naïve or irresponsible user would sit back and wait for the developers to handle it.

The pro-active approach, on the user end, is to assume that every software system is inherently flawed and problematic – to have a security solution already in place that can detect when employing a new software system has unintended and quite possibly, disastrous consequences. Defensive security systems must be flexible enough and powerful enough to meet evolving threats coming from an onslaught of flawed software systems and riddled web user interfaces, that can catch users unaware but ideally, not unprepared.

As the Internet of Everything becomes more of a reality, it is the onus of the user to make sure that they are meeting the challenges that come with it. Conferences like Black Hat open up the dialogue by asking important questions, the most resounding being, “What do you plan to do to keep your information secure?” In a room full of options, this question may seem both overwhelming and considerably difficult. No one can afford to spend money on services that (while not being comprehensive) will not work with others, in accidentally duplicating coverage, or even investing in a system that flat does not meet the demands of a connected world.

Finding solutions and making connections are why security professionals attend Black Hat. At the MetaFlows kiosk, our engineers were able to explain to professional after professional as to why the SaaS model works and how the MetaFlows MSS is a cooperative solution that pulls from a variety of sources, partnering with Emerging Threats, Cyber-TA, and Virus Total, to name a few. As Microsoft plans to release Windows 10 and Adobe continues to update their products, it is imperative that every user have a security plan in place to protect the integrity of their data.

MetaFlows Announces Virtual Sandboxing in Amazon Cloud: Advanced Feature in MSS Delivers Unlimited Scalability for Sandboxes

ec2sandbox

Las Vegas, NV, August 4, 2015 — MetaFlows, Inc., a leader in advanced, behavioral network security monitoring, announced today that MetaFlows Security System (MSS) users can now deploy a distributed virtual sandbox using the Amazon EC2 cloud. MetaFlows’ virtual sandbox spawns Amazon EC2 instances. Once the EC2 instance detonates the sample, it is simply wiped out and recycled. This new MSS feature enables users to run exploits exclusively in a virtual environment thus providing unlimited, on-demand sandbox resources.

Exploit samples can be submitted to the sandbox in two ways: discretely by the user, or automatically by the network-level monitoring performed by the MSS. The MSS can extract content from the network stream by either monitoring physical networks, or by performing deep packet inspection in the Amazon EC2 cloud (without requiring access to the networking layer).

“Sandboxing is a key weapon against malware, and users need flexibility and scale to use it properly,” said Frank Dickson, Research Director at Frost & Sullivan. “By initiating sandboxes on the Amazon EC2 cloud, MetaFlows offers sandbox resources on the fly without the expense of local servers.”

Advanced Features Driving MSS Sales

Virtual sandboxing and other exclusive, groundbreaking features (such as advanced multi-session IDS analysis, real-time correlation of collaborative intelligence, and Soft IPS) are driving increasing adoption and sales of MSS; the customer base has increased 400% since 2013. Recently, a cabinet-level department of the US government requisitioned MSS. Other commercial, educational, and government organizations have also acquired MSS. MetaFlows’ products are today enjoying considerable traction with virtually no marketing support because they demonstrably provide an unprecedented combination of cost-effectiveness and sophistication in the detection and prevention of malware and other network-based attacks.

MetaFlows’ MSS product will be on display at Black Hat USA at Paris/Bally’s in Las Vegas on August 5-6 at kiosk I-7. MetaFlows’ engineers will be available for live product demonstrations and deep technical discussions about the numerous innovations unveiled at the conference.

Escaping the Jurassic: Getting Technical at Black Hat

EvolutionThe cyber security world can feel like a competitive scenario, eat or be eaten. However within our own community, the truth is quite a bit different. MetaFlows belongs to a cyber security community and Black Hat is a conference about that community. In their own words, “For more than 16 years, Black Hat has provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment.” It is a place to meet with the nation’s top security teams about the most cutting edge security issues and solutions.

As a company, attendance at conferences like Black Hat give us an opportunity to contribute in a very concrete way to the intelligence community. Survival has very little to do with being the biggest and the strongest but has everything to do with adaptability. By continually communicating with the security community, our service remains flexible enough to meet emerging threats. The MetaFlows Security System is a multi-faceted approach to enterprise security and that means, of course, staying relevant.

Black Hat allows the MetaFlows team to not only present our unique security solution, but to also connect with fellow security professionals, current customers, and future customers. Our kiosk will have an interactive display and our engineers will be available to explain what it is we do and why it is effective. We look forward to the opportunity to actively participate in the ongoing security dialog. Our continually evolving product is fully scalable to meet the needs of modest business to massive enterprise.

Adobe’s Continuing Affair with Angler and Cryptowall

The latest Adobe Flash Player update has once again proven problematic. We have discovered yet another revision of a pre-existing Angler Exploit Kit disseminating Cryptowall. A customer’s host was compromised following Angler Exploit redirects, dated June 1, 2015, June 16, 2015, and June 30th, 2015, showing that as new adaptations of the kit are added, the older ones are still in use. The latest, June 30th, is more recent than the most up to date patch for Adobe Flash Player 17, version 17.0.0.19. “Customers that are enrolled in “Allow Adobe to Install Updates (recommended)” but have not updated to Flash Player version 18 will receive a new and secure version of Flash Player 17 over the next 24 hours. ”

MetaFlows customers are encouraged to enable automatic blocking for Level 1 Events, which currently include the Angler Exploit rules (https://nsm.metaflows.com/sid_priority.map), or creating specific block rules to match Angler EK events.

The figure shows an example of the events that are triggered during an Angler Exploit attempt and infection with Cryptowall.

Selection_135

Adobe, Angler, and CryptoWall

3997730524_e6cb3e6954_oAdobe Flash is an extremely severe vulnerability when it comes to Crypto-locker/CryptoWall, It seems that every time Adobe comes up with a new patch, the Crypto hackers are quick to discover how to break it. The latest CryptoWall bonanza was the security vulnerability discovered in an Adobe update that was released on May 18th. This is not a singular occurrence, but is rather a part of a larger trend of exploiting security holes in Adobe software.

Just this week, Adobe’s last round of updates for Flash Player have proven problematic. These are new vulnerabilities are being used by the Angler exploit kit, a kit that has been around for some time, a kit that has now found fresh ground. These exploits are used to distribute Cryptowall, as well as other forms of malware. The intent is to encrypt (steal or take data hostage), take over (root kit or remote access tools), or recruit (make it a part of a botnet).

MetaFlows catches these types of fresh exploits better than any other security tool (according to many of our customer).
Several analysts using our system praise us. While they are running several other security products, MetaFlows was the only one to identify this threats. We were able to identify the behavior patterns that were triggered when this exploit was seen on a live network:

 

 

 

 

 

 

 

 

 

As you can see, the IDS events identify the individual behaviors, and our correlation engine recognizes the use of Angler toolkit to infect the target with the intended payload. In this case, it is Cryptowall, a ransomware program that has cost over an estimated $18 million from U.S. users alone. In some other cases odd behavior left undetected can cost the reputation of a brand and cause irreparable loss in intellectual property.

Criminals are swift to take advantage of any emerging opportunity that can penetrate the perimeter (it has become BIG money). You need to start monitoring the behavior of your internal hosts not only the perimeter. Our behavioral analysis and correlation engine are able to identify these threats, even when they occur across multiple sessions and employing zero-day techniques that make it through your perimeter defenses.

Our security professionals have identified the issue and are working to keep our subscriber’s networks and systems safe while Adobe has updated their Security Bulletin site with the appropriate information. Users are advised to download the newest Adobe Flash update immediately. As evidenced by our findings, criminals are swift to take advantage of any opportunity and so employing new advanced detection technologies like the one offered by MetaFlows is key to preventing expensive and sometimes irreparable IT disasters.

Which IDS System is Right for You?

There are so many IDS Systems out there, but how do you pick the right one? Here are some tips to help you get started!

How Do You Pick the Right IDS System?

If you’re a company CEO then you’re probably scared of malware, and if you aren’t, then you should be. The last thing you want is a virus leaking all of your company’s charts, data, and business plans everywhere on the internet or worse, stealing from your company. So in order to protect your company’s computers from viruses and malware you’ll need an IDS system. An IDS system is an Intrusion Detection System, which is a device or software that monitors your network for malicious activity or policy violations – or in other words, a virtual watchdog. So out of all the choices out there which IDS system do you choose? Here are some tips to help you decide:

  • First, perform a risk assessment of your company or organization. This will help you determine potential risks and gain an understanding of the IT environment. Understanding what risks you are vulnerable to will help with choosing which IDS system to use.
  • Have a thorough understanding of your technical environment. This will ensure that you know what your organization needs in terms of protection.
  • Do a cost-benefit analysis. Know what is worth your budget and what is not. Once you know which risks threaten your company, you will be able to better determine what your company can afford.
  • Now choose an IDS system that will protect your company from risks and that will also fit your budget.

MetaFlows is a great option for those who want to be protected from hidden malware. MetaFlows analyzes the behavior and content of your internet traffic to find and stop malware from infecting your network. Sometimes malware security systems are not enough and lack flow analysis, but observing network communication patterns is important for better security. MetaFlows embeds security event information within IDS, Log, and Service events for real-time event information. This allows you to gain better visibility into your network. The comprehensive protection and security MetaFlows offers is something that no company can afford to pass up.

Make sure your company is protected from malware. Act today and find your IDS system and malware security system. MetaFlows offers a free of charge, fourteen-day trial in which you can actively use the system on your network. It comes complete with security updates, a web interface, as well as tech support to assist you in getting it up and running on your network.

Real Time Email Alerts

We have developed a feature that minimizes delay in generating email notifications. The emails are generated within seconds of the event occurrence to catch extremely time sensitive incidents such as crypto-locker infections. To enable this new feature simply define a shell variable near the top of the start up script mss.sh such as:

export emailaddress=”user@mydomain.com”

Also make sure the sensor can send emails by executing the command:

netstat -tapn | grep 127.0.0.1:25

A line similar to the one below should appear:

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN

If you do not see it, please enable your email daemon on the sensor by executing:

/etc/init.d/postfix start
chkconfig postfix on

Then restart the sensor with the command:

/nsm/etc/mss.sh restart

The sensor will now send real time email alerts matching any of the email notification policies you have defined. Note that:

  • This will not replace the email reports you are receiving already but it will provide advance notifications of the alerts contained in those same reports.
  • The email alerts will originate from the sensor which does not have an MX record; therefore your SPAM filters will most likely block them. Please white list the sensor IP address to bypass the SPAM filter.

As always, thank you for your feedback,

The MetaFlows Team.