Endace Packet Forensics Files: Episode #23

Original Entry by : Michael Morris

Michael talks to Steve Tsirtsonis, Director EMEA Federal Business for Endace

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Nation-state cybersecurity is fast becoming the new battle frontline in international conflict. It is complicated by rogue threat actor groups inserting their cyber weapons into the mix, extorting money for funding, fanning the flames of nation-state disputes, and crippling potential targets.

You won’t want to miss this episode of the Endace Packet Forensic files as I talk with Steve Tsirtsonis, Director EMEA Federal Business for Endace, who shares his view of the threat landscape that government agencies around the world are facing and how it is evolving.

Steve talks about what he sees governments doing to combat escalating cyber threats, what are some of the unique challenges they face and how they are evolving their security using SOAR, AI and NDR tools to be as prepared as possible to defend critical infrastructure.

Finally, Steve gives his thoughts on the key things security teams should look out for in the years ahead and what we can all learn from government security practices.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #22

Original Entry by : Michael Morris

Michael talks to Michael Wallmannsberger, Security Consultant and former CISO of Air New Zealand

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, EndaceHas the fluidity of your network perimeter created holes in your cybersecurity defenses?

Tune in for this episode of the Endace Packet Forensic files as I get insights from expert cybersecurity consultant, and former CISO of Air New Zealand, Michael Wallmannsberger.

Michael shares some of the systemic and foundational mistakes that he sees organizations are continuing to make that hamper their security posture.  He gives some great advice for new CISOs as to what to prioritize and to focus on as they build their security maturity.

Finally, Michael shares, from a CISO’S perspective, some key elements to start with to help you walk before you run in your push for stronger cybersecurity. And highlights the importance of taking the time to develop your organization’s security competencies across the whole business.

Other episodes in the Secure Networks video/audio podcast series are available here.


Changing the Game for Network Security Investigations

Original Entry by : Michael Morris

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, EndaceSecurity teams are overloaded – they have too many alerts, and tools that aren’t integrated. There’s simply not enough of the right information in the hands of security analysts to enable them to investigate issues quickly and confidently.

Organizations need integrated security tools that raise their odds of detecting threats and give them the confidence that they really know what is happening – or has happened – anywhere on their networks.

Today that battle is changing. The game is being tilted in the favor of SecOps teams as analysts can now leverage the power of two powerful and tightly integrated security platforms – Corelight NDR and the EndaceProbe Analytics Platform – to detect and hunt for threats in their networks.

Corelight’s enterprise-ready Zeek and Suricata engines allow SecOps teams to fully analyze network traffic data for threats, protocol insights and application anomalies. Corelight Sensors harness the simplicity of Zeek with enterprise-level performance, scale and administrative capability to give SOCs gain rapid visibility into what’s happening on their network.

Corelight’s out of the box integration of Zeek and Suricata provides a powerful, flexible, and easy-to-deploy security platform that delivers simple and scalable network detection and the detailed insights critical to any security team.

The EndaceProbe “always-on” network recording and packet capture platform gives customers 100% visibility into every packet anywhere on the network, enabling powerful real-time and back-in-time forensic investigation and event reconstruction.

The EndaceProbe platform scales to record traffic at full line-rate across your whole environment. Delivering high-speed centralized search and easy drill-down workflows from your SIEMS or other security tools directly to the recorded network traffic relevant to a specific alert or investigation. Additionally, Endace’s open platform architecture lets you host solutions such as Corelight Sensors as virtualized instances directly on the EndaceProbe appliance to analyze the traffic in real-time as it is recorded. This hosting capability allows you to consolidate key security tools onto a common hardware platform, reducing costs and enabling agile deployment of tools to wherever you need them across your network without additional hardware rollout and configuration.

The power of combining EndaceProbes with Corelight sensors helps customers to solve difficult security challenges like supply-chain attacks or advanced persistent threats, that are often difficult to detect and enable attackers to hide for long periods in the network by camouflaging their activity using sophisticated stealth techniques such as modifying or deleting logs or other evidence.

Having powerful detection and traffic analysis integrated with a tamper-resistant record of network activity in the form of recorded packet history streamlines forensic investigations and threat hunting efforts, making security teams more efficient and effective. Real-world problems such as identifying command and control traffic, spoofed DNS, or lateral movement inside your network can be solved in minutes.

Large technology firms, banks, and government agencies around the globe are enthusiastically embracing the power of Corelight and Endace to help them better secure their environments. To learn more about how together Endace and Corelight can help you better secure your environment check out the short demo video below and Corelight’s partner page on endace.com.


Endace Packet Forensics Files: Episode #21

Original Entry by : Michael Morris

Michael talks to Alex Kirk, Global Principal Engineer, Corelight

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Are you aware if your network has spoofed DNS traffic and do you know what things to look for in your network traffic to find supply chain attacks?

If you’re not sure then you won’t want to miss this episode of the Endace Packet Forensic files as I talk with Alex Kirk Director Global Principal Engineer for Corelight.

Alex gives his expert insights into the Solarwinds Sunburst supply-chain attack, what to look for, and why it took so long for security experts to uncover the threat. He highlights the importance of asset management and the integration of IT planning into security operations practices and policies.

Finally, Alex gives tips for finding and preventing these types of attacks in the future and advises where he still sees many organizations have gaps in their security stacks.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #20

Original Entry by : Michael Morris

Michael talks to Craig Williams, Director of Talos Outreach, Cisco

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

What are the latest threats that Threat Intelligence teams are seeing and what are they recommending as best practices for defending against the latest cybersecurity threats?

You won’t want to miss this episode of the Endace Packet Forensic files as Michael sits down with Craig Williams, Director of Talos Outreach at Cisco.

Craig talks about how threats have been evolving over the last year – particularly during the Covid-19 pandemic – and gives us some insights into recent high-profile security issues. He also shares some advice how you can validate your corporate applications and implement zero-trust policies to reduce your exposure to threats.

Finally, Craig talks through key elements of cyber security infrastructure that can help SOC teams investigate issues and evolve towards proactive threat hunting practices.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #19

Original Entry by : Michael Morris

Michael talks to Dr. Ryan Ko, Chair and Director of Cybersecurity for the University of Queensland

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Do your cybersecurity skills meet foundational requirements for security analysts of tomorrow?

You won’t want to miss this informative episode with Dr. Ryan Ko, Chair and Director of Cybersecurity for the University of Queensland. Ryan talks about how the university is building programs around the critical skills needed by cybersecurity analysts of the future.

Ryan is a founder of, and contributor to, the CCSP certification and has developed a variety of masters and post-graduate degree programs in Cybersecurity. He makes his case for why a broad inter-disciplinary approach will be critical for security teams in the years ahead.

Ryan also talks about how new breaches and threats such as supply chain attacks are becoming the norm and some approaches for hunting down these threats.

Finally, he shares what critical tools SOCs need in order to detect and mitigate these complex threats and how SOAR platforms can play a useful role – if implemented correctly.

Other episodes in the Secure Networks video/audio podcast series are available here.


Diversity and Inclusion at Endace

Original Entry by : Endace

By Garima Bhatia, Test Manager – Appliance QA, Endace


Endace has recently started an exciting initiative which we wanted to share.

We have always been a culturally diverse workplace with people from all over the world representing many different nationalities and cultures. We are proud of this and want to recognize and celebrate the diversity we already have at Endace.  Each of our individuals has unique perspectives, skills, experiences and backgrounds that bring valuable contributions to the organization.

Supporting this diverse set of individuals to feel included is important; so people feel they truly belong to the organization they are working at and can achieve their maximum potential.  For Endace as an innovative organization, this means reaping the rewards of diverse thinking, and a stimulating work environment that leads to a satisfied team with strong collaboration and teamwork.

It is important that diversity is not only accepted, but celebrated, in ways that gives this diverse group of people a strong sense of worth and belonging. Everyone should feel accepted and valued for who they are in order for Endace to build a corporate culture that demonstrably supports and celebrates every individual’s self-expression.

What are we Doing?

Our approach to making diversity at Endace inclusive, by embracing our different mix of people, is a bottom-up approach. Our People team conducted an internal survey, and a series of discussions and presentations, to encourage input from people across the organization. In these sessions, we examined and discussed what diversity means and how acceptance and celebration of diversity go hand-in-hand with inclusion. We discussed how this benefits the business by allowing it to tap into the potential a diverse workforce has to offer, and how it benefits individuals by encouraging their individuality in a productive way.

This process was widely supported across the organization and led to agreement across the board that an active focus on Diversity and Inclusion (D&I) was an important initiative for everyone at Endace.

As our CEO Stuart Wilson said “this initiative is to ensure everyone has an equal voice so the business benefits from the best of the abilities that we have as a diverse team at Endace. I am motivated to give a voice to those who may be reluctant to step forward and I am looking forward to seeing what we achieve together.

The D&I Committee: and Our Voices

D&I can be “in the eye of the beholder”. So our challenge was to gain an organization-wide perspective of what diversity means to everyone at Endace. We needed to understand where we are now and what we want to focus on improving.

We established a community-led group, by calling for volunteers from across Endace, to collect input and ideas from across the organization, that could be implemented in conjunction with the People team. We found we had many people that are enthusiastic about this initiative and who wanted to be part of the group proactively taking steps to better understand and support our team members.

As Sam from the Software team says, “the differences that exist between us all are a strength, not a weakness. The D&I Committee provides a platform for us to celebrate and better understand this.

We had people who wanted to voice opinions on many different issues and were willing to dedicate time and ideas.

As Michael in the Support team said, “being part of Endace’s Diversity & Inclusion team resonates strongly with my personal commitment to breaking down barriers for marginalized and vulnerable communities.  I am passionate about making a positive difference, whether it’s in relation to gender, age, ability, sexuality, or cultural diversity.”

 

One very motivated volunteer, Kate, provided a very perceptive insight; “I believe acceptance of difference makes us stronger and smarter. It is not the diversity that is key, it is the openness to it.

 

We were also fortunate to have a senior leadership team member, John Attala, Endace’s VP of Worldwide Sales, sponsor the initiative as the D&I group leader. John said,

As the son of a first-generation immigrant, our family’s diversity stood out. My parents became leaders in their careers and community and I believe our cultural differences educated our community in a small way. Diversity and inclusion are important to me and I’m excited to be part of the first Endace D&I Committee. I hope together we can help facilitate a workplace that is safe, welcoming and where ideas are freely shared because I believe diversity is the one true thing we all have in common”.

Once assembled, the group was trained by the people team on D&I fundamentals and tasked with identifying focus areas and specific objectives Endace could undertake to ensure D&I are embedded across the organization.

So Far: and What’s Next?

The experience of being in the D&I committee so far has been a unique one. We have identified the focus areas we collectively agreed to work on and identified teams to work on each of these focus areas. These teams are responsible for ensuring the overall group makes progress by firstly building awareness of issues in their specific focus areas and then by identifying actions that will address those issues and ensure diversity is not only accepted but overtly celebrated across the organization.

We have taken our first steps – including having all managers participate in an “unconscious bias” workshop. This workshop helped attendees to understand that biases do exist, how they can identify and become conscious of them, and how to be mindful that these biases don’t get in the way of everyone being treated fairly.

As we move forward, we are driven to actively support our organization becoming a place where individuality is celebrated and everyone has a sense of belonging, of having a valued voice, is accepted and respected, and has opportunities to develop.  Change happens over time, but we know this can be achieved through our commitment to community-led initiatives and the hard work of our D&I Committee.


Endace Packet Forensics Files: Episode #18

Original Entry by : Michael Morris

Michael talks to Tim Dudman, Senior Principal Consultant, Riskaware

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Interested in hearing what some of the UK’s leading government cyber defense experts are doing to address their biggest concerns and challenges?

Then don’t miss this insightful episode with Tim Dudman, Senior Principal Consultant for Riskaware, where he shares his experiences in collaborating with academia, industry, and UK Defense funding to generate leading-edge cybersecurity capabilities.

Tim talks about some of the gaps he sees across the industry and how AI and SOAR platforms are fitting in and complementing many security architectures.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #17

Original Entry by : Michael Morris

Michael talks to Jen Miller-Osborn, Deputy Director of Unit 42 at Palo Alto Networks

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Want to hear about the latest attack trends, what to expect in the future and how best to prepare your defenses?

Then don’t miss this episode of our Packet Forensic Files series as Michael catches up with Jen Miller-Osborn from Unit 42 – the threat intelligence group at Palo Alto Networks.

Jen talks about some of the threat trends the team at Unit 42 has been seeing lately – including how ransomware attacks are becoming more sophisticated and targeted, how DDOS attacks are making a comeback, and what the recent Solarwinds “Sunburst” attacks have demonstrated.

She also provides some helpful tips for best practice cyber defense and talks about how the threat landscape might evolve over the next year or two.

Other episodes in the Secure Networks video/audio podcast series are available here.


2021 awards season kicks off with nine new awards for Endace

Original Entry by : Endace

Endace Wins 9 New AwardsEndace and the EndaceProbe Analytics Platform have been honored with nine awards in two well-regarded industry awards programs: The Globee 17th Annual 2021 Cyber Security Global Excellence Awards and the 2021 Cybersecurity Excellence Awards. The award categories include Most Innovative Security Hardware, Hot Security Company of the Year, Hot Security Technology of the Year, and Cybersecurity Blogger of the Year. 

From the Globee 17th Annual 2021 Cyber Security Global Excellence Awards, Endace was selected as the winner in the following categories:

  • Grand Trophy Winner
  • Gold Award, Hot Security Company of the Year: Endace
  • Gold Award, Most Innovative Security Hardware of the Year: EndaceProbe Analytics Platform Product Suite and Fusion Partner Program
  • Gold Award, Hot Security Technology of the Year: EndaceProbe Analytics Platform Product Suite
  • Gold Award, Network Detection and Response: EndaceProbe Analytics Platform
  • Gold Award, Incident Analysis and Response Solution: EndaceProbe Analytics Platform Product Suite
  • Silver Award, Network Security and Management: EndaceProbe Analytics Platform with EndaceVision

From the 2021 Cybersecurity Excellence Awards, Endace won two silver awards in:

  • Best CyberSecurity Company, Asia (between 50-99 employees)
  • CyberSecurity Blogger of the Year, Asia (Endace Packet Forensics Files hosted by Michael Morris)

There was strong competition across both awards programs this year and Endace would like to congratulate all this year’s winners and nominees – in particular our partners and fellow winners: Darktrace, Palo Alto Networks and Keysight (Ixia).

It’s great to see such a vibrant community of cybersecurity companies in the market. Our combined contributions are critically important to further improving cyber defense and helping organizations around the world protect critical infrastructure and private data from criminal and nation-state-sponsored attacks.