Diversity and Inclusion: measuring our success

Original Entry by : Katrina Schollum

By Katrina Schollum, People Partner, Endace


We have been progressively working on a culture of belonging through building awareness of Diversity and Inclusion (D&I) in our organization.  Led by our D&I Committee, our series of initiatives in our four focus areas of gender, ability, ethnicity and generational diversity have been implemented over time and we are proud of what we have achieved.

As part of our ongoing commitment to continuous improvement, we have taken steps to measure and report on what we have accomplished so far.  As part of the measurement, we conduct online surveys to ensure we are delivering initiatives that have a positive and constructive impact at Endace.  We recently completed a short survey that was sent to all of our team members and completed anonymously.  The results were collated and shared internally.

What was measured?

We asked about past initiatives and their efficacy to identify what changes, if any, were observed – from the level of understanding of D&I issues, to increased discussion about D&I.  We also wanted to gauge the feeling of comfort and belonging at Endace and measure whether there was any change since introducing our D&I initiatives.

One of the sets of questions was the same as a previous survey conducted 18 months ago.  These questions had a scale from strongly agree to strongly disagree.  This meant we could compare and contrast results and see what, if any, shift had occurred.

Our hardworking Diversity & Inclusion Committee.

What did we find?

We found that interactive and personal initiatives have been the most popular with our team.  Our most popular activity was our Diwali Decoration Competition, followed by our name pronunciation video featuring members of our global team.  At Endace, we like to learn by doing. So having interactive initiatives is a great way for us to build awareness.

A majority of our participants felt they have a greater understanding of D&I at Endace and have seen positive change, with 66% being able to say a definitive yes a fantastic result!  Participants also agreed that our initiatives broke down barriers to creating a stronger feeling of belonging.  The majority of our people at 74% feel comfortable openly talking about diversity at Endace. More conversation on the topic outside of direct communication and activities from the D&I Committee will enhance our progress so we continue to track and measure change on this point.

From our comparison questions, there was a higher percentage of ‘strongly agree’ answers for all questions in this set and 91% of respondents felt Endace respects its individuals and values their differences.  The results overall showed a positive trend in feelings on managerial commitment, fair treatment and a level of comfort speaking up – a great result!  This is shown through a positive uplift in results moving from agree to strongly agree from 18-23%.

While we are delighted with the results, we always can do more with our initiatives to build awareness and break down barriers.  We have a lot in plan at Endace for the coming months and we look forward to sharing in our next update.


Endace Packet Forensics Files: Episode #37

Original Entry by : Michael Morris

Michael talks to Rick Jenssen, VP of Global Operations, Plixer

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Many organizations face challenges maintaining their security posture while dealing with the significant shift towards remote workforces, the dynamic nature of hybrid cloud environments and rapidly growing volumes of interconnected devices.

In short, managing security at scale in highly fluid environments is a daunting challenge. So what can you do to improve your security resiliency?

In this episode of the Endace Packet Forensic files, I talk with Rick Jenssen, VP of Global Operations for Plixer, who shares his experience into building robust security at scale. Rick recommends some best practices to address the common challenges in delivering resilient security in large environments and talks about ways to address the flood of alarms SOC teams face on a daily basis. He suggests a nice, six-step, iterative approach to continually improving your security position.

Finally, Rick reinforces how important the mantra of “practice, practice, practice” is when it comes to preparing your security teams – and the wider organization. Practicing how to investigate, remediate, and respond to potential security breaches makes sure you know what needs to happen in the event of a real crisis and uncovers areas you need to work on to be better prepared.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #36

Original Entry by : Michael Morris

Michael talks to Neil Wilkins, Technical Director EMEA, Garland Technology

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

What does it mean to have security at scale?  For large infrastructures with rapid data growth have you maintained or improved your security posture as you have scaled?

In this episode of the Endace Packet Forensic files I talk with Neil Wilkins, Technical Director for EMEA at Garland Technology, who outlines some of the challenges he sees organizations facing when it comes to maintaining security at scale.  He shares some recommendations and best practices to get on the right path to improve security in large environments.

Finally, Neil shares his thoughts on Security Orchestration and Automation Response (SOAR) platforms and how they can help in environments with lots of tools and events and multiple teams trying to manage the cyber security infrastructure. He provides suggestions for rolling out SOAR solutions and highlights some things to avoid to ensure the platform delivers the returns and efficiencies hoped for.

Having a large, dynamic infrastructure doesn’t mean you can’t keep your arms around your security posture, but you need to have processes and tools in place that can scale as you grow and accelerate incident response to keep ahead of growing threat volumes.

Other episodes in the Secure Networks video/audio podcast series are available here.


Amazing people driving personal success at Endace

Original Entry by : Sasha Blair

By Sasha Blair, VP, People and Legal, Endace


People are at the heart of what makes the Endace vision come to life.  Our team applies their knowledge and skills to continually innovate with fast-paced advances in technology.  It is imperative that our people grow within their roles and become drivers of innovation themselves.

People development is key to Endace’s success, and we invest heavily in continuously developing team members’ skills and expertise.

At Endace we have an annual development process that is voluntary and open to all.  Our people are in the driving seat.  They steer their own learning goals since they are the experts in their own career aspirations and motivations.  It’s not about past performance – in fact the development planning is completed prior to our annual achievement review process. The aim of the development planning process is to align individual goals and enhance current roles in preparation for future opportunities and to build new skills.  With input and guidance from business leaders, alignment with the broader business context is considered in the process.

Future career aspirations, capability development and learning opportunities are discussed, and a plan is developed in collaboration with each individual and their manager.  Managers will talk about the evolving needs of the business and how team members might contribute, build on their strengths and develop applicable skills.  The result is a documented action plan in which team members can follow and track their success.

Usama’s Experience

One of our staff Engineers, Usama Malik, spoke about his experience with the development program.

“Endace has always encouraged and supported my personal learning goals, and over the years I’ve had opportunities to explore both technical and managerial development paths. These included training courses (online, in-group and one-to-one), formal assignments and informal tasks within my role.   

Unlike many other companies, at Endace I can set the pace myself depending on my day-to-day schedule and other urgent duties.  I’ve found this flexibility very appealing, especially with learning outcomes and their business impact being evaluated during annual achievement reviews.

My 2021-2022 development plan was particularly rewarding for me.  In previous years I chose development projects within my specific technical domain. However, last year I was able to step out of my comfort zone and work with the wider systems team on projects focused on continuously improving product reliability and performance.  Endace bought new equipment to enable me to analyze hardware at the electrical level and I learned new protocols and broadened my understanding of how state-of-the-art devices work. I collaborated with people from multiple teams – including software, production, operations and customer support.  This cross-functional teamwork yielded excellent results. It has been a win-win situation for everyone, including our customers who reap the benefits of these product improvements.”

Endace’s people development process offers our team members the structure to plan, discuss and execute growth opportunities that build their potential. We have seen excellent commitment, high interest in the program and strong support from managers leading to fantastic results in preparing our people and securing our future.


Endace Packet Forensics Files: Episode #35

Original Entry by : Michael Morris

Michael talks to Timothy Wilson-Johnston, Value Chain Security Leader, Cisco

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, EndaceWhat did we learn from the recent Log4J 2 vulnerability? How are security holes like this changing the way organizations think about deploying enterprise software solutions?

In this episode of the Endace Packet Forensic files Michael Morris talks with Timothy Wilson-Johnston about the Log4J 2 threat and how it is being exploited in the wild.

Timothy shares his thoughts about what Log4J 2 has taught us, and why organizations need to look at the bigger picture:

  • How can you better defend against vulnerabilities of this type
  • Why it’s so important to closely scrutinize solutions that are deployed – and make sure you have visibility into components that might be included with those solutions

Finally, Timothy discusses the importance of evaluating security vs function and why it is critical to have software inspection and validation processes to manage third-party risk to your business. Knowing what your vendors’ standards are and implementing a structured and repeatable process for evaluating vendors and solutions, is key to improving security maturity.

 

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #34

Original Entry by : Mark Evans

Michael talks to Rick Peters, CISO Operational Technology, Fortinet

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Increasingly, the security of Operational Technology (OT) – Industrial Control Systems and SCADA – is a major focus of concern. These systems are used in many environments across industries such as manufacturing, transportation, energy, critical infrastructure and many more, and are a juicy target for both sophisticated, nation-state attackers and cybercriminals.

In this episode of the Endace Packet Forensic files I talk with Rick Peters, CISO Operational Technology at Fortinet. With a long career in engineering and almost four decades in US Intelligence before taking on his role at Fortinet, Rick knows intimately how attackers can target OT systems and has spent many years helping to defend OT systems from cyber attackers.

Rick talks about the importance of being able to trust in OT environments: in their ability to continue to provide safe and continuous business, and how we can bring some of the discipline that has been developed in IT cyberdefense into the OT environment. He outlines the importance of “consequence-driven strategy” – a deep understanding of the risks and vulnerabilities that a given system presents, coupled with a thorough assessment of the consequences of a successful compromise. As well as the importance of having a well-planned, and tested, response plan that addresses both IT and OT systems.

Rick has some great advice for cybersecurity leaders about where to start building a robust OT security posture and the importance of having IT security and OT security working in parallel. You won’t want to miss this episode!

Other episodes in the Secure Networks video/audio podcast series are available here.



Successful Endace 2021/22 Internship Program concludes for another year

Original Entry by : Katrina Schollum

Our six interns for our Summer 2021/22 Internship Program joined us in our R&D centre in Hamilton, NZ from the Universities of Auckland and Waikato. Their 13 week R.E.A.L (Remarkable, Enjoyable, Authentic, Learning) Internship Program  saw them working individually on commercially relevant, meaningful projects with the support of their managers and mentors.  We are pleased to say it was another highly successful year!

2021/22 Endace Interns working in the Hamilton, NZ office

Presentations Day

Because of Covid lockdowns, the interns’ introduction to Endace was virtual this year – and so too were their final presentations.

The Internship Program concluded with each of the interns presenting their individual projects to an audience.  This year the audience included Endace team members from five countries: project managers and mentors as well as all the members of our Senior Leadership Team.  We were also very happy to welcome faculty members from the University of Waikato, continuing our strong link with the original birthplace of Endace – very appropriate in our 20th year!

The interns gave an overview of their projects and the specific challenges they were trying to address. They discussed the design of their solutions, implementation challenges they had faced, and also demonstrated their solutions in action. They concluded by outlining how these projects could be applied – and potentially extended further – in the future. At the end of each presentation, audience members had an opportunity to ask questions and delve deeper into the outcomes of the project.

Elements of Success

Throughout Endace’s structured Internship Program, interns get to hone their technical skills and put their university knowledge into practice.  But beyond just acquiring technical skills, interns also have an opportunity to gain an understanding of all the different areas of Endace’s business – from sales and marketing, to finance and operations. They also get to develop their communication and organisational skills by interacting with members of the Endace team from many departments.

The interns are supported throughout the Internship Program by individual managers and mentors. They get to observe how teams work together cohesively – in an environment where ideas are respected and individuals are trusted to do their best work. It was fantastic to see these learnings reflected in the intern’s final presentations.

2021/22 Endace Interns working in the Hamilton, NZ office

Our managers and mentors also benefit hugely from the Internship program – which provides a great opportunity to build leadership skills in their intern support roles and gives them the satisfaction of seeing the impact of sharing their expertise.

Following the presentations, Stuart Wilson, Endace’s CEO, summed up everybody’s thoughts when he said “it constantly amazes me how much interns can achieve in a relatively short period of time!”  He emphasised the importance of Endace’s determination that intern projects should be real, commercially-focused projects – and talked about how the intern projects have helped shape product improvement, automation, being able to scale our testing environments and customer experience for Endace.

Endace’s CTO, Stephen Donnelly, commented that an important outcome of the Endace Internship Program is that it supports the wider R&D sector and helps New Zealand prepare future engineers with exposure to cutting edge cybersecurity technology.  Cybersecurity is an increasingly important industry world-wide, and increasing students familiarity with key challenges, tools and technologies is vital in upskilling the NZ sector.

At Endace we are proud of our interns’ achievements thus far and look forward to following their future accomplishments in the industry.  As we conclude another successful program we will now look forward to the next round in Spring, bringing in further perspectives, learning and career development to Endace.


Making Packet Forensics Easy

Original Entry by : Cary Wright

Extracting files and other information from recorded packet data

By Cary Wright, VP Product Management, Endace


Cary Wright, VP Product Management, EndaceRecorded network traffic often holds vital clues required to resolve serious Cyber Incidents, or difficult network or application issues. The challenge has been locating a packet guru with the skills to search and analyse recorded traffic to extract the vital evidence needed to resolve the issue at hand. Such skilful analysts can be a rare breed, so we have taken that expertise and packaged it into our latest EndaceProbe software.

Recorded network traffic is now faster to search from within existing security tools such as SIEM or SOAR, and extraction of files and other important information can be done by any team member with the click of a mouse.

Getting to the Packets Faster

Our integrations with partner solutions focus on making it quicker and easier for analysts to find and analyze the packet data they need to investigate and resolve incidents.

Analysts can go from an issue or alert in their security or performance monitoring tools directly to the related packet data in InvestigationManager™ with a click of the mouse. That can save hours of time extracting, downloading and carving-up massive .pcap files so they can be opened up in Wireshark®.

With EndaceVision, analysts can rapidly zoom the timeline in-and-out to look at pre-cursor or post event activity to understand the full scope of any event or alert. Analysis of packet data is done on EndaceProbe appliances at the place it was recorded using hosted Wireshark without having to download or transfer large .pcap files across your network.

Making packet data even more useful

In the past packet analysis has required deep expertise and experience with tools like Wireshark or Zeek used to extract essential information from the recorded packet data. This has made it difficult for less experienced analysts to extract value from packet data and often meant issues requiring packet forensics piled up on the desks of senior analysts to investigate.

With our latest software release (OSm 7.1), we’ve made it easy for even junior analysts to extract useful information from recorded packet data without requiring deep knowledge of packet structures and decode tools. Simply select traffic of interest in EndaceVision and with a single click extract malicious files, or generate detailed log data from all the selected packets. This makes investigating historical events fast, and far more efficient. And it does not require deep expertise – which means even junior analysts can perform packet forensics tasks.

Some examples of tasks that are made easier with the latest Endace software release include:

  • Reconstructing malware file downloads or transfers so you can submit them to a sandbox or virus tool.
  • Understanding exactly what data left your network by reconstructing file exfiltration events.
  • Easily generating logs from recorded traffic to look for things like unusual DNS activity, port scans, DDoS events, or other threatening activity.

See how easy this is in the short 10 minute demonstration below (file extraction is at 08:15):

For more information on these great new features, or to arrange a demonstration to show how Endace could help you, contact us.


Multi-Tenancy introduced with OSm 7.1

Original Entry by : Cary Wright

Securely sharing packet capture infrastructure across multiple entities

By Cary Wright, VP Product Management, Endace


Cary Wright, VP Product Management, EndaceWe are proud to announce that EndaceProbe now supports Multi-Tenancy, “Woo-hoo” I hear you say! If you are an MSPP, MDR, Service Provider, or organisation with multiple departments, your SoC teams can now reap the benefits of having access to weeks or months of continuously recorded network traffic whilst sharing costs with many other likeminded SoC teams. Let’s dig into what Multi-Tenancy is and why it’s important.

At the most basic level, Multi-Tenancy is the ability to host multiple “entities” (e.g. multiple customers or multiple organizational divisions) on a single architecture at the same time. To put it another way, Multi-Tenancy offers a way to share the costs of a system or service across more than one entity. Multi-tenancy can mean different things depending on your domain of expertise:

  • Cloud providers are inherently multi-tenanted, serving millions of clients with shared compute
  • Operating systems often host multiple tenants on a single machine
  • Networks can supply connectivity to multiple teams or organizations via a single infrastructure.

All these scenarios have these necessary requirements in common:

  1. Each tenant’s data must remain private and accessible to only that authorized tenant, and
  2. Each tenant needs access to reliable, predictable, or contracted resources – such as bandwidth, compute, storage, security services, expertise, etc.

Multi-tenancy can help organizations to scale critical security services in a cost-efficient manner. A capable security architecture/service requires a significant capability investment and the expertise to operate it. By enabling this investment to be shared, it enables services to be made available to organizations that might otherwise not have been able to afford them.

A good example of where Multi-Tenancy can be extremely useful is the Security Operations Center (SoC). Typically, only large, well-funded organisations have the resources to build their own dedicated SoC. Multi-tenancy can enable multiple organizations to share a SoC, each benefiting from a strengthened security posture without carrying the full burden of the costs and effort involved.

This is the model underpinning outsourced MSSP services, for example. But it can also be an ideal model for larger organizations with multiple divisions that each need to maintain separation from each other. Or where multiple individual companies are owned by a common parent. It can also be a useful way to safely isolate a newly acquired company until its systems can be safely migrated or transferred over to the new owner’s infrastructure.

We see lots of areas where organizations are benefiting from this ability to  share infrastructure and services. So we are very pleased to announce that with the new OSm 7.1 software release, EndaceProbe Analytics Platform now also supports Multi-Tenancy for network recording.

This is especially useful where multiple tenants share the same network. A single EndaceProbe, or a fabric of EndaceProbes, can now be securely shared across multiple different organisations or tenants, while keeping the data for each tenant secure and private. EndaceProbes continuously record all network data on the shared network, but only provide each tenant with access to their own data.

In this case the tenancies are defined by VLANs, where each tenant has a VLAN, or set of VLANs, that carries only their traffic. When a user needs to investigate a security threat in their tenancy, they simply log into InvestigationManager to search, inspect, and analyse only the traffic that belongs to that tenancy. It’s as if each tenant has its own, wholly separate, EndaceFabric, dedicated just to its own tenancy.

This new capability is important for large organisations that service multiple departments, agencies, or divisions. Service providers, MSPPs, and MDRs which service multiple clients will also benefit from Multi-Tenancy to give each of its clients ready access to its own recorded network traffic for fast, secure, and private, security incident response.

We are very excited that this new Multi-Tenancy feature can help make Network Recording accessible for many more organizations, helping them to resolve incidents faster and with greater confidence.

For more information on this great new feature, or to arrange a demonstration to show how Endace could help you, contact us.