Endace Packet Forensics Files: Episode #29

Original Entry by : Michael Morris

Michael talks to Tim Dales, VP Labs and Analyst, IT Brand Pulse

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

What is the “Total Cost of Ownership” for security teams to get absolute forensics with full packet capture?

In this episode of the Endace Packet Forensic files, I talk with Tim Dales, VP of Labs and Analyst for IT Brand Pulse. Tim shares the results of an IT Brand Pulse study that examines the cost of in-house developed packet capture solutions versus off-the-shelf, vendor-built solutions.

Tim shares details of the report’s findings including the pros and cons and some of the key things many people don’t consider before trying to build solutions in-house.

Finally, Tim discusses key changes in how organizations are thinking about their security architectures and the gaps they are looking to address. He shares the importance of integrated workflows in helping analysts to accelerate investigation times and confirm or dispense potential indicators of compromise more definitively.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #28

Original Entry by : Michael Morris

Michael talks to Tim Wade, Director, Office of the CTO, Vectra AI

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Security Operations teams at many organizations are reviewing processes and tools as breaches continue to happen, investigation times remain too long, outcomes are uncertain, and too many alerts are going unaddressed. Organizations are asking, “why are we spending so much money on security without tangible results?” They are looking at “SOC Modernization” initiatives to help them defend effectively against increasingly sophisticated threat actors.

In this episode of the Endace Packet Forensic files I talk with Tim Wade, Technical Director from the Office of the CTO at Vectra.AI, who shares his insights into the “SOC Modernization” trend and three pillars that he suggests require a change in thinking to ultimately be successful.

Tim starts with a fundamental change in philosophy – he suggests SOC teams need to shift from a “prevention” to a “resiliency” approach to cyberdefense. He illustrates the importance of taking incremental and iterative steps with monthly and even weekly measurement and review cycles to evaluate progress.

Tim suggests SOC teams need to better understand the rules of the game so they can step back and actively work to break them – because that is exactly what our treat actor adversaries are doing every day. Challenge everything and think like your opponent.

Finally, Tim advises CISOs that modernization needs to address challenges holistically. Not just focusing on technologies, but also ensuring they are working on people and processes and gaps in training, communication, and thinking.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #27

Original Entry by : Michael Morris

Michael talks to Phillip Solakov, Client Solutions Director at Optiv

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, EndaceCyber security teams around the globe are embarking on a variety of “modernization” initiatives, as they try to keep up with the dynamic threat landscape, but what are the must-have elements if you are looking to modernize your SOC?

You won’t want to miss this episode of the Endace Packet Forensic files as I talk with Phillip Solakov, Client Solutions Director for Optiv Canada, as he shares his view of what “SOC Modernization” means and what’s driving these efforts.

Phillip explains some of the biggest issues SOC teams are facing and things they are working on to overcome these challenges. He drills into how alert fatigue is compounded with more detection tools, more telemetry and why it is becoming critical for more automation in SOC processes and tools.

Finally, Phillip highlights some things SOC teams are still missing with the continuously expanding attack surface, and he gives some examples of how these gaps can still be addressed with the right security architecture and mindset.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #26

Original Entry by : Michael Morris

Michael talks to Pavel Minarik, CTO of Kemp Technologies

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Many organizations are undertaking SOC and NOC modernizations, but what does this mean and what is driving it?

If your company is planning a “modernization” you won’t want to miss this episode of the Endace Packet Forensic files as Pavel Minarik, CTO of Kemp Technologies, talks about what’s important and what is fueling the need to modernize.

Pavel gives his insights into some of the biggest challenges NOCs and SOCs are facing and shares some tips to help these separate teams work together and collaborate more.  He underscores why this is becoming more important with increasing network complexity, virtualization, and escalating threat attack vectors.

Finally, Pavel talks about why network traffic is such a foundational data source for both NoCs and SoCs and the pros and cons of flow-based monitoring vs full packet monitoring. He shares the best practices analysts are adopting to become improve investigation efficiency and reduce incident response times.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Turns 20!!

Original Entry by : Mark Evans
July was a significant milestone for Endace. We celebrated two whole decades in business and the start of our 21st year!

Read on to find out how we’re marking the occasion …

The Last 20 Years

Back in 2001, when Endace was founded, Russell Crowe (another famous New Zealander) won an Oscar for Gladiator, internet users were dreaming about fast, new 56K modems, Microsoft launched Windows XP, and the first Lord of the Rings movie (The Fellowship of the Ring) was launched. So long ago!

What’s amazing is that in the 20 years since, Endace has continued to work with some of our first ever customers! And many of the original Endace team, including Endace CTO, Stephen Donnelly, are still with us today too.

But much has changed over that time. We’ve seen network speeds increase from the early 10Mbps LAN speeds to today’s backbone speeds of 100Gbps and beyond. Traffic volumes have increased exponentially too with global internet traffic estimated to total 4.8 zettabytes in 2021.

Over the last twenty years, packet capture has gone from being a niche technology predominantly used by telcos, service providers, and governments to what is now a ubiquitous and essential capability for organizations to ensure the security and performance of their critical networks.

Endace has continued to stay ahead of the changes, setting industry benchmarks for performance, capacity and reliability with our multi-award-winning EndaceProbe Analytics Platform. Our technology becomes more and more important every day because of the challenges organizations face in defending against cyber threats and ensuring their critical networks are available 24x7x365.

 

That Endace is still going strong after 20 years is a testament to a really smart team, and the strength of our relationships with our customers and partners. We are extremely grateful for your unwavering support and loyalty. Thank you!

Stuart Wilson, CEO.

A Year of Giving Back

We elected a team of Endace people from around the world to decide how we should celebrate our 20th Anniversary. The universal feedback they received was that everyone wanted to mark the occasion by “giving back” – particularly given the tough times people have been experiencing with Covid around the world.

So charity will form an even bigger part of our focus over the next 12 months than usual. Here are some of the activities the teams have been involved in or are planning:

Endace Corporate Charity

Endace has chosen to support The Glaucoma Foundation by making a corporate donation to support the foundation’s work on glaucoma research and treatment. Given Endace focuses on network visibility we felt working with a global charity that strives to protect human vision was extremely appropriate.

Regional Charities
  • Endace EMEA: continuing a long-term tradition, the EMEA team will be sponsoring MoD Field Gun Run events to raise money for the  Dorothy Hospice.
  • Endace North America: the US team is conducting a run/cycle challenge (recording their performances on Strava) to raise money for St Judes Research Hospital which focuses on children’s health.
  • Endace India: the team in India is funding two food carts, (donated via the Rotary Club of Chennai), to provide an income for two families in need.
  • Endace Australia: the team in Melbourne leveraged their culinary flair, getting together in the FareShare kitchen to cook food that is distributed to needy families via a wide range of charities.
  • Endace New Zealand: the NZ team is planning to volunteer with Sustainable Coastlines, an environmental charity, on beach-cleanup and tree-planting events to protect New Zealand’s waterways.

This slideshow requires JavaScript.

Team Celebrations

Endace’s birthday celebrations kicked off with a dinner for the NZ team and ViP guests, including two of the original founders. Appropriately, the dinner was held at the Gallagher Performing Arts Center back where things all got started – at the University of Waikato:

This slideshow requires JavaScript.

Each of the Endace teams around the world is conducting celebratory parties in their regions as Covid lockdowns allow.

Here are some of the photos from the UK team’s recent celebration which included completing the Yorkshire Three Peaks challenge to climb the three highest peaks in Yorkshire followed by a well-earned drink and dinner.

This slideshow requires JavaScript.

We are also capturing photo and video memories from current and ex Endacers, partners and friends, which we’ll continue to share over the next 12 months. Keep a lookout for the #endaceturns20 hashtag on LinkedIn, Twitter and here on the blog.


Packet Detectives Episode 3: Is my video conferencing really secure?

Original Entry by : Michael Morris

Demystifying Network Investigations with Packet Data

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

The Covid-19 pandemic has seen us all become all too familiar with video conferencing tools as we’ve switched to work-from-home. Zoom, Webex, GoToMeeting, and Microsoft Teams are all part of our daily work routine now.

We assume that all these services are secure and the content of our web conferencing and collaboration is encrypted and safe from eavesdroppers. But is it really secure? And where is all that data stored anyway?

In this third installment of Packet Detectives, industry-renowned SharkFest presenter and all-round Wireshark guru, Betty DuBois, takes an in-depth look at a web-conferencing session to find the answers to these questions, and shows how you can do the same for the web conferencing tools you use.

We hope you find this video useful. Please let us know if you have ideas for other examples you’d like to see.


Endace Packet Forensics Files: Episode #25

Original Entry by : Michael Morris

Michael talks to David Ellis, VP Sales and Corporate Relations, SecureIQLab

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

How does an organization quantify its cybersecurity readiness and robustness?  What does a strong cybersecurity posture look like?  These are questions many CISO and SecOps analysts are trying to figure out so they can sleep at night knowing they are doing all they can to protect their organization’s cyber assets.

In this episode of the Endace Packet Forensic files, I talk with David Ellis, VP of Sales and Corporate Relations for SecureIQLab, who shares his insights into what the SecureIQLab team sees in their role as both a test lab and a security assessment consultancy.

David outlines the elements of a successful security team and what metrics SecOps should be monitoring to quantify their security posture.  He shares common vulnerabilities that he sees many organizations are still facing and the table-stakes that every security team should have in terms of tools, processes, and policies.

Finally, David talks about what frameworks and standards teams should be adopting and what the process for your organization might look like if you want to get into a security audit and assessment.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #24

Original Entry by : Michael Morris

Michael talks to Ajit Thyagarajan, Principal Security Architect for Cisco

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

The cybersecurity landscape is constantly changing with new Zero-Day Threats, double-extortion ransomware attacks and continuously evolving phishing techniques. The volume of threats and the pace of change are impacting the way SecOps teams operate and pushing them to find new ways to connect disparate data sources in order to automate processes and improve incident response times.

You won’t want to miss this episode of the Endace Packet Forensic files as I talk with Ajit Thyagarajan, Principal Security Architect for Cisco, who talks about the challenges security analysts are facing and shares his views and ideas on how to improve their day-to-day operation.

Ajit shares the concept of the Intelligent Telemetry Plane that he and his team at Cisco have been developing. He highlights the value of the provenance of telemetry data and how important bringing different data sources together is to staying ahead of threat actors.

Finally, Ajit shares some ideas about the types of challenges a common telemetry management platform can help solve and what to keep your eyes on over the year ahead when it comes to security threats and cyber defense.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #23

Original Entry by : Michael Morris

Michael talks to Steve Tsirtsonis, Director EMEA Federal Business for Endace

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Nation-state cybersecurity is fast becoming the new battle frontline in international conflict. It is complicated by rogue threat actor groups inserting their cyber weapons into the mix, extorting money for funding, fanning the flames of nation-state disputes, and crippling potential targets.

You won’t want to miss this episode of the Endace Packet Forensic files as I talk with Steve Tsirtsonis, Director EMEA Federal Business for Endace, who shares his view of the threat landscape that government agencies around the world are facing and how it is evolving.

Steve talks about what he sees governments doing to combat escalating cyber threats, what are some of the unique challenges they face and how they are evolving their security using SOAR, AI and NDR tools to be as prepared as possible to defend critical infrastructure.

Finally, Steve gives his thoughts on the key things security teams should look out for in the years ahead and what we can all learn from government security practices.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #22

Original Entry by : Michael Morris

Michael talks to Michael Wallmannsberger, Security Consultant and former CISO of Air New Zealand

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, EndaceHas the fluidity of your network perimeter created holes in your cybersecurity defenses?

Tune in for this episode of the Endace Packet Forensic files as I get insights from expert cybersecurity consultant, and former CISO of Air New Zealand, Michael Wallmannsberger.

Michael shares some of the systemic and foundational mistakes that he sees organizations are continuing to make that hamper their security posture.  He gives some great advice for new CISOs as to what to prioritize and to focus on as they build their security maturity.

Finally, Michael shares, from a CISO’S perspective, some key elements to start with to help you walk before you run in your push for stronger cybersecurity. And highlights the importance of taking the time to develop your organization’s security competencies across the whole business.

Other episodes in the Secure Networks video/audio podcast series are available here.