Earlier this month, I enjoyed some time working with LAN Assistans, our Nordic partner, as we co-exhibited at Nordic IT Security 2013 in Stockholm, Sweden. As part of our participation package, we had a short “open mic” session over lunch to talk about our security topic of choice. Being stripped of my familiar presentation support aids like PowerPoint slides and asked to just stand up and talk really focused my mind (and increased my adrenaline levels!).
I often hear our team talk about our network recording and visualization solutions’ technical innovations, performance and features. In truth, Endace solutions have grown up from a DNA of engineering excellence, so it’s not so surprising that we love talking about our great technology! But for this open mic session, I thought I’d take a different approach and think about what our solutions enable our customers to do…here is a snippet of my “open mic” session:
Informed and Effective
We’re all a lot smarter after the event,” if only I had known …“
We’re Endace and we provide the equivalent of a time machine for your network so that you can know exactly what happened when, where and how. We enable you to replay and analyze 100% of your network traffic before, during and after any network event so that you can identify and understand everything that happened. And that’s really useful for security operations.
When security issues occur, network security operations professionals are instantly under massive pressure from their organization to explain and resolve the problem. So how fast can you react to a security anomaly? And even more importantly, are you giving yourself the best chance of success when you act by ensuring that your actions are informed, appropriate and effective? When we combine our experience, instinct and understanding with hard evidence and insight, then we give ourselves the very best chance to make rapid, successful security interventions and actions.
So many of the security threats we now face are unknown, as attack vectors continue to diversify and accelerate. Advanced persistent threats present unknown unknowns that are impossible for us to anticipate. Defense and control are rationale and important steps, but by their very nature, focus on protecting against known vulnerabilities and threats and can’t be a complete security solution. Early identification and understanding of anomalous and nefarious network traffic is key to retarding and then eliminating the propagation pathways of attacks and the staging of malicious code.
The Truth is in The Packets
With simple integration into your favorite security event management tools, our high fidelity, high performance EndaceProbe Network Recorders can be deployed on any speed link anywhere on your network to capture, record and index every single network packet, flow and conversations and make it available for analysis. We’re like a turbocharged TiVo DVR, but for your network and your own private “Google of packets.”
“Why did my DNS traffic just peak?” Perhaps it’s a BotNet calling home and propagating across your organization. Well, most monitoring solutions that just sample traffic may pick up on the DNS spike but only true high fidelity packet capture will give you the insight that DNS packets have been hijacked by a threat. It’s the difference between a fire alarm and CCTV in a building. One tells you there’s a fire, the other will show you who caused it, when, when where and how so you can reduce or remove the risk next time.
Swedes like Mice
So what did I take away from the Nordic IT Security Event? Well, my open mic session seemed to encourage plenty of visitors to our stand to find out more about our network recording and visualization solutions (of course, our very cool branded giveaways may have also been a factor – the favorite seemed to be our very cool USB illuminated travel mice!).
I also heard a lot of enterprises looking to evaluate sourcing their security operations as a managed service. Balancing responsiveness and control vs. risk transference and cost is often the reality of making your security budget go the distance. We’re already working with service providers like LAN Assistans on enabling managed service customers to get the advantage of “actionable insight” that Endace’s network recording and visualizations brings.