Well it’s official, the finalists for the 2017 New Zealand Hitech Awards have been announced. It was another record breaking year, with almost a third more entries than last year, and a great selection of both established and new companies amongst the finalists.
Endace is proud to be a sponsor of the 2017 Hitech Awards, and we would like to congratulate all this year’s finalists and, in particular, the finalists in the Endace Innovative Hi-Tech Hardware Product category, a category obviously very dear to our heart!
So congratulations to Adherium, DARCTechnologies,EROAD and Shotover Camera Systems. It’s a fantastic achievement to be a finalist amongst such strong competition. Well done for making the finals and we wish you the very best of luck.
“One of my worst nightmares [as an attacker] is that out-of-band network tap that really is capturing all the data, understanding anomalous behaviour going on. And someone’s paying attention to it.” Rob Joyce, NSA: “Disrupting Nation State Attackers, Jan 2016” (22:10)
It’s great to see the efficacy of packet capture and network recording acknowledged by such an eminent cybersecurity Tsar as Rob Joyce.
If you haven’t already seen his video presentation on Disrupting Nation State Attackers, it’s well worth a watch. Before being shoulder-tapped to take up his new role as a cybersecurity advisor to Trump’s National Security Council, Joyce headed up the Tailored Access Operations division of the NSA.
The NSA’s TAO division is responsible for “providing tools and expertise in computer network exploitation to deliver foreign intelligence.” In other words, it is responsible for finding, and taking advantage of, the very network vulnerabilities that we’re all trying to protect against.
In his presentation at the Usenix Enigma conference last year, Joyce outlined key steps organizations can take to protect themselves against the sort of sophisticated techniques employed by Nation State attackers and criminal elements looking to attack your network.
Much of his advice is practical common sense. Know everything on your network, understand it, and update and patch everything. We all know this is critical, but all too often it doesn’t happen. Take patching for example. Joyce says that, in his experience, many organizations undertake security audits to identify known vulnerabilities, but frequently have still not fixed those vulnerabilities by the time the next audit rolls around months later.
Joyce also explodes a common myth – that sophisticated intruders rely on zero day threats. In fact, he says, zero day threats are far from being biggest danger to corporate networks. For any large network, he says:
“Persistence and focus will get you in and achieve that exploitation without the zero days. There’s so many vectors that are easier, less risky and quite often more productive.”
The cause of most intrusions, says Joyce, come down to one of things (the “Big Three”):
Email: “a user clicked on something they shouldn’t have”
Malicious websites – “they’ve gotten to a malicious website … and it’s either executed or they’ve run content from that website.”
Removable media – “where a user inserted contaminated media“. [As an aside, someone once told me the easiest way to get malware into an organization is to load it on a USB stick labelled “Payroll”, drop it in the carpark and leave the rest to curiosity!].
Joyce outlines the importance of making sure that sources of information about activity on the network – such as log files or network packet captures – are actually being monitored. “You’d be amazed at incident response teams that go in and there’s been some tremendous breach .. Yep, there it is right there in the logs.”
But perhaps the best piece of strategic advice he offers is this:
“Consider that you’re already penetrated. Do you have the means and methods to understand if somebody’s inside your network?”
That change in focus is important. Statistics show intrusions are becoming increasingly commonplace. Once organizations move from “we need to make sure we’re not penetrated” to “maybe we already are penetrated” they start to understand what tools, skills and processes they need to put in place to identify intrusions and stop an initial penetration from going on to become a more serious data breach. Or, if they have already been breached, what do they need to make sure they can identify how it happened and what was compromised?
Joyce’s presentation is a salient reminder that ensuring the basics of network security hygiene is critical. And that the battle to defend against attackers is an ongoing one. As fast as you tighten up your security, new vulnerabilities emerge that put you at risk.
Take a look at the video. You’ll find it’s 30 minutes of your time very well spent!
Some of the useful resources that Joyce discusses and recommends are listed below
It’s a busy time for the Endace Australia team. Fresh back from exhibiting at the Australian Cyber Security Conference in Canberra last week, the team is off to Blackhat Asia in Singapore next week (March 28-21). We’ll report back on that event in due course.
The ACSC conference was very lively, with more than 1600 attendees descending on Canberra for the week.
We had a number of very interesting conversations with attendees from both government and commercial organizations. It was clear from many of these conversations that organizations are increasingly looking to packet capture and network recording as a crucial component of their cybersecurity toolset. Either they’re already doing some level of packet capture (often ad-hoc) and they’re interested in extending that capability. Or they’ve recognised the need for complete packet capture and are actively looking to include it as part of their cybersecurity arsenal.
This is great to hear. Our customers have recognised for a long time that packet-data is an unparalleled resource for cybersecurity investigations and it’s clear the wider market is moving in that direction too.
One of the common themes attendees talked about was how the proliferation in the number of security tools is making it difficult for them to get a coherent, single view of threats and activity on the network. We agree, and we talked with many attendees about the need for better integration between security solutions.
Many were interested to hear that our EndaceProbe Network Recorders can integrate with the tools that they are already using – such as Cisco’s Firepower NG IPS, Plixer’s Scrutinizer and Splunk. This integration lets analysts jump directly from alerts in those tools to examine the underlying packet-level network history and see exactly what has taken place. This makes for streamlined investigations, and helps analysts to eliminate false positives, and identify, prioritize and respond to the real threats more quickly.
ACSC 2017 was a great conference, and we look forward to coming back to be part of ACSC 2018. Thanks to the ACSC team for making it a very successful event!
Upwards of 12,000 people packed Messe Berlin for the Cisco Live Europe 2017 event last week. It was a busy, exciting and noisy atmosphere and a lot of fun to attend. As a Cisco Solutions Partner, Endace was pleased to be invited to be one of the vendors exhibiting in the Cisco Security Partner Village.
Cybersecurity was a hot topic at Cisco Live, and the Security Partner Village was bustling, with lots of attendees interested in seeing the latest cybersecurity solutions.
Endace’s Sandrine Kubach and Rob Earley were inundated with people interested to find out how we integrate our full packet capture solutions with Cisco’s security solutions.
Sandrine and Rob demonstrated the integration between our EndaceProbe Network Recorders and Cisco’s Firepower NG-IPS.
Endace’s Fusion Connector for Firepower allows security analysts to click from an alert in the Firepower Management Console to instantly view and analyze related network packets recorded on EndaceProbes. This streamlined workflow dramatically reduces investigation times and provides definitive evidence of exactly what has happened so analysts can respond appropriately.
It was great to have another of our partners, Plixer, demonstrating the integration between Scrutinizer and EndaceProbes at a stand just metres away from our own too!
Cisco Live Europe was a fantastic event. To all those who stopped by our stand, thank-you for making the time. It was great to meet you and we look forward to talking to you again soon.
Thanks to the Cisco team for their wonderful organization and support. We’re excited about being at Cisco Live US in Las Vegas later in the year!
If you weren’t able to make it to Berlin, check out the great highlights reel that Cisco has put together – it gives a great sense what a busy event it was: