Pay(Pal)ing the Price: TIO’s Inevitable Breach?

Original Entry by : Sebastian Mackay

Late last month, Paypal announced that TIO Networks, a company it acquired in July 2017, experienced a major data breach that has compromised the sensitive information of approximately 1.6million customers.

While Paypal has publicly acknowledged the breach, which could have occurred any time before it acquired TIO, customers are still unaware of the impact the brief and Paypal has yet to contact customers to notify them of the data that may have been accessed.

However, in a statement Paypal did say it had “identified a potential compromise of personally identifiable information for approximately 1.6 million customers.”

Paypal should be commended for identifying the breach and taking full responsibility. However, introducing free identity theft insurance and credit checks shows us that the information that may have been breached is incredibly sensitive – and could possibly be used to damage a credit rating or for identity theft. Further to this, Paypal has stated that TIO services, “will not be fully restored until [PayPal] are confident in the security of the TIO systems and network” a measure it has taken in order to protect its customers.

For all the work Paypal is doing to address the impact of this breach, it’s interesting to see just how long it has taken to identify and respond to the breach. According to reports, the breach occurred sometime before the acquisition and was announced a full four months later, in November.

TIO Networks and Paypal stand as a message to other companies: the question you’re asking shouldn’t be: will a breach occur? But when will a breach occur or has one occurred?

Recorded Network History lets SecOps teams quickly find, rewind and playback relevant network traffic and investigate security alerts before they turn into more serious breaches . And in the event of a breach like TIO’s, recorded Network History could have also allowed their SecOps team to get ahead of the breach before it was found by Paypal.

For the TIO Networks analysts, the ability to go back and examine the packets to see exactly what happened on their network could have substantially reduced the damage caused by the hackers. And for Paypal, it could have prevented a financial hit.

This breach also highlights the need for cybersecurity audits to be included as a key part of the due-diligence process when companies are looking at potential acquisitions. As we saw with the purchase of Yahoo, the potential cost of dealing with an inherited breach can have a significant impact on the value of the company. Knowing the risk of having to deal with such an inherited breach can help the acquirer to avoid being hit with significant unexpected costs.

With EndaceProbes Network Recorders SecOps teams can investigate and respond to data breaches quickly and conclusively.

In the event of a breach they can be sure exactly what happened: how the attacker got in, and what was compromised. Which means they can respond appropriately – offering credit and identity theft protection to their customers, or not if the breach wasn’t sufficiently serious to warrant it.


Endace Interns Tackle the Industry’s Biggest Challenges

Original Entry by : Mark Evans

Our Summer Internship Programme is back and this year we are pleased to welcome three new interns to the Endace team.

Induction

New Endace Interns Puzzle Over Designing a Self-Propelled Vehicle from Found Objects
New Endace Interns Puzzle Over Designing a Self-Propelled Vehicle from Found Objects

Interns are paired with a mentor and on day one have a team-building exercise (with a little friendly competition). Using only what they can find in the office and their wits and ingenuity, they need to build a race-worthy vehicle that can propel itself across the lunchroom of our Hamilton R&D center.

Endace’s Engineering Managers will judge the event for creativity, innovation and artistic merit. There are two rules: it can’t cause harm to people or property (so no mini tanks, sorry guys) and it can’t use fire in any form (such as for a propellant).

The interns and their mentors have been challenged by the Auckland-team for a rematch at the end of their internship. So, let the games begin!

The Intern Programme

Throughout the next 12 weeks, our interns will be heavily involved with R&D projects that are designed to give them an edge in the technology industry and help shape the future of packet-capture and network monitoring technologies.

They will complete 1,500 hours of project-based R&D work, receive up to 100 dedicated mentoring hours and have the opportunity to prepare formal professional and career development plans.

They’re also given 64 hours of structured training which will give them an overview of running a technology business across different areas – including finance, supply chain, sales and quality control.

The culmination of the 12-week programme is a presentation and shared learning session between the interns and members of the senior leadership team, project managers and their mentors.

Endace is excited to welcome our new team of interns and looking forward to working with them on a number of projects. We are committed to ensuring their internship is a robust experience that supports their innovation, drive and talent development and that it is an experience that they’ll remember fondly. Endace is a committed member of the NZ Tech community.

We are proud of the Endace Internship Programme and see it as a great way to help computer science students and graduates build talent and experience and grow the industry. And it helps demonstrate why Endace is an employer of choice for IT and engineering graduates in New Zealand.


Endace Sponsors Royal Navy team at 2017 International Tattoo

Original Entry by : Steve Tsirtsonis
Birmingham Tattoo 2017
Endace sponsors Royal Navy team at the 2017 Tattoo in Birmingham

Endace was the proud sponsor of the Royal Navy at the Birmingham International Tattoo 2017.

For those not familiar with the pomp and ceremony of such events, the tattoo is an elaborate celebration of the military. It includes music, advanced drill, dance and, most importantly, a Field Gun competition.

 

Royal Navy team huddles before the field gun competition
Team huddle, The Royal Navy team prepares before the field gun competition

Endace was a previous sponsor of MOD Corsham’s Tri-Service Field Gun Crew, which won the Plate 1 Final at the Royal Navy Royal Marines Charity Field Gun Competition at HMS Collingwood. So when we were invited to be the sole sponsor of the Royal Navy at the 2017 International  Tattoo in Birmingham we were thrilled to accept the opportunity to support this highly enjoyable event.

 

The team from the Royal Navy performed admirably over the two days. Well done to everyone in what was an extremely tough competition!.

Take a look at the video below to see the team in action: