Michael talks to Michael Wallmannsberger, Security Consultant and former CISO of Air New Zealand
By Michael Morris, Director of Global Business Development, Endace
Has the fluidity of your network perimeter created holes in your cybersecurity defenses?
Tune in for this episode of the Endace Packet Forensic files as I get insights from expert cybersecurity consultant, and former CISO of Air New Zealand, Michael Wallmannsberger.
Michael shares some of the systemic and foundational mistakes that he sees organizations are continuing to make that hamper their security posture. He gives some great advice for new CISOs as to what to prioritize and to focus on as they build their security maturity.
Finally, Michael shares, from a CISO’S perspective, some key elements to start with to help you walk before you run in your push for stronger cybersecurity. And highlights the importance of taking the time to develop your organization’s security competencies across the whole business.
Other episodes in the Secure Networks video/audio podcast series are available here.
By Michael Morris, Director of Global Business Development, Endace
Security teams are overloaded – they have too many alerts, and tools that aren’t integrated. There’s simply not enough of the right information in the hands of security analysts to enable them to investigate issues quickly and confidently.
Organizations need integrated security tools that raise their odds of detecting threats and give them the confidence that they really know what is happening – or has happened – anywhere on their networks.
Today that battle is changing. The game is being tilted in the favor of SecOps teams as analysts can now leverage the power of two powerful and tightly integrated security platforms – Corelight NDR and the EndaceProbe Analytics Platform – to detect and hunt for threats in their networks.
Corelight’s enterprise-ready Zeek and Suricata engines allow SecOps teams to fully analyze network traffic data for threats, protocol insights and application anomalies. Corelight Sensors harness the simplicity of Zeek with enterprise-level performance, scale and administrative capability to give SOCs gain rapid visibility into what’s happening on their network.
Corelight’s out of the box integration of Zeek and Suricata provides a powerful, flexible, and easy-to-deploy security platform that delivers simple and scalable network detection and the detailed insights critical to any security team.
The EndaceProbe “always-on” network recording and packet capture platform gives customers 100% visibility into every packet anywhere on the network, enabling powerful real-time and back-in-time forensic investigation and event reconstruction.
The EndaceProbe platform scales to record traffic at full line-rate across your whole environment. Delivering high-speed centralized search and easy drill-down workflows from your SIEMS or other security tools directly to the recorded network traffic relevant to a specific alert or investigation. Additionally, Endace’s open platform architecture lets you host solutions such as Corelight Sensors as virtualized instances directly on the EndaceProbe appliance to analyze the traffic in real-time as it is recorded. This hosting capability allows you to consolidate key security tools onto a common hardware platform, reducing costs and enabling agile deployment of tools to wherever you need them across your network without additional hardware rollout and configuration.
The power of combining EndaceProbes with Corelight sensors helps customers to solve difficult security challenges like supply-chain attacks or advanced persistent threats, that are often difficult to detect and enable attackers to hide for long periods in the network by camouflaging their activity using sophisticated stealth techniques such as modifying or deleting logs or other evidence.
Having powerful detection and traffic analysis integrated with a tamper-resistant record of network activity in the form of recorded packet history streamlines forensic investigations and threat hunting efforts, making security teams more efficient and effective. Real-world problems such as identifying command and control traffic, spoofed DNS, or lateral movement inside your network can be solved in minutes.
Large technology firms, banks, and government agencies around the globe are enthusiastically embracing the power of Corelight and Endace to help them better secure their environments. To learn more about how together Endace and Corelight can help you better secure your environment check out the short demo video below and Corelight’s partner page on endace.com.
Michael talks to Alex Kirk, Global Principal Engineer, Corelight
By Michael Morris, Director of Global Business Development, Endace
Are you aware if your network has spoofed DNS traffic and do you know what things to look for in your network traffic to find supply chain attacks?
If you’re not sure then you won’t want to miss this episode of the Endace Packet Forensic files as I talk with Alex Kirk Director Global Principal Engineer for Corelight.
Alex gives his expert insights into the Solarwinds Sunburst supply-chain attack, what to look for, and why it took so long for security experts to uncover the threat. He highlights the importance of asset management and the integration of IT planning into security operations practices and policies.
Finally, Alex gives tips for finding and preventing these types of attacks in the future and advises where he still sees many organizations have gaps in their security stacks.
Other episodes in the Secure Networks video/audio podcast series are available here.