Endace announced as double finalist in 2018 Computing Security Awards and UK IT Industry Awards

Original Entry by : Mark Evans

Computing Security Awards 2018

Our EndaceProbe™ Analytics Platform has been announced as a double finalist in the ‘Network Security Solution of the Year’ and the ‘Enterprise Security Solution of the Year’ categories for the 2018 Computing Security Awards.

The Computing Security Awards started in 2010 to recognize security champions and solutions throughout the UK IT industry. The winners of the awards will be announced on the 11th October at an awards ceremony dinner at the Radisson Blu Edwardian Hotel, London.

You can vote in all categories of the Computing Security Awards, here: http://www.computingsecurityawards.co.uk/?page=csa2018vote. If you can spare a minute to vote, we’d be very grateful for your support!

UK IT Industry Awards 2018

Endace has also been announced as a finalist in the 2018 UK IT Industry Awards in the ‘Security Innovation of the Year’ category.

The UK IT Industry Awards celebrates IT excellence and focuses on the contribution of individuals, projects, organizations and technologies that have excelled in the use, development and deployment of IT in the past 12 months. The award ceremony for the UK IT Industry Awards will take place on the 14th November in Battersea, London.

The EndaceProbe is the industry’s only, truly, open packet capture platform, allowing both hosting of and integration with commercial, open-source and custom analytics applications.

You can learn more about Endace’s network monitoring products, analytics platform, and network packet history recording solutions here.


Endace at Blackhat USA, 2018

Original Entry by : Mark Evans

Blackhat USA, 2018Endace is headed to Black Hat USA 2018. Now in its 21st year, this leading information security event provides attendees with the very latest in research, development, trends and solution showcase. The first four days (August 4-7) includes intense training for security professionals of all levels followed by the two-day (August 8-9) main event including the Exhibitor Showcase, briefings, arsenal, and more.

This is event is one of our USA team’s favorite event of the year.  Security professionals from across the country—and across the globe—converge upon the Sands Convention Center in Las Vegas to learn about the latest tools and trends, and to really network and learn from their peers. Our conversations with attendees are always in-depth, meaningful and a learning experience for everyone involved.

Endace will once again be showcasing our EndaceProbe Analytics Platform at our booth located in the lobby area outside of the hall in location # L5. Over the last year, Endace announced partnerships with a number of leading vendors including BluVector, Cisco, Dynatrace, Idappcom and Plixer. By deploying these analytics solutions on the EndaceProbe Analytics Platform, customers can consolidate hardware to reduce cost and dramatically reduce the time required to install new analytics solutions.

Stop by our booth at L5 and visit with the team, we’ll be giving away great swag!


Endace Team Winners at Cyber Challenge

Original Entry by : Mark Evans

This year’s Cyber Challenge, run by the University of Waikato, attracted a wide range of participants from around the country with participants attending from schools and tertiary institutions as well as industry.

The youngest competitor was just twelve-years-old!

As a longtime sponsor of the event, Endace this year decided to enter three teams in the challenge.

Teams participated in a series of challenges, including capture-the-flag challenges and a drone challenge. Endace team, Team Dark Arts (consisting of Deepak Ramaprasad, Leo Liu and Dr. Andreas Löf) took line honours after Rounds 1 and 2, taking out the prize for the winning team for Rounds 1 and 2.

Team Dark Arts donated their prize to the runners-up after Rounds 1 and 2, Team Arcton (Jeremy Symon and Grady Hooker, another industry team). Which then graciously donated the prize to the third-placed team, Team Purple (James Donaldson and Tom Crisp), another industry team.

However overall glory, and bragging rights for 2018, fell to Team Elliptic Curveballs (Jacob Cheatley, Michael Jang and Logan Krippner – all University of Waikato computer science students). Congratulations guys!

Associate Professor, Dr. Ryan Ko, Head of Cyber Security Lab and Director, New Zealand Institute for Security and Crime Science, said this year’s Cyber Challenge was the toughest yet.

“The standard of competitors keeps getting higher, but we’re also creating more challenging tasks. It speaks well for the future cybersecurity landscape, and the University of Waikato,” Dr. Ko said.

Congratulations to all the participants in this year’s Cyber Challenge, and our thanks to the team at the University of Waikato for hosting the event.

And to all the Endace participants, from all the teams: “well done, you did us proud!”


Another great year at the Hitech Awards

Original Entry by : Mark Evans

As the Crusaders and Hurricanes fought it out on a miserable, cold rainy night in the stadium across the carpark, a crowd of almost 800 people, dressed in their finery, descended on Christchurch’s Horncastle Arena for the 2018 Hitech Awards last week.

The Hitech Awards is the glamour event for New Zealand’s Hitech sector and features a stellar cast of 70 international and national judges judging entries across 13 categories, including our own David Earl.

Diversity was a big focus for the Hitech Trust this year, and it was really pleasing to see so many women represented amongst the finalists. Jen Rutherford, Chairperson of the Hitech Trust said “The number of finalists with female CEO’s has almost doubled year-on-year. Whilst we are not there yet, we are moving in the right direction. Our industry is truly in great shape.”

Endace sponsored the Most Innovative Hi-Tech Hardware Product Award, which was a keenly fought category again this year, with a wide range of products from Ubco‘s radical, off-road electric bike to a 3D Bioimaging device from Mars Bioimaging and innovative construction equipment from Calibre Contracting Equipment. The winner of the award was Enatel for its smart, modular charging solutions used to power material handling equipment.

Congratulations to all the finalists and winners. We wish them all the best of luck in their endeavors. And we look forward to seeing what innovative technology will appear at next year’s Hitech Awards.

For those that weren’t able to attend, here’s a highlights reel courtesy of our friends at Swaytech, who organized the event. Great job guys!


Endace partners with BluVector to bring advanced, AI-driven threat detection to the EndaceProbe Platform

Original Entry by : Mark Evans

As cyber threats become increasingly sophisticated, ensuring you’re not subject to a security breach is more important than ever before. That’s why we’re pleased to announce a new partnership with AI-driven network security company, BluVector.

Cortex, BluVector’s next generation, AI-based intrusion detection solution can now be deployed directly onto our EndaceProbe Analytics Platform. In addition, Cortex  integrates with the Network History recorded by EndaceProbes, enabling analysts to go from an alert in the Cortex dashboard directly to the related packets in EndaceVision with a single click.

A security intrusion doesn’t have to lead to a major breach or cyber incident. But detecting, investigating and responding to threats quickly is critical. The combination of BluVector’s state-of-the-art threat detection combined with Endace’s 100% accurate packet-level evidence means that SecOps teams can investigate, respond to and neutralize intrusions with great efficiency. Information collected from thousands of disparate data sources is analyzed and prioritized and made available instantly to SecOps teams. This allows analysts to quickly understand the severity of threats and minimize them before they have the chance to escalate into a breach.

If you are going to the RSA Conference in San Francisco, both the Endace and BluVector teams will be at Booth 1615, South Expo demonstrating our combined solution. Be sure to visit us to see what our powerful partnership can do for you! If you’d like to find out more, check out our BluVector partner page: endace.com/partners/fusion/bluvector


Digital Performance in Las Vegas: What to Expect from Dynatrace Perform 2018

Original Entry by : Mark Evans

We’re excited to be returning to Dynatrace Perform this year and will be showcasing our products in the exhibition hall. The show runs from Monday 29th to Wednesday 31st January, and we are a gold sponsor again this year.

Our partner, Dynatrace, is expecting more than 3,000 digital performance experts from across the globe to gather at The Bellagio in Las Vegas – yes that’s the hotel with the famous fountain!

At Perform, attendees will find out what’s new and learn about the latest trends in digital performance management.

The three days will feature a combination of training classes, live speaker sessions and keynotes on a diverse range of topics, including:

  • Artificial intelligence and the Internet of Things
  • Cloud innovation and automation
  • Container and microservices monitoring
  • DevOps best practices and digital experiences
  • Unified enterprise monitoring

We really enjoyed last year’s event, where we had a lot of interest from DC RUM users wanting to hear about how EndaceProbes can be used to provide back-in-time analysis of historical performance. This is something that can be accomplished using the Playback function of EndaceProbes – and provides a powerful tool for investigating issues that may have been missed, or unreported when they initially occurred.

This year, we are looking forward to attending some of the sessions by speakers from leading global organizations, such as Microsoft, PayPal, Virgin Money, and Mastercard, to name a few.

If you’re attending Dynatrace Perform this year, stop by and meet the Endace team. We’ll be on-hand showing how Dynatrace’s Agentless Monitoring Device (AMD) can be hosted on EndaceProbe’s in Application Dock, and how by clicking on an alert in the Dynatrace Central Analysis Server (CAS), the packets relating to the alert can instantly be retrieved from EndaceProbes for analysis using Dynatrace Network Analyser (DNA) or Wireshark.

We’ll also be demonstrating how, together, EndaceProbes and Dynatrace’s DC RUM (Data Centre Real User Monitoring) streamline real-time application performance investigations and provide definitive evidence for troubleshooting network and application performance problems. And how EndaceProbes can also host, and integrate with, other analytics applications such as network security or performance monitoring tools.

We look forward to meeting you at Perform and explaining more about how Endace’s technology delivers a unique advantage to DevOps, NetOps, IT Operations and SecOps teams responsible for ensuring the performance, reliability, and security of applications.


Endace Interns Tackle the Industry’s Biggest Challenges

Original Entry by : Mark Evans

Our Summer Internship Programme is back and this year we are pleased to welcome three new interns to the Endace team.

Induction

New Endace Interns Puzzle Over Designing a Self-Propelled Vehicle from Found Objects
New Endace Interns Puzzle Over Designing a Self-Propelled Vehicle from Found Objects

Interns are paired with a mentor and on day one have a team-building exercise (with a little friendly competition). Using only what they can find in the office and their wits and ingenuity, they need to build a race-worthy vehicle that can propel itself across the lunchroom of our Hamilton R&D center.

Endace’s Engineering Managers will judge the event for creativity, innovation and artistic merit. There are two rules: it can’t cause harm to people or property (so no mini tanks, sorry guys) and it can’t use fire in any form (such as for a propellant).

The interns and their mentors have been challenged by the Auckland-team for a rematch at the end of their internship. So, let the games begin!

The Intern Programme

Throughout the next 12 weeks, our interns will be heavily involved with R&D projects that are designed to give them an edge in the technology industry and help shape the future of packet-capture and network monitoring technologies.

They will complete 1,500 hours of project-based R&D work, receive up to 100 dedicated mentoring hours and have the opportunity to prepare formal professional and career development plans.

They’re also given 64 hours of structured training which will give them an overview of running a technology business across different areas – including finance, supply chain, sales and quality control.

The culmination of the 12-week programme is a presentation and shared learning session between the interns and members of the senior leadership team, project managers and their mentors.

Endace is excited to welcome our new team of interns and looking forward to working with them on a number of projects. We are committed to ensuring their internship is a robust experience that supports their innovation, drive and talent development and that it is an experience that they’ll remember fondly. Endace is a committed member of the NZ Tech community.

We are proud of the Endace Internship Programme and see it as a great way to help computer science students and graduates build talent and experience and grow the industry. And it helps demonstrate why Endace is an employer of choice for IT and engineering graduates in New Zealand.


Sharkfest Europe 2017: A week at Wireshark

Original Entry by : Mark Evans

It was an interesting week at SharkFest Europe 2017 this month. The Annual Sharkfest conference ran from 7th-10th November at the rather comfortable Palacio Estoril in Estoril, Portugal. Endace was there and our CTO, Dr. Stephen Donnelly, presented a session on packet capture meta-data.

This was the second Wireshark Europe event and was very well attended, attracting attendees from more than 30 countries. Congratulations to Janice and the team for an excellent event – and we look forward to hearing more about the inaugural Wireshark Asia in due course.

Stephen’s presentation, ‘Augmenting Packet Capture with Contextual Meta-Data: the What, Why & How’, was well received by the audience.

For those who couldn’t make SharkFest, here is a video of the presentation (if you’d like a copy of the full presentation please let us know)

Stephen outlined the importance of retaining context for packet capture files by pointing out that the oft-use line “Packets Don’t Lie” isn’t true if:

  • You don’t know where they came from
  • You don’t know if there was packet loss
  • You don’t know if they’ve been filtered
  • You don’t know if the time stamps are right

This becomes even important in environments where packet capture is happening in multiple places across a distributed network. Understanding where the packets came from, and what the state of the environment was like at the time, is crucial if you are to draw solid conclusions from examining the packet trace file.

The role of metadata, Stephen argues, is to provide this context. He went on to talk about some of the different types of packet capture metadata and what it can be useful for, outlining three main categories of metadata:

  • Static metadata: data about things that do not change over time, such as the host name of the system that captured the packets, the speed of the link and so on.
  • Dynamic metadata: data about environmental conditions that change over time – such as optical power levels or timing accuracy.
  • Post-capture metadata: data such as user comments, flow information, statistics and annotations from analytics applications that process the captured packet data.

Stephen took a deep dive into three common formats for packet trace files – pcap, pcagng (now the default format in Wireshark) and Provenance™ and approach to writing metadata used in Endace’s Extensible Record Format (ERF) (which is also compatible with Wireshark). The presentation looked at what each offers in terms of  recording packet capture metadata and how they go about associating it with packet trace files.

Provenance uses a different approach to writing metadata into packet capture files from either pcap or pcap ng. Provenace is designed to be able to record changing (dynamic data) that may change during the course of a packet capture. It works by writing a Provenance record into the ERF capture file once every second, as the diagram below shows.

Provenance metadata records written into an ERF format packet capture stream
Provenance metadata records written into an ERF format packet capture stream

One of the use cases for this is recording the accuracy of time stamping information over the course of a packet capture of high-frequency trade data. Under new MiFID 2 regulations which come into force in 2018, traders must record every trade and be able to demonstrate that the recorded trade data is timestamped accurately to a time-source that is synchronized to UTC with a maximum divergence of less than 100 microseconds. Provenance provides an easy way for them to record compliance with this regulatory obligation.

If you have an interesting use case for packet capture metadata (particularly post-capture metadata use cases), we’d love to hear more. Let us know. We see this as a fascinating area for further development.

SharkFest was an excellent opportunity for the Endace team to meet like-minded members of the Wireshark global community, including the original creator of the Wireshark Core Developers, Gerald Combs, and to share knowledge of the best practices in packet analysis.

We’re looking forward to seeing how SharkFest continues to grow in scale and influence, with three SharkFest events taking place in 2018, including the first-ever SharkFest Asia in Singapore.


10th Anniversary SharkFest in Pittsburgh a great success

Original Entry by : Mark Evans

Last week saw the 10th Annual SharkFest conference held in Pittsburgh at Carnegie Mellon University.

SharkFest is a conference for developers and users of the open-source Wireshark application, and draws a varied audience including people from NetOps, SecOps, Telcos, Government, industrial plant operators and manufacturers as well as vendors.

One of the real strengths of SharkFest is that it’s not too big. While large enough to attract Wireshark users and developers from around the world, SharkFest still remains intimate enough for the attendees to have plenty of opportunity to engage with Wireshark’s creator and lead developer, Gerald Combs, and core Wireshark developers and to have input into the future direction of Wireshark.

Amongst all attendees there was general recognition of the growing importance of packet history in providing ground truth for investigating security events and troubleshooting network problems. There was also recognition of the growing importance of continuous – as opposed to ad-hoc – packet capture in providing evidence for security investigations, and a number of presentations referenced the challenges of multi-point packet capture.

Endace CTO, Dr Stephen Donnelly, spoke about augmenting packet capture with contextual metadata – which becomes especially critical when implementing multi-point continuous packet capture solutions. Metadata allows packet history to be self-describing, so its context can be carried along with the data wherever that data may be consumed. Stephen’s SharkFest presentation is online and can be viewed below.

SharkFest is always a very interesting and valuable conference. It is a great opportunity to be part of helping to shape what has become an incredibly important tool for our industry.

Endace was very pleased to be a sponsor at SharkFest 2017, and we’re looking forward to SharkFest Europe later in the year too. Thanks to the SharkFest team (and the fantastic Janice Spampinato) for all your help. Great job!

 

 


London’s magnificent Olympia plays host to Infosecurity Europe 2017

Original Entry by : Mark Evans

More than 18,000 Cybersecurity professionals from around the world gathered last week for the Infosecurity Europe 2017 at London’s magnificent Olympia.

Infosecurity Europe is one of Europe’s pre-eminent shows. It’s always an exciting event, and this year was no exception.

This year’s theme was entitled “Cybersecurity at the Speed of Business”  and there was an evident buzz in the air. The Endace team were kept busy on the stand for the entire three days with lots of visitors keen to talk about how to integrate network history with their security tools.

The conference featured keynote addresses from Dame Stella Rimington, the first female director of MI5, media personality and broadcaster Barry Paxman, and Lord Sebastian Coe, as well as presentations from more than 200 other speakers.

It was a great show, and we look forward over the next few weeks to catching up with everyone we met. It was great to catch up with the team from Plixer too. Infosecurity 2018 looks like it’ll be even bigger and better, and we’re already locking in a spot for next year.