Endace Packet Forensics Files: Episode #27

Original Entry by : Michael Morris

Michael talks to Phillip Solakov, Client Solutions Director at Optiv

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, EndaceCyber security teams around the globe are embarking on a variety of “modernization” initiatives, as they try to keep up with the dynamic threat landscape, but what are the must-have elements if you are looking to modernize your SOC?

You won’t want to miss this episode of the Endace Packet Forensic files as I talk with Phillip Solakov, Client Solutions Director for Optiv Canada, as he shares his view of what “SOC Modernization” means and what’s driving these efforts.

Phillip explains some of the biggest issues SOC teams are facing and things they are working on to overcome these challenges. He drills into how alert fatigue is compounded with more detection tools, more telemetry and why it is becoming critical for more automation in SOC processes and tools.

Finally, Phillip highlights some things SOC teams are still missing with the continuously expanding attack surface, and he gives some examples of how these gaps can still be addressed with the right security architecture and mindset.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #26

Original Entry by : Michael Morris

Michael talks to Pavel Minarik, CTO of Kemp Technologies

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Many organizations are undertaking SOC and NOC modernizations, but what does this mean and what is driving it?

If your company is planning a “modernization” you won’t want to miss this episode of the Endace Packet Forensic files as Pavel Minarik, CTO of Kemp Technologies, talks about what’s important and what is fueling the need to modernize.

Pavel gives his insights into some of the biggest challenges NOCs and SOCs are facing and shares some tips to help these separate teams work together and collaborate more.  He underscores why this is becoming more important with increasing network complexity, virtualization, and escalating threat attack vectors.

Finally, Pavel talks about why network traffic is such a foundational data source for both NoCs and SoCs and the pros and cons of flow-based monitoring vs full packet monitoring. He shares the best practices analysts are adopting to become improve investigation efficiency and reduce incident response times.

Other episodes in the Secure Networks video/audio podcast series are available here.


Packet Detectives Episode 3: Is my video conferencing really secure?

Original Entry by : Michael Morris

Demystifying Network Investigations with Packet Data

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

The Covid-19 pandemic has seen us all become all too familiar with video conferencing tools as we’ve switched to work-from-home. Zoom, Webex, GoToMeeting, and Microsoft Teams are all part of our daily work routine now.

We assume that all these services are secure and the content of our web conferencing and collaboration is encrypted and safe from eavesdroppers. But is it really secure? And where is all that data stored anyway?

In this third installment of Packet Detectives, industry-renowned SharkFest presenter and all-round Wireshark guru, Betty DuBois, takes an in-depth look at a web-conferencing session to find the answers to these questions, and shows how you can do the same for the web conferencing tools you use.

We hope you find this video useful. Please let us know if you have ideas for other examples you’d like to see.


Endace Packet Forensics Files: Episode #25

Original Entry by : Michael Morris

Michael talks to David Ellis, VP Sales and Corporate Relations, SecureIQLab

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

How does an organization quantify its cybersecurity readiness and robustness?  What does a strong cybersecurity posture look like?  These are questions many CISO and SecOps analysts are trying to figure out so they can sleep at night knowing they are doing all they can to protect their organization’s cyber assets.

In this episode of the Endace Packet Forensic files, I talk with David Ellis, VP of Sales and Corporate Relations for SecureIQLab, who shares his insights into what the SecureIQLab team sees in their role as both a test lab and a security assessment consultancy.

David outlines the elements of a successful security team and what metrics SecOps should be monitoring to quantify their security posture.  He shares common vulnerabilities that he sees many organizations are still facing and the table-stakes that every security team should have in terms of tools, processes, and policies.

Finally, David talks about what frameworks and standards teams should be adopting and what the process for your organization might look like if you want to get into a security audit and assessment.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #24

Original Entry by : Michael Morris

Michael talks to Ajit Thyagarajan, Principal Security Architect for Cisco

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

The cybersecurity landscape is constantly changing with new Zero-Day Threats, double-extortion ransomware attacks and continuously evolving phishing techniques. The volume of threats and the pace of change are impacting the way SecOps teams operate and pushing them to find new ways to connect disparate data sources in order to automate processes and improve incident response times.

You won’t want to miss this episode of the Endace Packet Forensic files as I talk with Ajit Thyagarajan, Principal Security Architect for Cisco, who talks about the challenges security analysts are facing and shares his views and ideas on how to improve their day-to-day operation.

Ajit shares the concept of the Intelligent Telemetry Plane that he and his team at Cisco have been developing. He highlights the value of the provenance of telemetry data and how important bringing different data sources together is to staying ahead of threat actors.

Finally, Ajit shares some ideas about the types of challenges a common telemetry management platform can help solve and what to keep your eyes on over the year ahead when it comes to security threats and cyber defense.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #23

Original Entry by : Michael Morris

Michael talks to Steve Tsirtsonis, Director EMEA Federal Business for Endace

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Nation-state cybersecurity is fast becoming the new battle frontline in international conflict. It is complicated by rogue threat actor groups inserting their cyber weapons into the mix, extorting money for funding, fanning the flames of nation-state disputes, and crippling potential targets.

You won’t want to miss this episode of the Endace Packet Forensic files as I talk with Steve Tsirtsonis, Director EMEA Federal Business for Endace, who shares his view of the threat landscape that government agencies around the world are facing and how it is evolving.

Steve talks about what he sees governments doing to combat escalating cyber threats, what are some of the unique challenges they face and how they are evolving their security using SOAR, AI and NDR tools to be as prepared as possible to defend critical infrastructure.

Finally, Steve gives his thoughts on the key things security teams should look out for in the years ahead and what we can all learn from government security practices.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #22

Original Entry by : Michael Morris

Michael talks to Michael Wallmannsberger, Security Consultant and former CISO of Air New Zealand

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, EndaceHas the fluidity of your network perimeter created holes in your cybersecurity defenses?

Tune in for this episode of the Endace Packet Forensic files as I get insights from expert cybersecurity consultant, and former CISO of Air New Zealand, Michael Wallmannsberger.

Michael shares some of the systemic and foundational mistakes that he sees organizations are continuing to make that hamper their security posture.  He gives some great advice for new CISOs as to what to prioritize and to focus on as they build their security maturity.

Finally, Michael shares, from a CISO’S perspective, some key elements to start with to help you walk before you run in your push for stronger cybersecurity. And highlights the importance of taking the time to develop your organization’s security competencies across the whole business.

Other episodes in the Secure Networks video/audio podcast series are available here.


Changing the Game for Network Security Investigations

Original Entry by : Michael Morris

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, EndaceSecurity teams are overloaded – they have too many alerts, and tools that aren’t integrated. There’s simply not enough of the right information in the hands of security analysts to enable them to investigate issues quickly and confidently.

Organizations need integrated security tools that raise their odds of detecting threats and give them the confidence that they really know what is happening – or has happened – anywhere on their networks.

Today that battle is changing. The game is being tilted in the favor of SecOps teams as analysts can now leverage the power of two powerful and tightly integrated security platforms – Corelight NDR and the EndaceProbe Analytics Platform – to detect and hunt for threats in their networks.

Corelight’s enterprise-ready Zeek and Suricata engines allow SecOps teams to fully analyze network traffic data for threats, protocol insights and application anomalies. Corelight Sensors harness the simplicity of Zeek with enterprise-level performance, scale and administrative capability to give SOCs gain rapid visibility into what’s happening on their network.

Corelight’s out of the box integration of Zeek and Suricata provides a powerful, flexible, and easy-to-deploy security platform that delivers simple and scalable network detection and the detailed insights critical to any security team.

The EndaceProbe “always-on” network recording and packet capture platform gives customers 100% visibility into every packet anywhere on the network, enabling powerful real-time and back-in-time forensic investigation and event reconstruction.

The EndaceProbe platform scales to record traffic at full line-rate across your whole environment. Delivering high-speed centralized search and easy drill-down workflows from your SIEMS or other security tools directly to the recorded network traffic relevant to a specific alert or investigation. Additionally, Endace’s open platform architecture lets you host solutions such as Corelight Sensors as virtualized instances directly on the EndaceProbe appliance to analyze the traffic in real-time as it is recorded. This hosting capability allows you to consolidate key security tools onto a common hardware platform, reducing costs and enabling agile deployment of tools to wherever you need them across your network without additional hardware rollout and configuration.

The power of combining EndaceProbes with Corelight sensors helps customers to solve difficult security challenges like supply-chain attacks or advanced persistent threats, that are often difficult to detect and enable attackers to hide for long periods in the network by camouflaging their activity using sophisticated stealth techniques such as modifying or deleting logs or other evidence.

Having powerful detection and traffic analysis integrated with a tamper-resistant record of network activity in the form of recorded packet history streamlines forensic investigations and threat hunting efforts, making security teams more efficient and effective. Real-world problems such as identifying command and control traffic, spoofed DNS, or lateral movement inside your network can be solved in minutes.

Large technology firms, banks, and government agencies around the globe are enthusiastically embracing the power of Corelight and Endace to help them better secure their environments. To learn more about how together Endace and Corelight can help you better secure your environment check out the short demo video below and Corelight’s partner page on endace.com.


Endace Packet Forensics Files: Episode #21

Original Entry by : Michael Morris

Michael talks to Alex Kirk, Global Principal Engineer, Corelight

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Are you aware if your network has spoofed DNS traffic and do you know what things to look for in your network traffic to find supply chain attacks?

If you’re not sure then you won’t want to miss this episode of the Endace Packet Forensic files as I talk with Alex Kirk Director Global Principal Engineer for Corelight.

Alex gives his expert insights into the Solarwinds Sunburst supply-chain attack, what to look for, and why it took so long for security experts to uncover the threat. He highlights the importance of asset management and the integration of IT planning into security operations practices and policies.

Finally, Alex gives tips for finding and preventing these types of attacks in the future and advises where he still sees many organizations have gaps in their security stacks.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #20

Original Entry by : Michael Morris

Michael talks to Craig Williams, Director of Talos Outreach, Cisco

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

What are the latest threats that Threat Intelligence teams are seeing and what are they recommending as best practices for defending against the latest cybersecurity threats?

You won’t want to miss this episode of the Endace Packet Forensic files as Michael sits down with Craig Williams, Director of Talos Outreach at Cisco.

Craig talks about how threats have been evolving over the last year – particularly during the Covid-19 pandemic – and gives us some insights into recent high-profile security issues. He also shares some advice how you can validate your corporate applications and implement zero-trust policies to reduce your exposure to threats.

Finally, Craig talks through key elements of cyber security infrastructure that can help SOC teams investigate issues and evolve towards proactive threat hunting practices.

Other episodes in the Secure Networks video/audio podcast series are available here.