Endace Packet Forensics Files: Episode #5

Original Entry by : Michael Morris

Michael talks to Gerard Martir, Network Solutions Team Specialist at Keysight Technologies

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Tune in for the latest episode of our Endace Packet Forensic Files Vidcast/Podcast series with this week’s special guest Gerard Martir, Network Solutions Team Specialist for KeySight Technologies.

Gerard’s years of experience in the telecom space give him great insight as to how carriers are addressing cybersecurity along with how the roll out 5G will deliver better performance and tighter security.

Gerard talks about some of the adjustments telecom providers are making in the era of the global pandemic and the changing  priorities cause by massive shifts to remote workforces across the globe. He also provides insight into some of the technology best practices carriers are implementing to ensure performance, resiliency and security across their cutting-edge networks.


Endace Packet Forensics Files: Episode #4

Original Entry by : Michael Morris

Michael talks to Matt Chase, Director of Cortex Alliances for Palo Alto Networks

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Don’t miss our latest episode of Endace Packet Forensics Files vidcast series with this week’s guest, Matt Chase, Director of Cortex Alliances for Palo Alto Networks.

Matt shares his insights into how automation and orchestration is changing the game for SecOps teams and improving security analysts’ efficiency and accuracy. Matt talks about some of the best practices companies should think about when evaluating, adopting and implementing an orchestration platform.

Finally, Matt shares where he thinks things are headed next in security automation so you can plan your security strategy.


Endace Packet Forensics Files: Episode #3

Original Entry by : Michael Morris

Michael talks to Dave Burns, Senior Director of Alliances at Gigamon

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Catch our latest episode of Endace Packet Forensics Files vidcast series with this week’s guest Dave Burns, Senior Director of Alliances for Gigamon.

Dave talks about how customers are adapting to the monitoring and security challenges in the new remote workforce environment under Covid-19.

He shares his insights into things companies are doing to get the most out of their tools and be agile and proactive to stay on top of both performance needs and security threats.

Finally, Dave discusses how Ops teams are adapting their environments to support remote workforces and how they’re dealing with new loads and applications that the network wasn’t originally architected for.


APT’s are the New Cybersecurity Battle Front

Original Entry by : Michael Morris

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Join IBM, Gigamon and Endace
Tuesday, July 21, 2020

Don’t miss this informative webinar hosted by DataBreach Today.

Join Michael Morris (Endace), Russell Warren (IBM) and Martyn Crew (Gigamon) as they discuss strategies for detecting and protecting against APT’s.

Register Now

Advanced Persistent Threats (APTs) are the new battlefront for cybersecurity as threat actors combine multiple malware infiltration techniques to gain the most intelligence, cause the most damage, and ultimately reap the most financial rewards.  APT’s are the most sophisticated of threats, often difficult to detect and potentially lurking in your infrastructure for months or years before the real attack. Their motivations are political or financial, with a goal of maximum impact.

SecOps teams that are continually inundated with alerts and alarms don’t have time to connect the dots to realize some alarms point to APTs that are gaining a foothold. The sooner an APT can be identified and contained, the better the chance of minimizing the financial loss or brand damage your company experiences as a result.  This is easier said than done because skilled bad actors are constantly trying to cover their tracks, mask their existence, and hide the level of access they have gained and data they have collected.

Three pillars are key to effectively finding, containing, and mitigating APTs.  The first pillar is having visibility into everything that’s happening on your network. Getting the right network traffic to the right tools, including safely decrypting any TLS traffic, is critical for full visibility into threatening activity on the network. Other functions, such as deduplication, application filtering, and load-balancing traffic to multiple tools, are also important for an effective security stack.

The second pillar is implementing AI-based security analytics across all security-related telemetry data including Network, Endpoint, Application and Security logs. Bringing all this data together in one place enables the organization to create “baselines” of what is “normal behavior” versus “suspicious activity”. Leading analytics platforms can provide a single, correlated view of threatening activity and leverage integrations with third-party tools that accelerate the incident response process for SecOps teams.

The third pillar is recording enterprise-wide network history for in-depth investigations during incident response.  Many APTs implement wipers to erase evidence of their existence and cover their tracks, including modifying system logs, authentication records and other sources of evidence. However, bad actors can’t hide when enterprises implement continuous network traffic recording.  Recorded network history lets you see exactly what’s happening on the network so you can investigate and defend against even the most well-masked security threats. It provides tamper-proof evidence that lets teams understand the full extent of a threat including the ability to see into payloads that may have been collected and exfiltrated.

Join us on the webinar on July 21st to hear more. Register here.


Endace Packet Forensic Files: Episode #2

Original Entry by : Michael Morris

Michael talks to Doug Hurd, Senior Business Development Manager at Cisco Systems Security Solutions

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Tune for the latest episode of Endace Packet Forensic Files vidcast series with this week’s guest Doug Hurd, Senior Business Development Manager at Cisco Systems Security Solutions.

Doug shares experience and insights on some of the most robust security stacks by best in class companies.  He talks about some of the techniques companies are implementing to handle the sheer volume of threat alarms and efficiently work through them.

Finally, Doug shares his insights into where companies – and vendors – are heading to help security teams stay in front of the latest cybersecurity threats.


Endace Packet Forensics Files: Episode #1

Original Entry by : Michael Morris

Michael talks to Justin Fier, Director of Cyber Intelligence at Darktrace

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Join the new Endace Packet Forensics Files vidcast for an informative session with guest, Justin Fier, Director of Cyber Intelligence at Darktrace.

Justin shares his experience with the challenges SecOps teams are facing from the Covid-19 Pandemic and the massive shift to a remote workforce. Hear how cyber AI, anomalous network detection, and packet forensics can help you stay ahead of the latest threats.

Justin’s insights into industry verticals like Finance, Healthcare, and Government reveal the unique changes and challenges these environments are facing, and some of the best practices he is seeing to address those challenges.


Packet Detectives Episode 2: The Case of the Unknown TLS Versions

Original Entry by : Michael Morris

Demystifying Network Investigations with Packet Data

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

As we discussed with Ixia and Plixer recently in our How to Combat Encrypted Threats webinar (which you can watch here if you are interested) newer versions – 1.2 and 1.3 – of TLS should be preferred over older versions – 1.0 and 1.1 – because they’re much more secure, and better protect data in flight.

But removing older versions of TLS from your network can be challenging. First, identifying which versions are actually being used. Second, identifying which servers and clients are using outdated versions. And lastly, updating any servers inside your network that are using older TLS versions, and potentially blocking access to servers outside the network using older versions too, all without causing your users to scream!

It’s not just users you need to worry about either. Potentially you may have IoT devices on your network that are still using older TLS versions.

Thankfully, if you have access to recorded network traffic there’s an easy way …

In this second installment of Packet Detectives, industry-renowned SharkFest presenter and all-round Wireshark guru, Betty DuBois, shows how you can quickly answer all these questions using Wireshark to analyze the TLS traffic on your network to see which hosts and clients are using which versions. She has even created a special, custom Wireshark profile you can download to make the analysis even easier!

The truth is in the packets …

We hope you find this video useful. Please let us know if you have ideas for other examples you’d like to see.


Packet Detectives Episode 1: The Case of the Retransmissions

Original Entry by : Michael Morris

Demystifying Network Investigations with Packet Data

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

As I talk to security analysts, network operations engineers and applications teams around the world a common theme regularly emerges: that troubleshooting security or performance issues with log or flow data alone just doesn’t cut it.

Most folks report spending way too many hours troubleshooting problems only to realize they just don’t have enough detail to know exactly what happened. Often this results in more finger pointing and unresolved issues. Too much time spent investigating issues also causes other alerts to start piling up, resulting in stress and undue risk to the organisation from a backlog of alerts that never get looked at.

On the other hand, those that use full packet capture data to troubleshoot problems report significantly faster resolution times and greater confidence because they can see exactly what happened on the wire.

Many folks I talk to also say they don’t have the expertise necessary to troubleshoot issues using packet data. But it’s actually much easier than you might expect. Packet decode tools – like Wireshark – are powerful and quite self-explanatory. And there’s tons of resources available on the web to help you out. You don’t need to be a mystical, networking guru to gain valuable insights from packet data!

Getting to the relevant packets is quick and easy too thanks to the EndaceProbe platform’s integration with solutions from our Fusion Partners like Cisco, IBM, Palo Alto Networks, Splunk and many others. Analysts can quickly pivot from alerts in any of those tools directly to related packet data with a single click, gaining valuable insights into their problems quickly and confidently.

To help further, we thought it would be useful to kick-off a video series of “real-world” investigation scenarios to show just how easily packet data can be used to investigate and resolve difficult issues (security or performance-related) in your network.

So here’s the first video in what we hope to make a regular series. Watch as industry-renowned SharkFest presenter and all-round Wireshark guru, Betty Dubois, walks us through investigating an application slow-down that is problems for users. The truth is in the packets …

We hope you find this video useful. Please let us know if you have ideas for other examples you’d like to see.