By Garima Bhatia, Test Manager – Appliance QA, Endace
Endace has recently started an exciting initiative which we wanted to share.
We have always been a culturally diverse workplace with people from all over the world representing many different nationalities and cultures. We are proud of this and want to recognize and celebrate the diversity we already have at Endace. Each of our individuals has unique perspectives, skills, experiences and backgrounds that bring valuable contributions to the organization.
Supporting this diverse set of individuals to feel included is important; so people feel they truly belong to the organization they are working at and can achieve their maximum potential. For Endace as an innovative organization, this means reaping the rewards of diverse thinking, and a stimulating work environment that leads to a satisfied team with strong collaboration and teamwork.
It is important that diversity is not only accepted, but celebrated, in ways that gives this diverse group of people a strong sense of worth and belonging. Everyone should feel accepted and valued for who they are in order for Endace to build a corporate culture that demonstrably supports and celebrates every individual’s self-expression.
Our approach to making diversity at Endace inclusive, by embracing our different mix of people, is a bottom-up approach. Our People team conducted an internal survey, and a series of discussions and presentations, to encourage input from people across the organization. In these sessions, we examined and discussed what diversity means and how acceptance and celebration of diversity go hand-in-hand with inclusion. We discussed how this benefits the business by allowing it to tap into the potential a diverse workforce has to offer, and how it benefits individuals by encouraging their individuality in a productive way.
This process was widely supported across the organization and led to agreement across the board that an active focus on Diversity and Inclusion (D&I) was an important initiative for everyone at Endace.
As our CEO Stuart Wilson said “this initiative is to ensure everyone has an equal voice so the business benefits from the best of the abilities that we have as a diverse team at Endace. I am motivated to give a voice to those who may be reluctant to step forward and I am looking forward to seeing what we achieve together.”
D&I can be “in the eye of the beholder”. So our challenge was to gain an organization-wide perspective of what diversity means to everyone at Endace. We needed to understand where we are now and what we want to focus on improving.
We established a community-led group, by calling for volunteers from across Endace, to collect input and ideas from across the organization, that could be implemented in conjunction with the People team. We found we had many people that are enthusiastic about this initiative and who wanted to be part of the group proactively taking steps to better understand and support our team members.
As Sam from the Software team says, “the differences that exist between us all are a strength, not a weakness. The D&I Committee provides a platform for us to celebrate and better understand this.”
We had people who wanted to voice opinions on many different issues and were willing to dedicate time and ideas.
As Michael in the Support team said, “being part of Endace’s Diversity & Inclusion team resonates strongly with my personal commitment to breaking down barriers for marginalized and vulnerable communities. I am passionate about making a positive difference, whether it’s in relation to gender, age, ability, sexuality, or cultural diversity.”
One very motivated volunteer, Kate, provided a very perceptive insight; “I believe acceptance of difference makes us stronger and smarter. It is not the diversity that is key, it is the openness to it.”
We were also fortunate to have a senior leadership team member, John Attala, Endace’s VP of Worldwide Sales, sponsor the initiative as the D&I group leader. John said,
“As the son of a first-generation immigrant, our family’s diversity stood out. My parents became leaders in their careers and community and I believe our cultural differences educated our community in a small way. Diversity and inclusion are important to me and I’m excited to be part of the first Endace D&I Committee. I hope together we can help facilitate a workplace that is safe, welcoming and where ideas are freely shared because I believe diversity is the one true thing we all have in common”.
Once assembled, the group was trained by the people team on D&I fundamentals and tasked with identifying focus areas and specific objectives Endace could undertake to ensure D&I are embedded across the organization.
The experience of being in the D&I committee so far has been a unique one. We have identified the focus areas we collectively agreed to work on and identified teams to work on each of these focus areas. These teams are responsible for ensuring the overall group makes progress by firstly building awareness of issues in their specific focus areas and then by identifying actions that will address those issues and ensure diversity is not only accepted but overtly celebrated across the organization.
We have taken our first steps – including having all managers participate in an “unconscious bias” workshop. This workshop helped attendees to understand that biases do exist, how they can identify and become conscious of them, and how to be mindful that these biases don’t get in the way of everyone being treated fairly.
As we move forward, we are driven to actively support our organization becoming a place where individuality is celebrated and everyone has a sense of belonging, of having a valued voice, is accepted and respected, and has opportunities to develop. Change happens over time, but we know this can be achieved through our commitment to community-led initiatives and the hard work of our D&I Committee.
Endace and the EndaceProbe Analytics Platform have been honored with nine awards in two well-regarded industry awards programs: The Globee 17th Annual 2021 Cyber Security Global Excellence Awards and the 2021 Cybersecurity Excellence Awards. The award categories include Most Innovative Security Hardware, Hot Security Company of the Year, Hot Security Technology of the Year, and Cybersecurity Blogger of the Year.
From the Globee 17th Annual 2021 Cyber Security Global Excellence Awards, Endace was selected as the winner in the following categories:
From the 2021 Cybersecurity Excellence Awards, Endace won two silver awards in:
There was strong competition across both awards programs this year and Endace would like to congratulate all this year’s winners and nominees – in particular our partners and fellow winners: Darktrace, Palo Alto Networks and Keysight (Ixia).
It’s great to see such a vibrant community of cybersecurity companies in the market. Our combined contributions are critically important to further improving cyber defense and helping organizations around the world protect critical infrastructure and private data from criminal and nation-state-sponsored attacks.
Most of what’s written about cybersecurity focuses on the mechanics of attacks and defense. But, as recent research shows, the economics of security is just as significant. It’s not just lack of available budget – departments always complain about that – but how they are forced to allocate their budgets.
Currently, security solutions are often hardware-based, which forces organizations into making multiple CAPEX investments – with accompanying complex, slow purchase processes.
More than three-quarters of respondents to the survey reported that “the challenge of constraints caused by CAPEX cycle (e.g. an inability to choose best possible solutions when the need arises) is significant.”Almost half reported being stuck with solutions that have “outlived their usefulness, locked into particular vendors or unable to choose best-of-breed solutions.”
Speed of deployment is also a significant challenge for organizations, with more than 50% of respondents reporting that “deploying a new security, network or application performance platform takes six to twelve months or longer.”
As outlined in the previous post, existing security solutions are expensive, inflexible, hardware-dependent and take too long to deploy or upgrade. The process of identifying a need, raising budget, testing, selecting and deploying hardware-based security and performance monitoring solutions simply takes too long. And the cost is too high.
Contrast this with cyber attackers, who don’t require costly hardware to launch their attacks. They are not hampered by having to negotiate slow, complex purchase and deployment cycles. And often they leverage their target’s own infrastructure for attacks. The truth is that the economics of cybersecurity is broken: with the balance radically favoring attackers at the expense of their victims.
Companies have a myriad of choices when it comes to possible security, network performance and application performance monitoring solutions. Typically, they deploy many different tools to meet their specific needs.
As discussed in the previous post, the lack of a common hardware architecture for analytics tools has prevented organizations from achieving the same cost savings and agility in their network security and monitoring infrastructure that virtualization has enabled in other areas of their IT infrastructure. As a result, budgets are stretched, organizations don’t have the coverage they’d like (leading to blindspots in network visibility) and deploying and managing network security and performance monitoring tools is slow, cumbersome and expensive.
Consolidating tools onto a common hardware platform – such as our EndaceProbe – helps organizations overcome many of the economic challenges they face:
The cost of the hardware infrastructure needed to protect and manage the networks can also be shared by SecOps, NetOps, DevOps and IT teams, further reducing OPEX and CAPEX costs and facilitating closer cooperation and collaboration between teams.
For architects, a common hardware platform becomes a network element that can be designed into the standard network blueprint – reducing complexity and ensuring visibility across the entire network. And for IT teams responsible for managing the infrastructure it avoids the platform fatigue that currently results from having to manage multiple different hardware appliances from multiple different vendors.
Because analytics functionality is abstracted from the underlying EndaceProbe hardware, that functionality can be changed or upgraded easily, enabling – as we saw in the last post – far more agile deployment and the freedom to deploy analytics tools that best meet the company’s needs rather than being locked into specific vendors’ offerings.
Equally importantly, it extends the useful life of the EndaceProbe hardware too. No longer does hardware have to be replaced in order to upgrade or change analytics functionality. And as network speeds and loads increase, older EndaceProbes can be redeployed to edge locations and replaced at the network core with newer models offering higher-speeds and greater storage density. This ensures companies get maximum return on their hardware investment.
Lastly, their modular architecture allows multiple, physical EndaceProbes to be stacked or grouped to form centrally-managed logical EndaceProbes capable of scaling to network speeds of hundreds of gigabits-per-second and storing petabytes of network history.
This blog series has looked at the three key challenges – Visibility, Agility and Economic Efficiency (this post) – that enterprises report they face in protecting their networks and applications from cyber threats and costly performance issues. These challenges are interrelated: it is only by addressing all three that organizations can achieve the level of confidence and certainty necessary to effectively protect their critical assets.
Last month was officially our most successful month for awards ever! Maybe it’s got something to do with it being February in a Leap Year?
Whatever the reason, we’re thrilled to report that Endace received no less than ten industry awards last week, winning three top spots at the Cyber Defense Magazine InfoSec Awards and a further seven awards at the Info Security Product Guide Global Excellence Awards.
CYBER DEFENSE MAGAZINE (CDM) is the industry’s leading electronic information security magazine. Rolling out the red carpet at RSA in San Francisco this week, CDM’s panel of judges voted the EndaceProbe Analytics Platform Product Suite best in class for the following categories:
INFO SECURITY PRODUCTS GUIDE is the industry’s leading information security research and advisory guide. The awards panel, which includes 35 judges from around the world, recognized Endace in the following categories
We’re looking forward to attending the Info Security Product Guide Awards 2020 presentation ceremony and dinner in October to celebrate the Grand Trophy win and the six other awards.
We’d like to extend a big thank you to the judging panels for both award programs. And congratulations to fellow 2020 winners including Endace Fusion Partners Cisco, Ixia (a Keysight company), Darktrace and Gigamon.
In part two of this series of blog posts, we looked at Visibility as one of the key challenges uncovered in the research study Challenges of Managing and Securing the Network 2019.
In this third post, we’ll be discussing another of the key challenges that organizations reported: Agility.
From a cybersecurity and performance management perspective, the term “Agility” can mean two different things. In one sense it can mean the ability to investigate and respond quickly to cyber threats or performance issues. But it can also refer to the ability to rapidly deploy new or upgraded solutions in order to evolve the organization’s ability to defend against, or detect, new security threats or performance issues.
To keep things clear let’s refer to these two different meanings for agility as “Agile Response” and “Agile Deployment.”
In the last post, we looked at the data sources organizations can use to improve their visibility into network activity – namely using network metadata, combined with full packet data, to provide the definitive evidence that enables analysts to quickly and conclusively investigate issues.
In order to leverage this data, the next step is to make it readily available to the tools and teams that need access to it. Tools can access the data to more accurately detect issues, and teams get quick and easy access to the definitive evidence they need to investigate and resolve issues faster and more effectively.
Organizations report that they are struggling with two significant issues when it comes to investigating and resolving security or performance issues.
The first is they are drowning in the sheer volume of alerts being reported by their monitoring tools. Investigating each issue is a cumbersome and resource-intensive process, often involving multiple people. As a result there is typically a backlog of issues that never get looked at – representing an unknown level of risk to the organization.
The second issue, which is compounding the alert fatigue problem, is that the tools teams use are not well-integrated, making the investigation process slow and inefficient. In fact, 91% of the organizations surveyed reported significant challenges in “integrating solutions to streamline processes, increase productivity and reduce complexity.” The result is analysts are forced to switch from tool to tool (also known as “swivel chair integration”) to try and piece together a “big-picture” view of what happened.
Integrating network metadata and packet data into security and performance monitoring tools is a way to overcome both these challenges:
By leveraging a common, authoritative source of packet-level evidence organizations can create a “community of interoperability” across all their security and performance monitoring tools that drives faster response and greater productivity.
By integrating this packet-level network history with their security tools, SecOps teams can pivot quickly from alerts to concrete evidence, reducing investigation times from hours or days to just minutes.
Endace’s EndaceProbe Analytics Platform does this by enabling solutions from leading security and performance analytics vendors – such as BluVector, Cisco, Darktrace, Dynatrace, Micro Focus, IBM, Ixia, Palo Alto Networks, Splunk and others – to be integrated with and/or hosted on the EndaceProbe platform. Hosted solutions can access analyze live packet data for real-time detection or analyze recorded data for back-in-time investigations.
The EndaceProbe’s powerful API-based integration allows analysts to go from alerts in any of these tools directly to the related packet history for deep, contextual analysis with a single click.
The research showed that many organizations report their lack of visibility is due to having “too few tools in too few places in the network.” There are two reasons for this. One is economic – and we’ll look at that in the next post. The other is that the process of selecting and deploying new security and performance monitoring solutions is very slow.
The reason deploying new solutions is so slow is that they are typically deployed as hardware-based appliances. And as we all know, the process of acquiring budget for, evaluating, selecting, purchasing and deploying hardware can take months. Moreover, appliance-based solutions are prone to obsolescence and are difficult or impossible to upgrade without complete replacement.
All these things make for an environment that is static and slow-moving: precisely the opposite of what organizations need when seeking to be agile and evolve their infrastructure quickly to meet new needs. Teams cannot evolve systems quickly enough to meet changing needs – which is particularly problematic when it comes to security, because the threat landscape changes so rapidly. As a result, many organizations are left with security solutions that are past their use-by date but can’t be replaced until their CAPEX value has been written down.
The crux of the problem is that many analytics solutions rely on collecting and analyzing network data – which means every solution typically includes its own packet capture hardware.
Unlike the datacenter, where server virtualization has delivered highly efficient resource utilization, agile deployment and significant cost savings, there isn’t – or rather hasn’t been until now – a common hardware platform that enables network security and performance analytics solutions to be virtualized in the same way. A standardized platform for these solutions needs to include the specialized, dedicated hardware necessary for reliable packet capture and recording at high speed.
This is why Endace designed the EndaceProbe™ Analytics Platform. Multiple EndaceProbes can be deployed across the network to provide a common hardware platform for recording full packet data while simultaneously hosting security and performance analytics tools that need to analyze packet data.
Adopting a common hardware platform removes the hardware dependence that currently forces organizations to deploy multiple hardware appliances from multiple vendors and frees them up to deploy analytics solutions as virtualized software applications. This enables agile deployment and gives organizations the freedom to choose the security, application performance and network performance solutions that best suit their needs, independent of the underlying hardware.
In the next post, we’ll look at how a common platform can help address some of the economic challenges that organizations face in protecting their networks.
As outlined in the first post in this series, lack of visibility into network activity was one of the key challenges reported by organizations surveyed by VIB for the Challenges of Managing and Securing the Network 2019 research study. This wasn’t a huge surprise: we know all too well that a fundamental prerequisite for successfully protecting networks and applications is sufficient visibility into network activity.
Sufficient visibility means being able to accurately monitor end-to-end activity across the entire network, and recording reliable evidence of this activity that allows SecOps, NetOps and DevOps teams to react quickly and confidently to any detected threats or performance issues.
It might be tempting to suggest that lack of network visibility results from not collecting enough data. Actually, the problem is not possessing enough of the right data to provide the context that enables a coherent big-picture view of activity – and insufficient detail to enable accurate event reconstruction. This leaves organizations questioning their ability to adequately protect their networks.
Without context, data is just noise. Data tends to be siloed by department. What is visible to NetOps may not be visible to SecOps, and vice versa. It is often siloed inside specific tools too, forcing analysts to correlate data from multiple sources to investigate issues because they lack an independent and authoritative source of truth about network activity.
Typically, organizations rely on data sources such as log files, and network metadata, which lack the detailed data necessary for definitive event reconstruction. For instance, while network metadata might show that a host on the network communicated with a suspect external host, it won’t give you the full details about what was transferred. For that, you need full packet data.
In addition, network metadata and packet data are the only data sources that are immune to potential compromise. Log files and other data sources can be tampered with by cyber attackers to hide evidence of their presence and activity; or may simply not record the vital clues necessary to investigate a threat or issue.
The best possible solution to improving visibility is a combination of full packet data and rich network metadata. Metadata gives the big picture view of network activity and provides an index that allows teams to quickly locate relevant full packet data. Full packet data contains the “payload” that lets teams reconstruct, with certainty, what took place.
Collecting both types of data gives NetOps, DevOps and SecOps teams the information they need to quickly investigate threats or performance problems coupled with the ability to see precisely what happened so they know how to respond with confidence.
This combination provides the context needed to deliver both a holistic picture of network activity and the detailed granular data required to give certainty. It also provides an independent, authoritative source of network truth that makes it easy to correlate data from multiple sources – such as log files – and validate their accuracy.
With the right evidence at hand, teams can respond more quickly and accurately when events occur.
In the next post in this series, we’ll look at how to make this evidence easily accessible to the teams and tools that need it – and how this can help organizations be more agile in responding to security threats and performance issues.
We’d like to take this opportunity to thank all of the companies and individuals that participated in both studies. Without your participation, it would not have been possible to produce these reports and the valuable insight they contain.
For those who didn’t get a chance to participate, please click here to register your interest in participating in our 2020 research projects.
Last year, Endace participated in two global research studies focusing on the challenges of protecting enterprise networks. The results of both provide powerful insights into the state of network security today, and what organizations can do to improve the security and reliability of their networks. In this series of blog posts, we’re going to take a deep dive into the results and their implications.
We commissioned an independent, US-based research company, Virtual Intelligence Briefing (VIB) to conduct the research underpinning the Challenges of Managing and Securing the Network 2019 report. VIB surveyed senior executives and technical staff at more than 250 large, global enterprises to understand the challenges they face in protecting against cyberattacks threats and preventing network and application performance issues.
Organizations from a range of industry verticals including Finance, Healthcare, Insurance and Retail participated. Annual revenues of participating companies were between $250M and $5B+, and respondents included senior executives such as CIOs and CISO, as well as technical management and technical roles.
Our second research project was with Enterprise Management Associates (EMA) and was focused on looking at what leading organizations are doing to improve their cybersecurity and what tactical choices are making the biggest difference. This research was based on responses to a detailed survey of more than 250 large enterprises across a wide range of industries .
You can download a summary of EMA’s report here: “Unlocking High Fidelity Security 2019“.
When it comes to securing their networks from cyberattacks, organizations find it hard to ‘see’ all the threats, making detection and resolution of security and performance issues cumbersome and often inconclusive. They lack sufficient visibility into network activity, with too few tools in too few places to be confident they can quickly and effectively respond to cyber threats and performance issues.
The need for greater agility was also a common challenge, with alert fatigue, tool fatigue and lack of integration between tools making the investigation and resolution process slow and resource-intensive.
Organizations also face significant economic challenges in the way they are currently forced to purchase and deploy solutions. This leaves them unable to evolve quickly enough to meet the demands imposed by today’s fast-moving threat landscape and 24×7 network and application uptime requirements.
In this series, we’ll explore each of these three challenges – Visibility, Agility and Economics – while also looking at how they are intrinsically inter-related. Understanding and addressing all of these challenges together revolutionizes network security and management, and enables organizations to realize greater efficiency while saving money.
Our next post will look at why organizations lack visibility into network activity and how they can overcome this challenge.
Endace’s Michael Morris recently caught up with the team at