Endace Packet Forensics Files: Episode #12

Original Entry by : Michael Morris

Michael talks to Paul Giorgi, CTO at DeFY Security.

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, EndaceSecurity Orchestration, Automation and Response, or SOAR is the hottest growth area in the cybersecurity industry and probably one of the most complex adoptions for most security teams to undertake.

You won’t want to miss our latest episode of the Endace Packet Forensic Files Vidcast/Podcast series with special guest Paul Giorgi, CTO and Co-Founder of DeFY Security.

Paul has had many years of experience building and implementing security solutions with DeFY Security customers. In this episode he suggests some best practices tips on where to start when deploying a SOAR solution and how to make time for your SecOps teams with all the things they already have on their plates.

Paul shares his first-hand experience of where organizations tend to make the biggest mistakes when implementing a SOAR platform and how to best avoid those pitfalls.  Finally, he suggests some simple, high-impact areas to focus on with your SOAR deployment.  These are use-cases where SOAR can deliver immediate returns in efficiency and effectiveness for your security teams.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #11

Original Entry by : Michael Morris

Michael talks to Kate Kuehn, Senior VP at vArmour.

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, EndaceWhat are some of the top things on the minds of CISOs in today’s COVID-affected, remote-working, rapidly digitally transforming world?

If you want to hear what’s dominating their thinking then don’t miss our latest episode of the Endace Packet Forensic Files Vidcast/Podcast series with special guest Kate Kuehn, SVP at vArmour.

Kate is a seasoned security executive with years of experience as a CISO herself as well as working alongside many other CISOs. In this episode, Kate talks about what she sees are some of the biggest challenges that CISOs and their security teams face in response to digital transformation and rapid changes to their hybrid cloud and on-premise environments.

Kate shares her insights into what SecOps teams are doing to address those challenges and what things she thinks they are still missing. Finally, she reveals some must-haves for every CISO to consider as they select security tools and the gaps many organizations still have in their security stacks.

Don’t miss the chance to learn from Kate’s exceptional security insights.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #8

Original Entry by : Michael Morris

Michael talks to Scott Register, VP of Security Solutions for KeySight Technologies

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Catch our latest episode of “Secure Networks – the Packet Forensic Files” vidcast/podcast series with this week’s special guest Scott Register, VP of Security Solutions for KeySight Technologies.

Scott, with his years of experience in building security solutions, shares some of the biggest challenges SecOps teams are facing in today’s environment and what they are doing to solve them.

He talks about the latest trends in the threat landscape and what security teams are doing to test and monitor for these attacks.  Hear how threat simulation can help both validate tool readiness and people processes to elevate your security prevention and response.

Finally, Scott shares his insights into implementing security in 5G and WiFi infrastructures as well as traditional networks and data centers.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #7

Original Entry by : Michael Morris

Michael talks to Travis Rosiek, CTO and Strategy Office at BluVector (a Comcast company)

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

If you haven’t caught up with the insights from our “Secure Networks – the Packet Forensics Files” vidcast/podcast series yet, here is your chance to see what you have been missing out on. This week’s special guest is Travis Rosiek, CTO and Strategy Officer for BluVector (a Comcast company).

Travis, a long-time government cybersecurity specialist, shares his insights into what he sees companies and government agencies are missing from their security strategies.  He talks about how you can begin to move your security activity from being merely reactive to a more proactive approach.

Travis discusses some of the specific challenges and advantages government agencies face compared to enterprises and what both groups can do to elevate their security posture.  He also shares his insights into best practices to protect your IT infrastructure and things to look out for in the ever-changing security landscape.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #4

Original Entry by : Michael Morris

Michael talks to Matt Chase, Director of Cortex Alliances for Palo Alto Networks

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Don’t miss our latest episode of Endace Packet Forensics Files vidcast series with this week’s guest, Matt Chase, Director of Cortex Alliances for Palo Alto Networks.

Matt shares his insights into how automation and orchestration is changing the game for SecOps teams and improving security analysts’ efficiency and accuracy. Matt talks about some of the best practices companies should think about when evaluating, adopting and implementing an orchestration platform.

Finally, Matt shares where he thinks things are headed next in security automation so you can plan your security strategy.

Other episodes in the Secure Networks video/audio podcast series are available here.


Wireshark without the wait!

Original Entry by : Cary Wright

With Wireshark on EndaceProbe you can quickly search hundreds of Terabytes of packet data to analyze important packets in Wireshark

By Cary Wright, VP Product Management, Endace


Cary Wright, VP Product Management, Endace

Who can afford to wait when responding to a critical security incident? With Wireshark now hosted on EndaceProbe we have eliminated all the waiting around to see packet evidence. Reviewing captured network history will often reveal vital evidence needed to remediate a threat, evidence that may have been wiped from system logs.

Unfortunately, if you’re using Wireshark on your desktop to view that evidence you know it can be a very slow process. Just downloading a multi-GB capture file from your capture appliance can take a while, and then loading it up on your desktop can also be a lengthy process.  All this waiting and context switching is a productivity hit for you and your team– not to mention a data privacy risk if those PCAPs are sitting on your desktop or laptop.

I’m excited to say there will be no more waiting around to view packets with our newly released OSm 7.0 software! A full instance of native Wireshark is now hosted right on each EndaceProbe appliance so you can review captured network traffic quickly and securely. We have also included WireShark on each Endace InvestigationManager instance, allowing you to search over up to 100 EndaceProbes in parallel and present a single merged packet view inside Wireshark.

There is no need to download large PCAPs over the network, and no need to store them insecurely on your desktop PC or laptop to view in Wireshark. Viewing network packet captures is now lightning fast because EndaceProbe high-performance hardware serves the packets from the local RAID directly to a Wireshark instance hosted on the EndaceProbe.

If you’re a regular Wireshark user you will know that Wireshark doesn’t handle large PCAPs very well, just loading a 1GB file can take forever let alone a 100TB pcap. With Wireshark on EndaceProbe you can now quickly search hundreds of Terabytes of packet data to view or analyze important packets in Wireshark. The workflow is much faster and more secure. And Wireshark power users will be glad to know it’s a full Wireshark instance with all the useful features and decodes that you’ve come to know and love.

Here’s a sneak preview:

Wireshark on EndaceProbe with OSm7
With OSm 7.0, now you can go directly from EndaceVision to Wireshark hosted on EndaceProbes – without having to download large pcap trace files.

Endace Packet Forensics Files: Episode #3

Original Entry by : Michael Morris

Michael talks to Dave Burns, Senior Director of Alliances at Gigamon

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Catch our latest episode of Endace Packet Forensics Files vidcast series with this week’s guest Dave Burns, Senior Director of Alliances for Gigamon.

Dave talks about how customers are adapting to the monitoring and security challenges in the new remote workforce environment under Covid-19.

He shares his insights into things companies are doing to get the most out of their tools and be agile and proactive to stay on top of both performance needs and security threats.

Finally, Dave discusses how Ops teams are adapting their environments to support remote workforces and how they’re dealing with new loads and applications that the network wasn’t originally architected for.

Other episodes in the Secure Networks video/audio podcast series are available here.


APT’s are the New Cybersecurity Battle Front

Original Entry by : Michael Morris

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Join IBM, Gigamon and Endace
Tuesday, July 21, 2020

Don’t miss this informative webinar hosted by DataBreach Today.

Join Michael Morris (Endace), Russell Warren (IBM) and Martyn Crew (Gigamon) as they discuss strategies for detecting and protecting against APT’s.

Register Now

Advanced Persistent Threats (APTs) are the new battlefront for cybersecurity as threat actors combine multiple malware infiltration techniques to gain the most intelligence, cause the most damage, and ultimately reap the most financial rewards.  APT’s are the most sophisticated of threats, often difficult to detect and potentially lurking in your infrastructure for months or years before the real attack. Their motivations are political or financial, with a goal of maximum impact.

SecOps teams that are continually inundated with alerts and alarms don’t have time to connect the dots to realize some alarms point to APTs that are gaining a foothold. The sooner an APT can be identified and contained, the better the chance of minimizing the financial loss or brand damage your company experiences as a result.  This is easier said than done because skilled bad actors are constantly trying to cover their tracks, mask their existence, and hide the level of access they have gained and data they have collected.

Three pillars are key to effectively finding, containing, and mitigating APTs.  The first pillar is having visibility into everything that’s happening on your network. Getting the right network traffic to the right tools, including safely decrypting any TLS traffic, is critical for full visibility into threatening activity on the network. Other functions, such as deduplication, application filtering, and load-balancing traffic to multiple tools, are also important for an effective security stack.

The second pillar is implementing AI-based security analytics across all security-related telemetry data including Network, Endpoint, Application and Security logs. Bringing all this data together in one place enables the organization to create “baselines” of what is “normal behavior” versus “suspicious activity”. Leading analytics platforms can provide a single, correlated view of threatening activity and leverage integrations with third-party tools that accelerate the incident response process for SecOps teams.

The third pillar is recording enterprise-wide network history for in-depth investigations during incident response.  Many APTs implement wipers to erase evidence of their existence and cover their tracks, including modifying system logs, authentication records and other sources of evidence. However, bad actors can’t hide when enterprises implement continuous network traffic recording.  Recorded network history lets you see exactly what’s happening on the network so you can investigate and defend against even the most well-masked security threats. It provides tamper-proof evidence that lets teams understand the full extent of a threat including the ability to see into payloads that may have been collected and exfiltrated.

Join us on the webinar on July 21st to hear more. Register here.


Endace Packet Forensic Files: Episode #2

Original Entry by : Michael Morris

Michael talks to Doug Hurd, Senior Business Development Manager at Cisco Systems Security Solutions

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Tune for the latest episode of Endace Packet Forensic Files vidcast series with this week’s guest Doug Hurd, Senior Business Development Manager at Cisco Systems Security Solutions.

Doug shares experience and insights on some of the most robust security stacks by best in class companies.  He talks about some of the techniques companies are implementing to handle the sheer volume of threat alarms and efficiently work through them.

Finally, Doug shares his insights into where companies – and vendors – are heading to help security teams stay in front of the latest cybersecurity threats.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #1

Original Entry by : Michael Morris

Michael talks to Justin Fier, Director of Cyber Intelligence at Darktrace

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Join the new Endace Packet Forensics Files vidcast for an informative session with guest, Justin Fier, Director of Cyber Intelligence at Darktrace.

Justin shares his experience with the challenges SecOps teams are facing from the Covid-19 Pandemic and the massive shift to a remote workforce. Hear how cyber AI, anomalous network detection, and packet forensics can help you stay ahead of the latest threats.

Justin’s insights into industry verticals like Finance, Healthcare, and Government reveal the unique changes and challenges these environments are facing, and some of the best practices he is seeing to address those challenges.

Other episodes in the Secure Networks video/audio podcast series are available here.