Changing the Game for Network Security Investigations

Original Entry by : Michael Morris

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, EndaceSecurity teams are overloaded – they have too many alerts, and tools that aren’t integrated. There’s simply not enough of the right information in the hands of security analysts to enable them to investigate issues quickly and confidently.

Organizations need integrated security tools that raise their odds of detecting threats and give them the confidence that they really know what is happening – or has happened – anywhere on their networks.

Today that battle is changing. The game is being tilted in the favor of SecOps teams as analysts can now leverage the power of two powerful and tightly integrated security platforms – Corelight NDR and the EndaceProbe Analytics Platform – to detect and hunt for threats in their networks.

Corelight’s enterprise-ready Zeek and Suricata engines allow SecOps teams to fully analyze network traffic data for threats, protocol insights and application anomalies. Corelight Sensors harness the simplicity of Zeek with enterprise-level performance, scale and administrative capability to give SOCs gain rapid visibility into what’s happening on their network.

Corelight’s out of the box integration of Zeek and Suricata provides a powerful, flexible, and easy-to-deploy security platform that delivers simple and scalable network detection and the detailed insights critical to any security team.

The EndaceProbe “always-on” network recording and packet capture platform gives customers 100% visibility into every packet anywhere on the network, enabling powerful real-time and back-in-time forensic investigation and event reconstruction.

The EndaceProbe platform scales to record traffic at full line-rate across your whole environment. Delivering high-speed centralized search and easy drill-down workflows from your SIEMS or other security tools directly to the recorded network traffic relevant to a specific alert or investigation. Additionally, Endace’s open platform architecture lets you host solutions such as Corelight Sensors as virtualized instances directly on the EndaceProbe appliance to analyze the traffic in real-time as it is recorded. This hosting capability allows you to consolidate key security tools onto a common hardware platform, reducing costs and enabling agile deployment of tools to wherever you need them across your network without additional hardware rollout and configuration.

The power of combining EndaceProbes with Corelight sensors helps customers to solve difficult security challenges like supply-chain attacks or advanced persistent threats, that are often difficult to detect and enable attackers to hide for long periods in the network by camouflaging their activity using sophisticated stealth techniques such as modifying or deleting logs or other evidence.

Having powerful detection and traffic analysis integrated with a tamper-resistant record of network activity in the form of recorded packet history streamlines forensic investigations and threat hunting efforts, making security teams more efficient and effective. Real-world problems such as identifying command and control traffic, spoofed DNS, or lateral movement inside your network can be solved in minutes.

Large technology firms, banks, and government agencies around the globe are enthusiastically embracing the power of Corelight and Endace to help them better secure their environments. To learn more about how together Endace and Corelight can help you better secure your environment check out the short demo video below and Corelight’s partner page on endace.com.


Endace Packet Forensics Files: Episode #21

Original Entry by : Michael Morris

Michael talks to Alex Kirk, Global Principal Engineer, Corelight

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Are you aware if your network has spoofed DNS traffic and do you know what things to look for in your network traffic to find supply chain attacks?

If you’re not sure then you won’t want to miss this episode of the Endace Packet Forensic files as I talk with Alex Kirk Director Global Principal Engineer for Corelight.

Alex gives his expert insights into the Solarwinds Sunburst supply-chain attack, what to look for, and why it took so long for security experts to uncover the threat. He highlights the importance of asset management and the integration of IT planning into security operations practices and policies.

Finally, Alex gives tips for finding and preventing these types of attacks in the future and advises where he still sees many organizations have gaps in their security stacks.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #20

Original Entry by : Michael Morris

Michael talks to Craig Williams, Director of Talos Outreach, Cisco

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

What are the latest threats that Threat Intelligence teams are seeing and what are they recommending as best practices for defending against the latest cybersecurity threats?

You won’t want to miss this episode of the Endace Packet Forensic files as Michael sits down with Craig Williams, Director of Talos Outreach at Cisco.

Craig talks about how threats have been evolving over the last year – particularly during the Covid-19 pandemic – and gives us some insights into recent high-profile security issues. He also shares some advice how you can validate your corporate applications and implement zero-trust policies to reduce your exposure to threats.

Finally, Craig talks through key elements of cyber security infrastructure that can help SOC teams investigate issues and evolve towards proactive threat hunting practices.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #19

Original Entry by : Michael Morris

Michael talks to Dr. Ryan Ko, Chair and Director of Cybersecurity for the University of Queensland

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Do your cybersecurity skills meet foundational requirements for security analysts of tomorrow?

You won’t want to miss this informative episode with Dr. Ryan Ko, Chair and Director of Cybersecurity for the University of Queensland. Ryan talks about how the university is building programs around the critical skills needed by cybersecurity analysts of the future.

Ryan is a founder of, and contributor to, the CCSP certification and has developed a variety of masters and post-graduate degree programs in Cybersecurity. He makes his case for why a broad inter-disciplinary approach will be critical for security teams in the years ahead.

Ryan also talks about how new breaches and threats such as supply chain attacks are becoming the norm and some approaches for hunting down these threats.

Finally, he shares what critical tools SOCs need in order to detect and mitigate these complex threats and how SOAR platforms can play a useful role – if implemented correctly.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #18

Original Entry by : Michael Morris

Michael talks to Tim Dudman, Senior Principal Consultant, Riskaware

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Interested in hearing what some of the UK’s leading government cyber defense experts are doing to address their biggest concerns and challenges?

Then don’t miss this insightful episode with Tim Dudman, Senior Principal Consultant for Riskaware, where he shares his experiences in collaborating with academia, industry, and UK Defense funding to generate leading-edge cybersecurity capabilities.

Tim talks about some of the gaps he sees across the industry and how AI and SOAR platforms are fitting in and complementing many security architectures.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #17

Original Entry by : Michael Morris

Michael talks to Jen Miller-Osborn, Deputy Director of Unit 42 at Palo Alto Networks

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Want to hear about the latest attack trends, what to expect in the future and how best to prepare your defenses?

Then don’t miss this episode of our Packet Forensic Files series as Michael catches up with Jen Miller-Osborn from Unit 42 – the threat intelligence group at Palo Alto Networks.

Jen talks about some of the threat trends the team at Unit 42 has been seeing lately – including how ransomware attacks are becoming more sophisticated and targeted, how DDOS attacks are making a comeback, and what the recent Solarwinds “Sunburst” attacks have demonstrated.

She also provides some helpful tips for best practice cyber defense and talks about how the threat landscape might evolve over the next year or two.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #16

Original Entry by : Michael Morris

Michael talks to Chris Bihary, Founder and CEO of Garland Technology

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, EndaceAre you struggling to see all the things happening on your network and ensure you are thoroughly monitoring and securing it?

You won’t want to miss our latest episode of the Endace Packet Forensic Files series with special guest, Chris Bihary, CEO and Founder of Garland Technology.

Chris’s expertise as an innovator and network solution problem solver is unparalleled. In this episode, he shares his insights on the fundamentals for any robust network and security architecture. Chris talks about the complexity of security stacks and why the sheer number of both in-line and out-of-band vendor solutions is making it increasingly challenging to ensure network performance and security.

Hear how to give your teams more time and better data to effectively investigate and mitigate threats and issues. Finally, get Chris’s outlook on the digital world for the year ahead and things you can do to strengthen your network’s performance and security.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #15

Original Entry by : Michael Morris

Michael talks to Brian Ford, Assistant Professor and former Cisco Engineer.

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

How is cyber security training and expertise affecting SecOps teams’ ability to effectively manage and secure their cyber infrastructures?

If you want to hear insights from someone with 30 years in the network security industry don’t miss our first episode of the Endace Packet Forensic Files series for 2021 with special guest, Brian Ford, Assistant Professor at the State University of New York (Farmingdale) and former Cisco Security Expert.

Brian shares his insights into how focused threat hunting can make a huge difference, not only allowing analysts to hone their security skills, but also connecting an organization’s assets, architecture, policies and procedures to elevate its security posture.  Get some tips to sharpen your skills as a cybersecurity analyst and hear why “practice” is so important for being ready for the real thing.

Finally, Brian talks about why moving from reactive operations to more proactive threat hunting helps you to better stay ahead of threat actors.  Don’t miss some great tips on things you can do to become a smarter, more effective security expert.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #14

Original Entry by : Michael Morris

Michael talks to Brett White, Cybersecurity Architect and Advisor.

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Looking for insights into how to improve your cybersecurity posture? You won’t want to miss our last episode of the Endace Packet Forensic Files for 2020. This episode features special guest Brett White, Cyber Security Advisor and Architect.

Brett has many years of experience at Juniper, Cisco and Palo Alto Networks architecting security solutions and advising clients on how to improve their security stacks and processes. He has also worked as both an in-house CISO and as a “CISO for hire”.

In this episode, Brett shares some recommended best practices for robust cybersecurity including the key foundational components of network-wide visibility and high-quality threat intelligence. He also highlights the importance of stepping back from focusing on technology alone and building a security strategy focused on your organization’s business goals, outcomes, and security imperatives.

Finally, Brett puts his predictions hat and suggests three future areas of cybersecurity to keep an eye on to improve your overall security strategy.

Packet Forensics Files will be back after the Christmas and New Year period with our next installment. In the meantime, we wish you a happy and safe Christmas and New Year. Take care.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #13

Original Entry by : Michael Morris

Michael talks to Juliana Vida, Chief Technical Advisor for Splunk Public Sector.

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

How are Government agencies being pushed to transform in the new cybersecurity landscape?

If you want to hear insights from someone with extensive experience “on the inside” don’t miss the latest episode of Endace Packet Forensic Files with special guest Juliana Vida, Chief Technical Advisor for Splunk Public Sector.

Juliana had a long and highly distinguished career as a Navy Officer serving as a helicopter and ship pilot before ultimately becoming Deputy CIO for the US Navy. In this episode, she shares her insights into how some government agencies are changing their approaches to cybersecurity, what they are doing to stay ahead of threat actors, and some of the challenges they are facing.

Juliana discusses how security AI and machine learning tools are helping various groups and where they still need to evolve to help groups culturally embrace and effectively deploy these promising technologies.

Finally, she shares what cybersecurity basics are being implemented by the most secure and successful agencies, and where SOAR is helping to deliver the most impact for government organizations.

Don’t miss Juliana’s insights into the Government’s cybersecurity evolution!

Other episodes in the Secure Networks video/audio podcast series are available here.