Category: Packet Forensics Files

Endace Packet Forensics Files: Episode #38

Original Entry by : Michael Morris

Michael talks to Hakan Holmgren, EVP of Sales, Cubro

By Michael Morris, Director of Global Business Development, Endace

Michael Morris, Director of Global Business Development, Endace

As data growth accelerates and distributed workloads increase, enterprises are prioritising cost efficiency and space minimization in modern datacenters. They are looking to leverage new technologies and use smaller, more cost-efficient appliances to reduce cost and improve efficiency.

By architecting infrastructure to prioritize stability and robustness and focusing on reducing carbon footprint, organizations can dramatically reduce power, storage and cooling requirements while also improving efficiency. A win-win outcome.

In this podcast, Hakan Holmgren, EVP Sales at Cubro, talks about how new technologies like Intel barefoot ASICs can accelerate packet processing for cloud datacenters and edge deployments and enable consolidation of infrastructure to reduce cost and minimize environmental impact.

Other episodes in the Secure Networks video/audio podcast series are available here.

Endace Packet Forensics Files: Episode #37

Original Entry by : Michael Morris

Michael talks to Rick Jenssen, VP of Global Operations, Plixer

By Michael Morris, Director of Global Business Development, Endace

Michael Morris, Director of Global Business Development, Endace

Many organizations face challenges maintaining their security posture while dealing with the significant shift towards remote workforces, the dynamic nature of hybrid cloud environments and rapidly growing volumes of interconnected devices.

In short, managing security at scale in highly fluid environments is a daunting challenge. So what can you do to improve your security resiliency?

In this episode of the Endace Packet Forensic files, I talk with Rick Jenssen, VP of Global Operations for Plixer, who shares his experience into building robust security at scale. Rick recommends some best practices to address the common challenges in delivering resilient security in large environments and talks about ways to address the flood of alarms SOC teams face on a daily basis. He suggests a nice, six-step, iterative approach to continually improving your security position.

Finally, Rick reinforces how important the mantra of “practice, practice, practice” is when it comes to preparing your security teams – and the wider organization. Practicing how to investigate, remediate, and respond to potential security breaches makes sure you know what needs to happen in the event of a real crisis and uncovers areas you need to work on to be better prepared.

Other episodes in the Secure Networks video/audio podcast series are available here.

Endace Packet Forensics Files: Episode #36

Original Entry by : Michael Morris

Michael talks to Neil Wilkins, Technical Director EMEA, Garland Technology

By Michael Morris, Director of Global Business Development, Endace

Michael Morris, Director of Global Business Development, Endace

What does it mean to have security at scale?  For large infrastructures with rapid data growth have you maintained or improved your security posture as you have scaled?

In this episode of the Endace Packet Forensic files I talk with Neil Wilkins, Technical Director for EMEA at Garland Technology, who outlines some of the challenges he sees organizations facing when it comes to maintaining security at scale.  He shares some recommendations and best practices to get on the right path to improve security in large environments.

Finally, Neil shares his thoughts on Security Orchestration and Automation Response (SOAR) platforms and how they can help in environments with lots of tools and events and multiple teams trying to manage the cyber security infrastructure. He provides suggestions for rolling out SOAR solutions and highlights some things to avoid to ensure the platform delivers the returns and efficiencies hoped for.

Having a large, dynamic infrastructure doesn’t mean you can’t keep your arms around your security posture, but you need to have processes and tools in place that can scale as you grow and accelerate incident response to keep ahead of growing threat volumes.

Other episodes in the Secure Networks video/audio podcast series are available here.

Endace Packet Forensics Files: Episode #35

Original Entry by : Michael Morris

Michael talks to Timothy Wilson-Johnston, Value Chain Security Leader, Cisco

By Michael Morris, Director of Global Business Development, Endace

Michael Morris, Director of Global Business Development, EndaceWhat did we learn from the recent Log4J 2 vulnerability? How are security holes like this changing the way organizations think about deploying enterprise software solutions?

In this episode of the Endace Packet Forensic files Michael Morris talks with Timothy Wilson-Johnston about the Log4J 2 threat and how it is being exploited in the wild.

Timothy shares his thoughts about what Log4J 2 has taught us, and why organizations need to look at the bigger picture:

  • How can you better defend against vulnerabilities of this type
  • Why it’s so important to closely scrutinize solutions that are deployed – and make sure you have visibility into components that might be included with those solutions

Finally, Timothy discusses the importance of evaluating security vs function and why it is critical to have software inspection and validation processes to manage third-party risk to your business. Knowing what your vendors’ standards are and implementing a structured and repeatable process for evaluating vendors and solutions, is key to improving security maturity.

 

Other episodes in the Secure Networks video/audio podcast series are available here.

Endace Packet Forensics Files: Episode #33

Original Entry by : Michael Morris

Michael talks to NIST Fellow, Ron Ross

By Michael Morris, Director of Global Business Development, Endace

Michael Morris, Director of Global Business Development, Endace

The dynamic nature and complexity of many organizations’ cyber infrastructure makes it hard enough to keep it running and performing, let alone to maintain the highest levels of security to protect your IP and data.  But do you know what the highest level of security standards are?

In this episode of the Endace Packet Forensic files I talk with NIST Fellow, Ron Ross, who shares how cyber security standards are evolving to keep pace with new threats and challenges. Ron highlights where he sees most organizations falling short and the highest priorities they should be addressing. He shares some insights into new standards and recommendations for protecting operational technologies which are becoming an attractive target for threat actors.

Finally, Ron talks about the need to move from a mindset of “prevention” to building “resiliency” into your security architecture to stay ahead of cyberthreats.

Other episodes in the Secure Networks video/audio podcast series are available here.

Endace Packet Forensics Files: Episode #32

Original Entry by : Michael Morris

Michael talks to Merritt Baer, Principal in the Office of the CISO at AWS

By Michael Morris, Director of Global Business Development, Endace

Michael Morris, Director of Global Business Development, Endace

Is your organization trying to implement enterprise level security at scale and you’re not sure where to focus?

In this episode of the Endace Packet Forensic files I talk with Merritt Baer, Principal in the Office of the CISO at AWS, who shares her experience in how to design and build robust, dynamic security at scale. Merritt discusses what security at scale looks like, some of the things that are often missed, and how to protect rapidly evolving hybrid cloud infrastructures.  She highlights some common pitfalls that organizations run into as they shift workloads to cloud providers and how to pivot your SOC teams and tools to ensure you have robust security forensics in place.

Finally, Merritt examines how adopting SOAR platforms can help, and things you can do to prevent gaps and breakdowns in your security posture.

Other episodes in the Secure Networks video/audio podcast series are available here.

Endace Packet Forensics Files: Episode #31

Original Entry by : Michael Morris

Michael talks to Kamal Khlefat, Product Manager, LinkShadow

By Michael Morris, Director of Global Business Development, Endace

Michael Morris, Director of Global Business Development, Endace

Modernizing the SOC is one of the latest trends cyber security teams are undertaking to stay current and on a level playing field against today’s threat actors. Whether it is adapting to simply keep up with the volume of threats or implementing AI and ML technologies to find and prevent more sophisticated threat vectors SecOps need to improve and upgrade.

In this episode of the Endace Packet Forensic files, I talk with seasoned SOC Director, Kamal Khlefat, now Product Manager at LinkShadow, who shares his perspectives on the movement to modernize the SOC.

Kamal gives his insight into where most SOC teams are struggling and the gaps organizations have in their cybersecurity defenses. He shares some observations about what customers are doing to handle ever-increasing alert volumes and the fatigue analysts suffer in their relentless effort to investigate and troubleshoot every indicator of compromise. And, finally, Kamal highlights some of the differences he is seeing between various industry verticals like governments, financial, energy and retail.

Other episodes in the Secure Networks video/audio podcast series are available here.

Endace Packet Forensics Files: Episode #30

Original Entry by : Michael Morris

Michael talks to Tony Krzyzewski, Director of SAM for Compliance and Global Cyber Alliance Ambassador

By Michael Morris, Director of Global Business Development, Endace

Michael Morris, Director of Global Business Development, Endace

In this episode of the Endace Packet Forensic files, I talk with Tony Krzyzewski, Director of SAM for Compliance, Global Cyber Alliance Ambassador, and New Zealand’s Convenor on the International Standards Organization SC27 Information Security, Cybersecurity and Privacy Protection Standards Committee.

With more than four decades working in IT and Networking, and almost three decades in cybersecurity, there are few more experienced practitioners than Tony. In this episode, Tony draws on his extensive experience to give some practical, pragmatic advice about where organizations need to focus to improve their cyber defenses. He highlights the importance of focusing on operational management processes for any cyber security program and reinforces the mantra I have been hearing from many CISOs about how the importance of regularly practising and performing “Security FireDrills”.

Tony talks about his long-time campaign to encourage organizations to adopt DMARC, “Domain-based Message Authentication, Reporting and Conformance” policies to improve protections against fraudulent email and phishing attacks.

Finally, Tony gives his perspective on the massive surge in SOAR and XDR solutions in the market and how that is impacting organizations’ security postures, and puts on his predictions hat as he talks about what to look out for in the year ahead.

Other episodes in the Secure Networks video/audio podcast series are available here.