Combining Endace and Elastic delivers detailed visibility into real-time and historical network activity

Original Entry by : Cary Wright

By Cary Wright, VP Product Management, Endace


Cary Wright, VP Product Management, Endace

We’re pleased to announce our newest technical partnership with leading SIEM and observability platform provider, Elastic. By combining together EndaceProbe™ always-on Hybrid Cloud packet capture, Elastic™ Stack and Elastic™ Security, we’re providing the packet-level network visibility and detailed network metadata that Security and IT teams need when responding to security threats and network or application performance issues.

How Do We Work Together?

By combining Endace and Elastic Stack, organizations gain accurate, highly detailed visibility into both real-time and historical network activity. Security and IT analysts can search network metadata in Elastic, and quickly pivot to full packet data for forensic investigations when they need to. The result is faster, more accurate incident investigation and resolution. The combination of Elastic Stack and EndaceProbe gives cybersecurity and IT teams the ability to see exactly what’s happening on their network in real-time. EndaceProbes can record weeks or months of full packet capture across hybrid cloud networks to provide a complete and accurate record of all network activity. The detailed full packet capture data recorded by EndaceProbes is a perfect complement to the rich logs and metadata collected by Elastic Stack. When analysts need to go back-in-time to investigate any incident they have a complete record of that activity at their fingertips. Beyond this, the ability to pivot from anomalies or security alerts directly to forensic examination of packet-level data lets analysts see exactly what’s happening. They can quickly respond to incidents and dramatically mitigate threat risk to their organizations.

EndaceFlow and Elastic Stack

In addition, EndaceProbe appliances can host EndaceFlow™, which generates extremely high-fidelity NetFlow data at full line rate. This NetFlow data can be ingested by Elastic Stack to provide detailed metadata for monitoring the security and performance of the network and interrogating network activity. Pre-built integration between EndaceProbes and Elastic Stack enables streamlined investigation workflows. Analysts can click on alerts in the Elastic UI to go directly to the related full packet data recorded by EndaceProbe. Analysts can quickly view traffic right down to individual packet level to see precisely what occurred before, during and after any event, with absolute certainty.

For more information about our Fusion Partner integrations, please visit www.endace.com/fusion-partners.

To see a demonstration of this Elastic Security integration in action please visit the Elastic partner page at https://www.endace.com/elastic-security.


Endace Packet Forensics Files: Episode #42

Original Entry by : Michael Morris

Michael talks to RoseAnn Guttierrez, Technical Enablement Specialist BM at IBM

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

We have all heard horror stories about how SOC teams are overwhelmed and facing a never-ending battle against threat actors. And we all recognize it is not a matter of IF but WHEN you get breached.

So, when the worst happens is your team resilient enough and sufficiently trained to respond effectively ? Are you confident your team can determine, for certain, whether critical data, such as customer information, or systems have been compromised so you can meet all the necessary compliance and reporting obligations? And do you have the network forensics in place that your SOC needs to be able to thoroughly investigate and respond to a breach?

In this episode of the Endace Packet Forensic files, I talk with RoseAnn Guttierrez, Technical Enablement Specialist BM at IBM Security and a former SOC analyst.

Rose shares her experience of what a day in the life of a SOC engineer is really like. She discusses the best practices she and her team put in place to manage the day-to-day challenges and improve their security posture. She also highlights some of the tools that were most valued in their daily operations and the critical importance of interoperability and integrated workflows to ensure efficiency and simplicity for SOC teams.

Rose discussed the challenge of balancing the need to provide reactive incident response versus having the time to devote to more proactive threat-hunting activities and suggests some approaches to better manage the balance between these important tasks. And she provides some suggestions and recommendations for SOCs on how to build maturity into processes, training, and effectiveness to improve security investigation capability.

Rose’s combination of SOC experience and deep knowledge of the security landscape has given her unique insight into the importance of having an interoperable ecosystem of tools and vendors that enables SOC teams to build resiliency and efficiency into their DNA.

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.


Endace Packet Forensics Files: Episode #41

Original Entry by : Michael Morris

Michael talks to Andrew Stewart, Senior National Security and Government Strategist at Cisco

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

In this episode of the Endace Packet Forensic files, I talk with Andrew Stewart, Senior National Security and Government Strategist at Cisco.  Andrew, CAPT, USN (Ret.) is a Senior Federal Strategist at Cisco where he implements strategies to support innovative cybersecurity and AI/ML solutions across the Federal Government.  He also served as the Commanding Officer and Program Manager at the Navy Cyber Warfare Development Group (NCWDG).

With Andrew’s deep experience in national security and government agencies, I wanted to get his thoughts on all the new Whitehouse mandates, and cybersecurity policies from CISA such as the emphasis on Zero Trust and other important initiatives.  We discuss whether what organizations are doing is sufficient given the risks posed by nation-state threat actors.

Noting that CISA guidelines and recommendations and Whitehouse mandates can help organizations and agencies prioritize cybersecurity with more urgency than before, Andrew raises the issue of awareness of cybersecurity among executives and corporate boards.  He suggests that, regardless of whether the threat is a nation-state attacker or a ransomware group, a threat-based approach is crucial. He also discusses the importance of building resilience across all “mission” functions, not just day-to-day operations, especially with a remote workforce.  In short,  security resilience is essential to underpin it all.

Lastly, Andrew highlights trends for the coming months – including the ever-changing nature of threats as hybrid cloud operating environments continue to expand the threat spectrum and transform the way we work. Visibility, he says, remains the key to mastering and controlling such a dynamic threat environment.

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.


Endace Packet Forensics Files: Episode #40

Original Entry by : Michael Morris

Michael talks to Chris Greer, Packet Pioneer and Wireshark Guru.

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Threat hunting is a critical cybersecurity activity that is growing in importance and prevalence around the globe.  Are your SOC analysts developing the skills and toolsets they need to enable more efficient and effective threat hunting?  What are the inhibitors your teams face and do you have the right tools and processes in place?

In this episode of the Endace Packet Forensic files, I talk with Chris Greer of Packet Pioneer.

Chris is an experienced protocol analyst and forensics expert. He is a renowned instructor for Wireshark University as well as the host of a popular YouTube channel where he shares insights into threat hunting and demonstrates the importance of understanding how to investigate and resolve issues using packet analysis. In this episode, Chris talks about some of the problems or threats you can only see as part of your incident response investigation processes and workflows if you have access to full packet data.

Finally, Chris highlights some of the gaps that organizations have in their security stacks that make it hard for them to confirm or deny false positives and how to resolve this visibility issue. He offers recommendations for training and suggests how to improve your organization’s threat hunting capability.

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.


Endace Packet Forensics Files: Episode #39

Original Entry by : Michael Morris

Michael talks to Justin Fier, VP of Tactical Risk and Response, Darktrace.

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

In the current era of extreme geopolitical instability, focus is intensifying on potential nation-state cyberthreats and how governments can defend against nation-states and cyber mercenaries. The increasing threat of nation-state led or sponsored attacks, combined with the massive potential impact of attacks on critical infrastructure are the stuff of nightmares that keep cyberdefenders up at night.

In this episode, I welcome back Justin Fier, VP Tactical Risk and Response at Darktrace (who was our very first guest in this series almost 40 episodes ago!) to talk about nation-state cyber, where he sees the threats lie, and what organizations can do to better prepare for possible attacks.

Justin talks about some of the great work being done by organizations like CISA, and the signs of increased collaboration between nation state defenders as being positive signs that things are moving in the right direction. But there are also significant challenges. Overcoming the slow pace of organizational change, addressing the dearth of skilled cybersecurity professionals, and building the agility to respond to the constantly evolving threat landscape are all major issues that we need to respond to as an industry – whether that’s in government defense or in securing the enterprise.

Lastly, Justin discusses what we need to do to better defend against nation-state and nation-state-sponsored attackers, and puts on his forecasting hat to predict what’s he sees as the most likely threats security teams should focus on over the next year or two.

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.


Endace Packet Forensics Files: Episode #38

Original Entry by : Michael Morris

Michael talks to Hakan Holmgren, EVP of Sales, Cubro

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

As data growth accelerates and distributed workloads increase, enterprises are prioritising cost efficiency and space minimization in modern datacenters. They are looking to leverage new technologies and use smaller, more cost-efficient appliances to reduce cost and improve efficiency.

By architecting infrastructure to prioritize stability and robustness and focusing on reducing carbon footprint, organizations can dramatically reduce power, storage and cooling requirements while also improving efficiency. A win-win outcome.

In this podcast, Hakan Holmgren, EVP Sales at Cubro, talks about how new technologies like Intel barefoot ASICs can accelerate packet processing for cloud datacenters and edge deployments and enable consolidation of infrastructure to reduce cost and minimize environmental impact.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #37

Original Entry by : Michael Morris

Michael talks to Rick Jenssen, VP of Global Operations, Plixer

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Many organizations face challenges maintaining their security posture while dealing with the significant shift towards remote workforces, the dynamic nature of hybrid cloud environments and rapidly growing volumes of interconnected devices.

In short, managing security at scale in highly fluid environments is a daunting challenge. So what can you do to improve your security resiliency?

In this episode of the Endace Packet Forensic files, I talk with Rick Jenssen, VP of Global Operations for Plixer, who shares his experience into building robust security at scale. Rick recommends some best practices to address the common challenges in delivering resilient security in large environments and talks about ways to address the flood of alarms SOC teams face on a daily basis. He suggests a nice, six-step, iterative approach to continually improving your security position.

Finally, Rick reinforces how important the mantra of “practice, practice, practice” is when it comes to preparing your security teams – and the wider organization. Practicing how to investigate, remediate, and respond to potential security breaches makes sure you know what needs to happen in the event of a real crisis and uncovers areas you need to work on to be better prepared.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #36

Original Entry by : Michael Morris

Michael talks to Neil Wilkins, Technical Director EMEA, Garland Technology

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

What does it mean to have security at scale?  For large infrastructures with rapid data growth have you maintained or improved your security posture as you have scaled?

In this episode of the Endace Packet Forensic files I talk with Neil Wilkins, Technical Director for EMEA at Garland Technology, who outlines some of the challenges he sees organizations facing when it comes to maintaining security at scale.  He shares some recommendations and best practices to get on the right path to improve security in large environments.

Finally, Neil shares his thoughts on Security Orchestration and Automation Response (SOAR) platforms and how they can help in environments with lots of tools and events and multiple teams trying to manage the cyber security infrastructure. He provides suggestions for rolling out SOAR solutions and highlights some things to avoid to ensure the platform delivers the returns and efficiencies hoped for.

Having a large, dynamic infrastructure doesn’t mean you can’t keep your arms around your security posture, but you need to have processes and tools in place that can scale as you grow and accelerate incident response to keep ahead of growing threat volumes.

Other episodes in the Secure Networks video/audio podcast series are available here.