Endace Packet Forensics Files: Episode #28

Original Entry by : Michael Morris

Michael talks to Tim Wade, Director, Office of the CTO, Vectra AI

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Security Operations teams at many organizations are reviewing processes and tools as breaches continue to happen, investigation times remain too long, outcomes are uncertain, and too many alerts are going unaddressed. Organizations are asking, “why are we spending so much money on security without tangible results?” They are looking at “SOC Modernization” initiatives to help them defend effectively against increasingly sophisticated threat actors.

In this episode of the Endace Packet Forensic files I talk with Tim Wade, Technical Director from the Office of the CTO at Vectra.AI, who shares his insights into the “SOC Modernization” trend and three pillars that he suggests require a change in thinking to ultimately be successful.

Tim starts with a fundamental change in philosophy – he suggests SOC teams need to shift from a “prevention” to a “resiliency” approach to cyberdefense. He illustrates the importance of taking incremental and iterative steps with monthly and even weekly measurement and review cycles to evaluate progress.

Tim suggests SOC teams need to better understand the rules of the game so they can step back and actively work to break them – because that is exactly what our treat actor adversaries are doing every day. Challenge everything and think like your opponent.

Finally, Tim advises CISOs that modernization needs to address challenges holistically. Not just focusing on technologies, but also ensuring they are working on people and processes and gaps in training, communication, and thinking.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #26

Original Entry by : Michael Morris

Michael talks to Pavel Minarik, CTO of Kemp Technologies

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Many organizations are undertaking SOC and NOC modernizations, but what does this mean and what is driving it?

If your company is planning a “modernization” you won’t want to miss this episode of the Endace Packet Forensic files as Pavel Minarik, CTO of Kemp Technologies, talks about what’s important and what is fueling the need to modernize.

Pavel gives his insights into some of the biggest challenges NOCs and SOCs are facing and shares some tips to help these separate teams work together and collaborate more.  He underscores why this is becoming more important with increasing network complexity, virtualization, and escalating threat attack vectors.

Finally, Pavel talks about why network traffic is such a foundational data source for both NoCs and SoCs and the pros and cons of flow-based monitoring vs full packet monitoring. He shares the best practices analysts are adopting to become improve investigation efficiency and reduce incident response times.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #24

Original Entry by : Michael Morris

Michael talks to Ajit Thyagarajan, Principal Security Architect for Cisco

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

The cybersecurity landscape is constantly changing with new Zero-Day Threats, double-extortion ransomware attacks and continuously evolving phishing techniques. The volume of threats and the pace of change are impacting the way SecOps teams operate and pushing them to find new ways to connect disparate data sources in order to automate processes and improve incident response times.

You won’t want to miss this episode of the Endace Packet Forensic files as I talk with Ajit Thyagarajan, Principal Security Architect for Cisco, who talks about the challenges security analysts are facing and shares his views and ideas on how to improve their day-to-day operation.

Ajit shares the concept of the Intelligent Telemetry Plane that he and his team at Cisco have been developing. He highlights the value of the provenance of telemetry data and how important bringing different data sources together is to staying ahead of threat actors.

Finally, Ajit shares some ideas about the types of challenges a common telemetry management platform can help solve and what to keep your eyes on over the year ahead when it comes to security threats and cyber defense.

Other episodes in the Secure Networks video/audio podcast series are available here.


Changing the Game for Network Security Investigations

Original Entry by : Michael Morris

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, EndaceSecurity teams are overloaded – they have too many alerts, and tools that aren’t integrated. There’s simply not enough of the right information in the hands of security analysts to enable them to investigate issues quickly and confidently.

Organizations need integrated security tools that raise their odds of detecting threats and give them the confidence that they really know what is happening – or has happened – anywhere on their networks.

Today that battle is changing. The game is being tilted in the favor of SecOps teams as analysts can now leverage the power of two powerful and tightly integrated security platforms – Corelight NDR and the EndaceProbe Analytics Platform – to detect and hunt for threats in their networks.

Corelight’s enterprise-ready Zeek and Suricata engines allow SecOps teams to fully analyze network traffic data for threats, protocol insights and application anomalies. Corelight Sensors harness the simplicity of Zeek with enterprise-level performance, scale and administrative capability to give SOCs gain rapid visibility into what’s happening on their network.

Corelight’s out of the box integration of Zeek and Suricata provides a powerful, flexible, and easy-to-deploy security platform that delivers simple and scalable network detection and the detailed insights critical to any security team.

The EndaceProbe “always-on” network recording and packet capture platform gives customers 100% visibility into every packet anywhere on the network, enabling powerful real-time and back-in-time forensic investigation and event reconstruction.

The EndaceProbe platform scales to record traffic at full line-rate across your whole environment. Delivering high-speed centralized search and easy drill-down workflows from your SIEMS or other security tools directly to the recorded network traffic relevant to a specific alert or investigation. Additionally, Endace’s open platform architecture lets you host solutions such as Corelight Sensors as virtualized instances directly on the EndaceProbe appliance to analyze the traffic in real-time as it is recorded. This hosting capability allows you to consolidate key security tools onto a common hardware platform, reducing costs and enabling agile deployment of tools to wherever you need them across your network without additional hardware rollout and configuration.

The power of combining EndaceProbes with Corelight sensors helps customers to solve difficult security challenges like supply-chain attacks or advanced persistent threats, that are often difficult to detect and enable attackers to hide for long periods in the network by camouflaging their activity using sophisticated stealth techniques such as modifying or deleting logs or other evidence.

Having powerful detection and traffic analysis integrated with a tamper-resistant record of network activity in the form of recorded packet history streamlines forensic investigations and threat hunting efforts, making security teams more efficient and effective. Real-world problems such as identifying command and control traffic, spoofed DNS, or lateral movement inside your network can be solved in minutes.

Large technology firms, banks, and government agencies around the globe are enthusiastically embracing the power of Corelight and Endace to help them better secure their environments. To learn more about how together Endace and Corelight can help you better secure your environment check out the short demo video below and Corelight’s partner page on endace.com.


Endace Packet Forensics Files: Episode #20

Original Entry by : Michael Morris

Michael talks to Craig Williams, Director of Talos Outreach, Cisco

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

What are the latest threats that Threat Intelligence teams are seeing and what are they recommending as best practices for defending against the latest cybersecurity threats?

You won’t want to miss this episode of the Endace Packet Forensic files as Michael sits down with Craig Williams, Director of Talos Outreach at Cisco.

Craig talks about how threats have been evolving over the last year – particularly during the Covid-19 pandemic – and gives us some insights into recent high-profile security issues. He also shares some advice how you can validate your corporate applications and implement zero-trust policies to reduce your exposure to threats.

Finally, Craig talks through key elements of cyber security infrastructure that can help SOC teams investigate issues and evolve towards proactive threat hunting practices.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #17

Original Entry by : Michael Morris

Michael talks to Jen Miller-Osborn, Deputy Director of Unit 42 at Palo Alto Networks

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Want to hear about the latest attack trends, what to expect in the future and how best to prepare your defenses?

Then don’t miss this episode of our Packet Forensic Files series as Michael catches up with Jen Miller-Osborn from Unit 42 – the threat intelligence group at Palo Alto Networks.

Jen talks about some of the threat trends the team at Unit 42 has been seeing lately – including how ransomware attacks are becoming more sophisticated and targeted, how DDOS attacks are making a comeback, and what the recent Solarwinds “Sunburst” attacks have demonstrated.

She also provides some helpful tips for best practice cyber defense and talks about how the threat landscape might evolve over the next year or two.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #13

Original Entry by : Michael Morris

Michael talks to Juliana Vida, Chief Technical Advisor for Splunk Public Sector.

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

How are Government agencies being pushed to transform in the new cybersecurity landscape?

If you want to hear insights from someone with extensive experience “on the inside” don’t miss the latest episode of Endace Packet Forensic Files with special guest Juliana Vida, Chief Technical Advisor for Splunk Public Sector.

Juliana had a long and highly distinguished career as a Navy Officer serving as a helicopter and ship pilot before ultimately becoming Deputy CIO for the US Navy. In this episode, she shares her insights into how some government agencies are changing their approaches to cybersecurity, what they are doing to stay ahead of threat actors, and some of the challenges they are facing.

Juliana discusses how security AI and machine learning tools are helping various groups and where they still need to evolve to help groups culturally embrace and effectively deploy these promising technologies.

Finally, she shares what cybersecurity basics are being implemented by the most secure and successful agencies, and where SOAR is helping to deliver the most impact for government organizations.

Don’t miss Juliana’s insights into the Government’s cybersecurity evolution!

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #8

Original Entry by : Michael Morris

Michael talks to Scott Register, VP of Security Solutions for KeySight Technologies

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Catch our latest episode of “Secure Networks – the Packet Forensic Files” vidcast/podcast series with this week’s special guest Scott Register, VP of Security Solutions for KeySight Technologies.

Scott, with his years of experience in building security solutions, shares some of the biggest challenges SecOps teams are facing in today’s environment and what they are doing to solve them.

He talks about the latest trends in the threat landscape and what security teams are doing to test and monitor for these attacks.  Hear how threat simulation can help both validate tool readiness and people processes to elevate your security prevention and response.

Finally, Scott shares his insights into implementing security in 5G and WiFi infrastructures as well as traditional networks and data centers.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #7

Original Entry by : Michael Morris

Michael talks to Travis Rosiek, CTO and Strategy Office at BluVector (a Comcast company)

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

If you haven’t caught up with the insights from our “Secure Networks – the Packet Forensics Files” vidcast/podcast series yet, here is your chance to see what you have been missing out on. This week’s special guest is Travis Rosiek, CTO and Strategy Officer for BluVector (a Comcast company).

Travis, a long-time government cybersecurity specialist, shares his insights into what he sees companies and government agencies are missing from their security strategies.  He talks about how you can begin to move your security activity from being merely reactive to a more proactive approach.

Travis discusses some of the specific challenges and advantages government agencies face compared to enterprises and what both groups can do to elevate their security posture.  He also shares his insights into best practices to protect your IT infrastructure and things to look out for in the ever-changing security landscape.

Other episodes in the Secure Networks video/audio podcast series are available here.


APT’s are the New Cybersecurity Battle Front

Original Entry by : Michael Morris

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Join IBM, Gigamon and Endace
Tuesday, July 21, 2020

Don’t miss this informative webinar hosted by DataBreach Today.

Join Michael Morris (Endace), Russell Warren (IBM) and Martyn Crew (Gigamon) as they discuss strategies for detecting and protecting against APT’s.

Register Now

Advanced Persistent Threats (APTs) are the new battlefront for cybersecurity as threat actors combine multiple malware infiltration techniques to gain the most intelligence, cause the most damage, and ultimately reap the most financial rewards.  APT’s are the most sophisticated of threats, often difficult to detect and potentially lurking in your infrastructure for months or years before the real attack. Their motivations are political or financial, with a goal of maximum impact.

SecOps teams that are continually inundated with alerts and alarms don’t have time to connect the dots to realize some alarms point to APTs that are gaining a foothold. The sooner an APT can be identified and contained, the better the chance of minimizing the financial loss or brand damage your company experiences as a result.  This is easier said than done because skilled bad actors are constantly trying to cover their tracks, mask their existence, and hide the level of access they have gained and data they have collected.

Three pillars are key to effectively finding, containing, and mitigating APTs.  The first pillar is having visibility into everything that’s happening on your network. Getting the right network traffic to the right tools, including safely decrypting any TLS traffic, is critical for full visibility into threatening activity on the network. Other functions, such as deduplication, application filtering, and load-balancing traffic to multiple tools, are also important for an effective security stack.

The second pillar is implementing AI-based security analytics across all security-related telemetry data including Network, Endpoint, Application and Security logs. Bringing all this data together in one place enables the organization to create “baselines” of what is “normal behavior” versus “suspicious activity”. Leading analytics platforms can provide a single, correlated view of threatening activity and leverage integrations with third-party tools that accelerate the incident response process for SecOps teams.

The third pillar is recording enterprise-wide network history for in-depth investigations during incident response.  Many APTs implement wipers to erase evidence of their existence and cover their tracks, including modifying system logs, authentication records and other sources of evidence. However, bad actors can’t hide when enterprises implement continuous network traffic recording.  Recorded network history lets you see exactly what’s happening on the network so you can investigate and defend against even the most well-masked security threats. It provides tamper-proof evidence that lets teams understand the full extent of a threat including the ability to see into payloads that may have been collected and exfiltrated.

Join us on the webinar on July 21st to hear more. Register here.