Changing the Game for Network Security Investigations

Original Entry by : Michael Morris

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, EndaceSecurity teams are overloaded – they have too many alerts, and tools that aren’t integrated. There’s simply not enough of the right information in the hands of security analysts to enable them to investigate issues quickly and confidently.

Organizations need integrated security tools that raise their odds of detecting threats and give them the confidence that they really know what is happening – or has happened – anywhere on their networks.

Today that battle is changing. The game is being tilted in the favor of SecOps teams as analysts can now leverage the power of two powerful and tightly integrated security platforms – Corelight NDR and the EndaceProbe Analytics Platform – to detect and hunt for threats in their networks.

Corelight’s enterprise-ready Zeek and Suricata engines allow SecOps teams to fully analyze network traffic data for threats, protocol insights and application anomalies. Corelight Sensors harness the simplicity of Zeek with enterprise-level performance, scale and administrative capability to give SOCs gain rapid visibility into what’s happening on their network.

Corelight’s out of the box integration of Zeek and Suricata provides a powerful, flexible, and easy-to-deploy security platform that delivers simple and scalable network detection and the detailed insights critical to any security team.

The EndaceProbe “always-on” network recording and packet capture platform gives customers 100% visibility into every packet anywhere on the network, enabling powerful real-time and back-in-time forensic investigation and event reconstruction.

The EndaceProbe platform scales to record traffic at full line-rate across your whole environment. Delivering high-speed centralized search and easy drill-down workflows from your SIEMS or other security tools directly to the recorded network traffic relevant to a specific alert or investigation. Additionally, Endace’s open platform architecture lets you host solutions such as Corelight Sensors as virtualized instances directly on the EndaceProbe appliance to analyze the traffic in real-time as it is recorded. This hosting capability allows you to consolidate key security tools onto a common hardware platform, reducing costs and enabling agile deployment of tools to wherever you need them across your network without additional hardware rollout and configuration.

The power of combining EndaceProbes with Corelight sensors helps customers to solve difficult security challenges like supply-chain attacks or advanced persistent threats, that are often difficult to detect and enable attackers to hide for long periods in the network by camouflaging their activity using sophisticated stealth techniques such as modifying or deleting logs or other evidence.

Having powerful detection and traffic analysis integrated with a tamper-resistant record of network activity in the form of recorded packet history streamlines forensic investigations and threat hunting efforts, making security teams more efficient and effective. Real-world problems such as identifying command and control traffic, spoofed DNS, or lateral movement inside your network can be solved in minutes.

Large technology firms, banks, and government agencies around the globe are enthusiastically embracing the power of Corelight and Endace to help them better secure their environments. To learn more about how together Endace and Corelight can help you better secure your environment check out the short demo video below and Corelight’s partner page on endace.com.


Endace Packet Forensics Files: Episode #20

Original Entry by : Michael Morris

Michael talks to Craig Williams, Director of Talos Outreach, Cisco

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

What are the latest threats that Threat Intelligence teams are seeing and what are they recommending as best practices for defending against the latest cybersecurity threats?

You won’t want to miss this episode of the Endace Packet Forensic files as Michael sits down with Craig Williams, Director of Talos Outreach at Cisco.

Craig talks about how threats have been evolving over the last year – particularly during the Covid-19 pandemic – and gives us some insights into recent high-profile security issues. He also shares some advice how you can validate your corporate applications and implement zero-trust policies to reduce your exposure to threats.

Finally, Craig talks through key elements of cyber security infrastructure that can help SOC teams investigate issues and evolve towards proactive threat hunting practices.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #17

Original Entry by : Michael Morris

Michael talks to Jen Miller-Osborn, Deputy Director of Unit 42 at Palo Alto Networks

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Want to hear about the latest attack trends, what to expect in the future and how best to prepare your defenses?

Then don’t miss this episode of our Packet Forensic Files series as Michael catches up with Jen Miller-Osborn from Unit 42 – the threat intelligence group at Palo Alto Networks.

Jen talks about some of the threat trends the team at Unit 42 has been seeing lately – including how ransomware attacks are becoming more sophisticated and targeted, how DDOS attacks are making a comeback, and what the recent Solarwinds “Sunburst” attacks have demonstrated.

She also provides some helpful tips for best practice cyber defense and talks about how the threat landscape might evolve over the next year or two.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #13

Original Entry by : Michael Morris

Michael talks to Juliana Vida, Chief Technical Advisor for Splunk Public Sector.

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

How are Government agencies being pushed to transform in the new cybersecurity landscape?

If you want to hear insights from someone with extensive experience “on the inside” don’t miss the latest episode of Endace Packet Forensic Files with special guest Juliana Vida, Chief Technical Advisor for Splunk Public Sector.

Juliana had a long and highly distinguished career as a Navy Officer serving as a helicopter and ship pilot before ultimately becoming Deputy CIO for the US Navy. In this episode, she shares her insights into how some government agencies are changing their approaches to cybersecurity, what they are doing to stay ahead of threat actors, and some of the challenges they are facing.

Juliana discusses how security AI and machine learning tools are helping various groups and where they still need to evolve to help groups culturally embrace and effectively deploy these promising technologies.

Finally, she shares what cybersecurity basics are being implemented by the most secure and successful agencies, and where SOAR is helping to deliver the most impact for government organizations.

Don’t miss Juliana’s insights into the Government’s cybersecurity evolution!

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #8

Original Entry by : Michael Morris

Michael talks to Scott Register, VP of Security Solutions for KeySight Technologies

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Catch our latest episode of “Secure Networks – the Packet Forensic Files” vidcast/podcast series with this week’s special guest Scott Register, VP of Security Solutions for KeySight Technologies.

Scott, with his years of experience in building security solutions, shares some of the biggest challenges SecOps teams are facing in today’s environment and what they are doing to solve them.

He talks about the latest trends in the threat landscape and what security teams are doing to test and monitor for these attacks.  Hear how threat simulation can help both validate tool readiness and people processes to elevate your security prevention and response.

Finally, Scott shares his insights into implementing security in 5G and WiFi infrastructures as well as traditional networks and data centers.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace Packet Forensics Files: Episode #7

Original Entry by : Michael Morris

Michael talks to Travis Rosiek, CTO and Strategy Office at BluVector (a Comcast company)

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

If you haven’t caught up with the insights from our “Secure Networks – the Packet Forensics Files” vidcast/podcast series yet, here is your chance to see what you have been missing out on. This week’s special guest is Travis Rosiek, CTO and Strategy Officer for BluVector (a Comcast company).

Travis, a long-time government cybersecurity specialist, shares his insights into what he sees companies and government agencies are missing from their security strategies.  He talks about how you can begin to move your security activity from being merely reactive to a more proactive approach.

Travis discusses some of the specific challenges and advantages government agencies face compared to enterprises and what both groups can do to elevate their security posture.  He also shares his insights into best practices to protect your IT infrastructure and things to look out for in the ever-changing security landscape.

Other episodes in the Secure Networks video/audio podcast series are available here.


APT’s are the New Cybersecurity Battle Front

Original Entry by : Michael Morris

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Join IBM, Gigamon and Endace
Tuesday, July 21, 2020

Don’t miss this informative webinar hosted by DataBreach Today.

Join Michael Morris (Endace), Russell Warren (IBM) and Martyn Crew (Gigamon) as they discuss strategies for detecting and protecting against APT’s.

Register Now

Advanced Persistent Threats (APTs) are the new battlefront for cybersecurity as threat actors combine multiple malware infiltration techniques to gain the most intelligence, cause the most damage, and ultimately reap the most financial rewards.  APT’s are the most sophisticated of threats, often difficult to detect and potentially lurking in your infrastructure for months or years before the real attack. Their motivations are political or financial, with a goal of maximum impact.

SecOps teams that are continually inundated with alerts and alarms don’t have time to connect the dots to realize some alarms point to APTs that are gaining a foothold. The sooner an APT can be identified and contained, the better the chance of minimizing the financial loss or brand damage your company experiences as a result.  This is easier said than done because skilled bad actors are constantly trying to cover their tracks, mask their existence, and hide the level of access they have gained and data they have collected.

Three pillars are key to effectively finding, containing, and mitigating APTs.  The first pillar is having visibility into everything that’s happening on your network. Getting the right network traffic to the right tools, including safely decrypting any TLS traffic, is critical for full visibility into threatening activity on the network. Other functions, such as deduplication, application filtering, and load-balancing traffic to multiple tools, are also important for an effective security stack.

The second pillar is implementing AI-based security analytics across all security-related telemetry data including Network, Endpoint, Application and Security logs. Bringing all this data together in one place enables the organization to create “baselines” of what is “normal behavior” versus “suspicious activity”. Leading analytics platforms can provide a single, correlated view of threatening activity and leverage integrations with third-party tools that accelerate the incident response process for SecOps teams.

The third pillar is recording enterprise-wide network history for in-depth investigations during incident response.  Many APTs implement wipers to erase evidence of their existence and cover their tracks, including modifying system logs, authentication records and other sources of evidence. However, bad actors can’t hide when enterprises implement continuous network traffic recording.  Recorded network history lets you see exactly what’s happening on the network so you can investigate and defend against even the most well-masked security threats. It provides tamper-proof evidence that lets teams understand the full extent of a threat including the ability to see into payloads that may have been collected and exfiltrated.

Join us on the webinar on July 21st to hear more. Register here.