2021 awards season kicks off with nine new awards for Endace

Original Entry by : Endace

Endace Wins 9 New AwardsEndace and the EndaceProbe Analytics Platform have been honored with nine awards in two well-regarded industry awards programs: The Globee 17th Annual 2021 Cyber Security Global Excellence Awards and the 2021 Cybersecurity Excellence Awards. The award categories include Most Innovative Security Hardware, Hot Security Company of the Year, Hot Security Technology of the Year, and Cybersecurity Blogger of the Year. 

From the Globee 17th Annual 2021 Cyber Security Global Excellence Awards, Endace was selected as the winner in the following categories:

  • Grand Trophy Winner
  • Gold Award, Hot Security Company of the Year: Endace
  • Gold Award, Most Innovative Security Hardware of the Year: EndaceProbe Analytics Platform Product Suite and Fusion Partner Program
  • Gold Award, Hot Security Technology of the Year: EndaceProbe Analytics Platform Product Suite
  • Gold Award, Network Detection and Response: EndaceProbe Analytics Platform
  • Gold Award, Incident Analysis and Response Solution: EndaceProbe Analytics Platform Product Suite
  • Silver Award, Network Security and Management: EndaceProbe Analytics Platform with EndaceVision

From the 2021 Cybersecurity Excellence Awards, Endace won two silver awards in:

  • Best CyberSecurity Company, Asia (between 50-99 employees)
  • CyberSecurity Blogger of the Year, Asia (Endace Packet Forensics Files hosted by Michael Morris)

There was strong competition across both awards programs this year and Endace would like to congratulate all this year’s winners and nominees – in particular our partners and fellow winners: Darktrace, Palo Alto Networks and Keysight (Ixia).

It’s great to see such a vibrant community of cybersecurity companies in the market. Our combined contributions are critically important to further improving cyber defense and helping organizations around the world protect critical infrastructure and private data from criminal and nation-state-sponsored attacks.


Endace Packet Forensics Files: Episode #11

Original Entry by : Michael Morris

Michael talks to Kate Kuehn, Senior VP at vArmour.

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, EndaceWhat are some of the top things on the minds of CISOs in today’s COVID-affected, remote-working, rapidly digitally transforming world?

If you want to hear what’s dominating their thinking then don’t miss our latest episode of the Endace Packet Forensic Files Vidcast/Podcast series with special guest Kate Kuehn, SVP at vArmour.

Kate is a seasoned security executive with years of experience as a CISO herself as well as working alongside many other CISOs. In this episode, Kate talks about what she sees are some of the biggest challenges that CISOs and their security teams face in response to digital transformation and rapid changes to their hybrid cloud and on-premise environments.

Kate shares her insights into what SecOps teams are doing to address those challenges and what things she thinks they are still missing. Finally, she reveals some must-haves for every CISO to consider as they select security tools and the gaps many organizations still have in their security stacks.

Don’t miss the chance to learn from Kate’s exceptional security insights.

Other episodes in the Secure Networks video/audio podcast series are available here.


Endace + XSOAR = Nirvana for the SoC

Original Entry by : Cary Wright

Integrating Palo Alto Cortex XSOAR with the EndaceProbe Analytics Platform

By Cary Wright, VP Product Management, Endace


Cary Wright, VP Product Management, EndaceThis week we are announcing an exciting integration with Palo Alto Networks Cortex XSOAR, formerly Demisto. This integration provides XSOAR customers with automated playbooks that easily pull in packet-level evidence for fast, conclusive, and repeatable response to security incidents. This integration complements our existing partnership with Palo Alto Networks NGFW and Panorama so now you can access packet-level data across multiple Palo Alto solutions.

So what is this “Nirvana for the SoC” we are all striving for?

The most effective SoC teams I’ve seen are well-oiled machines, reviewing and resolving many potentially dangerous security incidents each day and neutralizing threats quickly and confidently. What makes these teams successful is a repeatable and well-understood process, based on evidence, backed by automation, with integrated workflows across a suite of best in class security tools.

These teams have a wide range of experience–from new recruits to seasoned experts–all highly motivated and working collaboratively to solve complex issues. This exceptional environment not only provides high levels of productivity and security, but it also is great for team morale, staff retention, and hiring. Adding new staff is streamlined because all the processes are documented and/or automated, workflows are simple, and less experienced hires can contribute quickly. I am sure you would agree this is the SoC team Nirvana that we are all striving for?

SoC teams are flying blind without network packet history at their fingertips. Sophisticated attackers do their best to cover their tracks by modifying server logs or deleting evidence. However,   packets don’t lie and can’t be tampered with. That’s why many SoC teams deploy EndaceProbe alongside their firewalls so they can turn to the packets to investigate their most challenging security incidents. It’s the evidence needed to know without a doubt what happened at 2pm last Tuesday afternoon when a security alert indicated a potential attack.

We integrated with Cortex XSOAR because we realized that many teams were missing the essential packet-level evidence required for fast and conclusive security investigations. XSOAR playbooks now automate the collection of packet evidence from any EndaceProbe in the deployment. Packet evidence is then archived and attached to a “case” or “war room” allowing multiple team members to contribute to the investigation at any time in the future.

The complete workflow can be integrated with the entire security tool suite including endpoint, network, SIEM, NGFW, and other security elements. And finally, these playbooks can be customized to suit the specific needs of the organization.

Check out the demo video on Palo Alto Network’s Fusion partner page to see this integration in action, and reach out if you’d like more information.

I am very proud of what our team has achieved with this integration to Cortex XSOAR. Our customers can now manage alerts across all sources using a standard process, take action on threat intel, and automate response for any security use case – resulting in significantly faster responses that require less manual review. I’m really looking forward to seeing our customers take advantage of this new capability to create their own SoC team Nirvana.

Happy hunting,

Cary

 


The Importance of Network Data to Threat Hunting (Part 4)

Original Entry by : Robert Salier

How Endace Accelerates Threat Hunting

By Robert Salier, Product Manager, Endace


Robert Salier, Product Manager, Endace

Despite having a variety of tools at their disposal, many organizations still struggle with detecting and investigating security threats effectively and efficiently.  Inevitably, some threats are not detected because skilled hackers expend a great deal of effort avoiding security monitoring systems and removing the evidence of their activity by deleting or modifying logs and files. Even when threats are detected, organizations often lack sufficient visibility to ascertain the exact scope and nature of the threat: to be certain they have completely removed it and to be totally confident they can detect and prevent a recurrence.

This is the final post in our series on threat hunting (see here for part 1, part 2 and part 3).

In this post I take a look at how the EndaceProbe Analytics Platform can accelerate threat hunting: delivering deeper insight into network activity through rich network data that provides an independent and unadulterated view of activity in your environment.  It also explains how the EndaceProbe’s open platform approach delivers significant productivity and cost benefits, breaking down traditional barriers to affordability and practicality.

Full Packet-Level Capture of Network History

Skilled hackers (and clever malware) routinely delete or modify logs and files containing traces of their malicious activity.  However, it’s virtually impossible for them to remove traces of their presence from the traffic that traverses the network.  So, monitoring, capturing and analyzing network traffic is often the difference between being able to detect an intruder, and not, and collecting the conclusive evidence you need to address the threat, or not.

When malicious activity is detected, the next challenge is to obtain a clear picture of what has occurred.  This is critical for several reasons. Firstly, enterprises have regulatory or policy obligations such as complying with information security standards and breach disclosure regulations. Secondly, it’s critical to be able to keep stakeholders – including executive management, PR, Legal, HR suppliers, partners, and customers – informed and be able to accurately answer any questions.  And last, but not least, having a clear, unambiguous picture of what has occurred is also essential to be able to confirm that the threat has been neutralized and for you to be confident that sufficient measures are put in place to prevent a re-occurrence.

As discussed in Part 2 of this series, log files and other data sources such as flow-based network data can provide valuable insight into activity. And they might enable you to detect a threat. The problem is these data sources often don’t contain sufficient detail to enable a clear picture of exactly what happened, how it happened and what the impact is. Server and firewall logs, for example, might reveal communication between a host on your network and a malicious external host. But they can’t tell you what the actual contents of that communication were.

Capturing and storing packet history, on the other hand, gives you a verbatim copy of communications over the network, allowing you to see precisely what was sent and received with zero loss of fidelity. Packets contain all the contents: allowing accurate reconstruction of the entire conversation including file and document contents, web page interactions, emails, audio and video streams, etc.

Research report from EMA identifies packet capture as a key enabler for stronger security

Enterprise Management Associates (EMA) surveys enterprises annually to report on the strategies leading organizations are adopting to strengthen their cyber defenses. In the 2019 edition of “Unlocking High Fidelity Security”, packet capture was highlighted as a key enabler of stronger cybersecurity.

 

Download a Free Copy

 

Open Platform Approach

EndaceProbes can host a range of third party security solutions including Intrusion Detection Systems, virtual next-gen firewalls, AI-based security tools, and many other commercial, open-source or custom security and network or application performance monitoring solutions.  Because each EndaceProbe can host multiple tools, you only need to purchase and deploy packet capture hardware once.  You then have the freedom to choose best-of-breed tools, and the agility to quickly deploy new and/or updated tools without changing the underlying hardware platform.

Threat hunters can also dramatically accelerate and streamline investigations thanks to pre-built integrations between EndaceProbes and many third-party tools.  These integrations enable analysts to click on an alarm/event in any of these tools to quickly retrieve and analyze the related full packet data that is recorded on the EndaceProbes on the network.

For more details check out The Benefits of an Open Analytics Platform.

Breakthrough density and affordability

We’re very proud of our breakthrough density and price per petabyte, putting a month or more of network history within reach of many more organizations.  Our EP-9200 EndaceProbes provide 40Gbps packet capture and built-in investigation tools, hosting capacity for up to 12 applications, and a petabyte of network history storage, all in a single appliance just four rack units high.

How do we do it?  Well, it’s not just an efficient organization and economies of scale.  We have smart engineers implementing proprietary hardware, real-time storage compression, and features such as our patented Smart Truncation™.  For more, check out https://www.endace.com/endaceprobe.

Breakthrough practicality

We realize that storing network history is of limited use if it is too difficult, expensive or time consuming to extract value from it.  We knew we had to provide a way to…

  • Centrally manage estates of EndaceProbes that may be global in scale to reduce the operational cost and minimize management overheads.
  • Enable SecOps, NetOps and IT teams to quickly and easily find packets of interest from within terabytes or petabytes of data that may be distributed across a global network. And do this from a central point without having to figure out where those packets were recorded or which EndaceProbe they are stored on.
  • Meet the needs of large, complex, globally distributed networks, with the ability to scale to provide virtually unlimited storage capacity and monitor links of any speed.

So we developed the EndaceFabric™ architecture.

EndaceFabric allows multiple EndaceProbes to be deployed at various points throughout a network and seamlessly connected to form a network-wide packet capture, recording and hosting fabric.  Analysts can perform investigations and search and mine recorded Network History across multiple EndaceProbes simultaneously from a single UI.  Similarly, administrators can centrally manage estates of hundreds of connected EndaceProbes making it easy to configure, update and monitor the health and performance of the entire estate.

EndaceFabric provides more than a single pane of glass for administration, search and data-mining however.  The architecture also allows EndaceProbes to be stacked or grouped to create logical EndaceProbes capable of capturing traffic at practically any line rate with no limits to storage capacity scalability.

EndaceFabric is also the key to amazingly fast searches for packets of interest.  Due to the inherently distributed, parallel architecture, and our advanced search algorithms, search times remain constant regardless of the number of EndaceProbes involved.  A needle-in-a-haystack search for specific packets-of-interest across a hundred EndaceProbes and a hundred petabytes of network history can take just seconds.

For more details, check out https://www.endace.com/EndaceFabric, our videos describing the EndaceFabric architecture, and a demo showing our amazingly fast search.

And finally

This was the final article in our series on threat hunting, and how the Endace Analytics Platform can increase the efficiency and conclusiveness of threat hunts. We hope you found it useful?

If you’d like to find out more, please don’t hesitate to reach out to your local Endace representative, or contact us at https://www.endace.com/contact.


Watch Endace on Cisco ThreatWise TV from RSA 2019

Original Entry by : Endace

It was a privilege to attend this year’s RSA cybersecurity event in San Francisco, and one of our top highlights was certainly the opportunity to speak to Cisco’s ThreatWise TV host Jason Wright. Watch the video on Cisco’s ThreatWise TV (or below) as Jason interviews our very own Michael Morris to learn more about how Cisco and Endace integrate to accelerate and improve cyber incident investigations.

In this short 4 minute video, Michael demonstrates how Cisco Firepower and Stealthwatch can be used together to investigate intrusion events, using Cisco dashboards and EndaceVision to drill down into events by priority and classification to show where threats come from, who has been affected and whether any lateral movement occurred, as well as conversation history and traffic profiles. Michael also explains how Cisco and Endace work together to ‘find a needle in a haystack’ across petabytes of network traffic.

A big thanks to Cisco and to Jason for giving us this spotlight opportunity. If you have any questions about how Cisco and Endace integrations can accelerate and improve cyber incident investigation, visit our Cisco partner page.


Endace Scoops Award Hat-trick at Info Security Products Guide’s 2019 Global Excellence Awards

Original Entry by : Sebastian Mackay

Endace Scoops Triple at Info Security Products Guide Global Excellence Awards 2019It’s been a great start to the year for Endace, with a triple win at Info Security Products Guide 2019 Global Excellence Awards.

The EndaceProbe Series 9200 was announced as a Gold Winner in the Best Security Hardware Product (New or Updated Version) category, Silver Winner in the Security Investigation category, and Bronze Winner in Network Security and Management category.

The global awards, now in its 15th year, recognize cybersecurity and information technology vendors with advanced, ground-breaking products, solutions, and services that are helping set the bar higher for others in all areas of security and technologies.

The new 9200 Series is the latest model EndaceProbe which has a significant increase in capability; setting new industry benchmarks for speed, density and storage capacity. By introducing built-in hardware compression and patented Smart TruncationTM Endace has quadrupled the storage capacity, doubled the sustained recording speed and tripled the hosting capacity of this model compared to previous models – resulting in the world’s first petabyte network recorder in a single, 4-RU footprint.

“We are extremely proud that our EndaceProbe 9200 Series Analytics Platform has been recognized as a winner by Info Security Products Guide,” said Stuart Wilson, CEO of Endace. “And to receive not just one award but three, amongst such fantastic company, is truly tremendous.”

“This success is a direct result of our relentless drive to stay customer-focused and make packet capture affordable for all enterprises, and above all a fantastic effort from a very talented team here at Endace. The awards further validate our commitment to our customers and their security needs and to the fantastic collaborative relationship we have with our Fusion Partners. It was great to see two of these partners – Darktrace and Ixia – also recognised in these awards: congratulations team.”

 


Investigate Threats Faster than Ever Before

Original Entry by : Sebastian Mackay

The EndaceProbe Analytics Platform allows analysts to capture, store, and analyze petabytes of Network History in real-time.OSm - Operating System for Monitoring

By going back-in-time, analysts can search recorded network traffic and find the precise “needle-in-the-haystack” packets that relate to a security threat, breach or outage, and quickly and accurately reconstruct exactly what took place.

InvestigationManager, released as part of OSm 6.5 for Endace appliances, allows analysts to conduct searches in seconds across petabytes of distributed Network History recorded by the EndaceProbe Analytics Platforms on their network.

Designed for conducting centralized, network-wide investigations, InvestigationManager is built for speed and efficiency and maintains the same ultra-fast response times whether it’s searching a single EndaceProbe or multiple EndaceProbes simultaneously. It does this by parallelizing search and data-mining across all the EndaceProbes being searched, simultaneously.

InvestigationManager is a standalone virtual server application that has a no-cost license. Multiple instances of InvestigationManager can be deployed as needed to manage or control access to Network History by region, network segment, job function or security clearance level.


Endace Selected as SC Media 2019 Trust Award Finalist; Company Recognized in Best Computer Forensics Solution Category

Original Entry by : Sebastian Mackay

Endace, a specialist in high-speed network recording, traffic playback and analytics hosting, today announced that its new, ultra-high-capacity, 9200 Series EndaceProbe™ Analytics Platform has been recognized as a Trust Award finalist in the Best Computer Forensic Solutions category for the 2019 SC Awards. The finalists and winners for the Trust Awards are chosen by an expert panel of judges with extensive knowledge and experience in the cybersecurity industry. Winners will be announced at the SC Awards ceremony on March 5, 2019 in San Francisco.

“Every new year brings with it an unpredictable mix of adversity and opportunity for information security professionals,” said Illena Armstrong, VP, editorial, SC Media. “In 2018, we watched as ransomware took down entire city governments, popular online platforms were accused of mishandling user data, and technology giants announced an unprecedented industry-wide effort to solve the Spectre and Meltdown CPU vulnerabilities. Through it all, this year’s SC Awards finalists found ways to break boundaries, overcome challenges and contribute fresh new ideas to the world of cybersecurity.”

Now in its 22nd year, SC Awards is recognized as the industry gold standard of accomplishment for cybersecurity professionals, products and services. With the awards, SC Media recognizes the achievements of cybersecurity professionals in the field, the innovations happening in the vendor and service provider communities, and the vigilant work of government, commercial and nonprofit entities. Vendors and service providers who offer a product and/or service for the commercial, government, educational, nonprofit or other industries are eligible for the SC Awards’ Trust Award category.

“We are honored that SC Media has recognized the breakthrough accomplishments of our new 9200 Series EndaceProbe Analytics Platform,” said Stuart Wilson, Endace CEO. “With 100% accurate packet capture and up to a petabyte of packet storage capacity on each appliance, the new 9200’s rapid search capability lets security analysts quickly find and analyze specific traffic of interest from within weeks or months of network history recorded by the EndaceProbes on their network.”

“The platform’s ability to simultaneously host third-party and open-source security solutions means customers can deploy their chosen security tools where and when they need to, giving them the agility to keep up with today’s constantly evolving threat landscape without having to change hardware to deploy new security functions,” Wilson said.

“Nobody understands the cybersecurity battle better than the cybersecurity professionals who work day in and day out to clean up and protect businesses from malicious attacks,” added Armstrong of SC Media. “Endace is one of a select few to receive this tremendous recognition of a Trust Award finalist, and they should be proud of the work this represents.”