It’s a busy time for the Endace Australia team. Fresh back from exhibiting at the Australian Cyber Security Conference in Canberra last week, the team is off to Blackhat Asia in Singapore next week (March 28-21). We’ll report back on that event in due course.
The ACSC conference was very lively, with more than 1600 attendees descending on Canberra for the week.
We had a number of very interesting conversations with attendees from both government and commercial organizations. It was clear from many of these conversations that organizations are increasingly looking to packet capture and network recording as a crucial component of their cybersecurity toolset. Either they’re already doing some level of packet capture (often ad-hoc) and they’re interested in extending that capability. Or they’ve recognised the need for complete packet capture and are actively looking to include it as part of their cybersecurity arsenal.
This is great to hear. Our customers have recognised for a long time that packet-data is an unparalleled resource for cybersecurity investigations and it’s clear the wider market is moving in that direction too.
One of the common themes attendees talked about was how the proliferation in the number of security tools is making it difficult for them to get a coherent, single view of threats and activity on the network. We agree, and we talked with many attendees about the need for better integration between security solutions.
Many were interested to hear that our EndaceProbe Network Recorders can integrate with the tools that they are already using – such as Cisco’s Firepower NG IPS, Plixer’s Scrutinizer and Splunk. This integration lets analysts jump directly from alerts in those tools to examine the underlying packet-level network history and see exactly what has taken place. This makes for streamlined investigations, and helps analysts to eliminate false positives, and identify, prioritize and respond to the real threats more quickly.
ACSC 2017 was a great conference, and we look forward to coming back to be part of ACSC 2018. Thanks to the ACSC team for making it a very successful event!
Endace was an exhibiting partner at Dynatrace Perform in Las Vegas this month. Perform is the annual conference for Dynatrace users and attracts attendees from all over the world.
The conference sessions were packed, and our booth in the partner area was swamped during the partner sessions!
In fact it was so busy we didn’t have time to take photos of our booth! So here’s one of Dynatrace’s photos instead. And if you want more, there’s a big gallery of photos on this page.
In the Partner Lounge, Blaine Deutsch and Tom Leahy demonstrated how EndaceProbes integrate with Dynatrace DC RUM to provide instant access to network packet history as definitive evidence for troubleshooting application performance issues. They also showed how using EndaceProbes to Playback recorded history to an instance of the virtual AMD agent hosted in Application Dock offers new options for deep investigation of historical events.
If you weren’t able to make the event, here are the presentations:
Back in 2015 Emma Garner was looking for a fresh challenge to push her both physically and mentally. Taking inspiration from 90s comedy Cool Runnings she decided to try out for the Royal Air Force Bobsleigh Team. The RAF compete in two-person bobsleighs crewed by a driver and brakeman. Invited to attend novice training as a brakeman at Igls in Austria, she soon found herself careening down the course on her first ever week on ice.
“I remember the anticipation the first time I was nudged off the start and the exhilaration at making it down the track first time without my novice driver crashing. Some people weren’t so lucky.”
Endace recently exhibited at the FTC International Cybersecurity Forum, which was held in Lille, France.
It was a very busy event, and attracted more than 7000 cybersecurity and IT professionals from France and further afield. Our indomitable team of Sandrine Kubach and Rob Earley were there to fly the Endace flag at our booth.
Sandrine and Rob showed Forum attendees how EndaceProbe™ Network Recorders can be integrated with security solutions from Cisco, Splunk, Plixer and other vendors to enable security analysts to quickly access a definitive source of network history for cybersecurity investigations. The also talked about the EndaceProbe’s ability to host network security and network performance monitoring applications in the ApplicationDock™ hosting environment
The Top 5 topics of interest for attendees at the conference were:
Managing IT weakness
It was great to see such strong interest in cybersecurity at the conference, and we were really pleased to see how many organizations recognized the importance of capturing network history for security breach investigation.
If you would like to know more about the Forum, FTC has put together a great infographic which gives a visual overview of the event. Thanks to the FTC organizers for a well run event and to all those attendees who stopped by our stand. We really enjoyed talking with you and we’ll be in touch.
Europe got its own Sharkfest in October and the inaugural Wireshark Developer and User Conference was a great success with strong attendance from the user and developer community across Europe. Congratulations to Sharkfest Europe for a great launch to what is sure to be a fantastic annual event.
There was a great program of speakers over the three days. Kicking things off with the pre-conference course was Wireshark University’s Laura Chappell. Her Troubleshooting with Wireshark tutorial was well attended and included invaluable tips for working with Wireshark using workflows which make optimal use of Wireshark to quickly highlight potential issues.
The new DAG 5.5.0 software release is available with some exciting and innovative new features:
Add Provenance smart data to captured packets
“Packets don’t lie – unless you don’t know where they came from.”
One of our customers said that once. And he was right.
So with DAG 5.5.0 we’re introducing a revolutionary new capability. Now you can add “Provenance” smart-data fields to your capture files and streams to provide full, contextual information about where the packets were captured and what the environment was like at the time.
On April 7, the “Heartbleed” bug was announced. It’s a serious flaw in the OpenSSL 1.0 – 1.0.1 code series which affects all applications using it for encryption. In short, it means that anyone who can connect to the server can remotely read the server’s memory – including the SSL certificate secret key, usernames and passwords, and anything else.
With the Heartbleed bug exploit code in the wild, anyone can take advantage of the critical time between public exposure of the exploit and when all organizations can patch (or take offline) vulnerable systems. So, for almost every organization in the world, there are three questions that come to mind. The first question is “which of my public facing servers is vulnerable?” The second question is “have I been exploited since this became public?” And the third question is “what have I lost?”
The EndaceProbe™ Network Recorder helps answer all three questions.
I don’t know about you, but the winter holiday season is a bittersweet pill for me to swallow due in part to two occurrences which are aptly named “Black Friday” and “Cyber Monday.” The connotations themselves conjure up images of sinister malevolence. Black Friday might as well be called “The Black Plague” and Cyber Monday could very well be the title for the next Terminator movie, “Cyber Monday – Rise of the Machines.” The two lexicons of retail mind-control methods are emblazoned in the pre-frontal cortex of every consumer out there…unless by chance, you have been one of the lucky few individuals who is stuck in the 1950’s and opts to buy their holiday presents from the Sears Roebuck Holiday catalog, I envy you.