As the Crusaders and Hurricanes fought it out on a miserable, cold rainy night in the stadium across the carpark, a crowd of almost 800 people, dressed in their finery, descended on Christchurch’s Horncastle Arena for the 2018 Hitech Awards last week.
The Hitech Awards is the glamour event for New Zealand’s Hitech sector and features a stellar cast of 70 international and national judges judging entries across 13 categories, including our own David Earl.
Diversity was a big focus for the Hitech Trust this year, and it was really pleasing to see so many women represented amongst the finalists. Jen Rutherford, Chairperson of the Hitech Trust said “The number of finalists with female CEO’s has almost doubled year-on-year. Whilst we are not there yet, we are moving in the right direction. Our industry is truly in great shape.”
Endace sponsored the Most Innovative Hi-Tech Hardware Product Award, which was a keenly fought category again this year, with a wide range of products from Ubco‘s radical, off-road electric bike to a 3D Bioimaging device from Mars Bioimaging and innovative construction equipment from Calibre Contracting Equipment. The winner of the award was Enatel for its smart, modular charging solutions used to power material handling equipment.
Congratulations to all the finalists and winners. We wish them all the best of luck in their endeavors. And we look forward to seeing what innovative technology will appear at next year’s Hitech Awards.
For those that weren’t able to attend, here’s a highlights reel courtesy of our friends at Swaytech, who organized the event. Great job guys!
From the 5-7th June 2018, the Endace team will be exhibiting at Infosecurity Europe at Olympia, London. Infosecurity, Europe’s largest conference programme, offers more than 400 exhibitors (and 19,500 information security professionals) the chance to showcase market-leading information security solutions.
“The UK team will be demonstrating Endace’s range of products and how they can be integrated with security tools from partners like Cisco, Splunk, Plixer and Palo Alto Networks,” says James Barrett, Senior Director EMEA. “We’re looking forward to hearing some great keynotes, as well as participating in the tech and strategy talks, while sharing our expertise with attendees and other exhibitors.”
Infosecurity brings more than 240 free conference sessions, with attendees ranging from industry veterans to promising start-ups. Alongside the conference sessions and exhibition hall, the event provides networking opportunities for attendees to share knowledge and experience.
You can read more about Endace and our products on the Endace website or on Infosecurity’s exhibitor page. To meet the Endace team and receive a demo at Infosecurity, visit stand R100 or contact us here.
As cyber threats become increasingly sophisticated, ensuring you’re not subject to a security breach is more important than ever before. That’s why we’re pleased to announce a new partnership with AI-driven network security company, BluVector.
Cortex, BluVector’s next generation, AI-based intrusion detection solution can now be deployed directly onto our EndaceProbe Analytics Platform. In addition, Cortex integrates with the Network History recorded by EndaceProbes, enabling analysts to go from an alert in the Cortex dashboard directly to the related packets in EndaceVision with a single click.
A security intrusion doesn’t have to lead to a major breach or cyber incident. But detecting, investigating and responding to threats quickly is critical. The combination of BluVector’s state-of-the-art threat detection combined with Endace’s 100% accurate packet-level evidence means that SecOps teams can investigate, respond to and neutralize intrusions with great efficiency. Information collected from thousands of disparate data sources is analyzed and prioritized and made available instantly to SecOps teams. This allows analysts to quickly understand the severity of threats and minimize them before they have the chance to escalate into a breach.
If you are going to the RSA Conference in San Francisco, both the Endace and BluVector teams will be at Booth 1615, South Expo demonstrating our combined solution. Be sure to visit us to see what our powerful partnership can do for you! If you’d like to find out more, check out our BluVector partner page: endace.com/partners/fusion/bluvector
We’re thrilled to announce that Endace is the proud winner of this year’s ‘One to Watch’ Company award at the 2018 Network Computing Awards.
The black-tie awards ceremony dinner was hosted on Thursday 22nd March by Network Computing at the Radisson Blu Edwardian in Bloomsbury, London.
The win is a testament to the exceptional efforts of our team around the world and reflects the growing recognition of our many business success stories in the UK and beyond.
Network Computing is the UK’s longest established magazine dedicated to network management. With the first ceremony in 2007, Network Computing has been running the awards for 11 years. The ‘One to Watch Company’ award was first introduced in 2016 and has previously been won by TDB Fusion and NBM Technology Solutions.
Congratulations to all the other winners and nominees and thank you to Network Computing for hosting a great evening.
You can learn more about Endace’s network monitoring products, analytics platform, and network packet history recording solutions here.
We’re excited to be returning to Dynatrace Perform this year and will be showcasing our products in the exhibition hall. The show runs from Monday 29th to Wednesday 31st January, and we are a gold sponsor again this year.
Our partner, Dynatrace, is expecting more than 3,000 digital performance experts from across the globe to gather at The Bellagio in Las Vegas – yes that’s the hotel with the famous fountain!
At Perform, attendees will find out what’s new and learn about the latest trends in digital performance management.
The three days will feature a combination of training classes, live speaker sessions and keynotes on a diverse range of topics, including:
Artificial intelligence and the Internet of Things
Cloud innovation and automation
Container and microservices monitoring
DevOps best practices and digital experiences
Unified enterprise monitoring
We really enjoyed last year’s event, where we had a lot of interest from DC RUM users wanting to hear about how EndaceProbes can be used to provide back-in-time analysis of historical performance. This is something that can be accomplished using the Playback function of EndaceProbes – and provides a powerful tool for investigating issues that may have been missed, or unreported when they initially occurred.
This year, we are looking forward to attending some of the sessions by speakers from leading global organizations, such as Microsoft, PayPal, Virgin Money, and Mastercard, to name a few.
If you’re attending Dynatrace Perform this year, stop by and meet the Endace team. We’ll be on-hand showing how Dynatrace’s Agentless Monitoring Device (AMD) can be hosted on EndaceProbe’s in Application Dock, and how by clicking on an alert in the Dynatrace Central Analysis Server (CAS), the packets relating to the alert can instantly be retrieved from EndaceProbes for analysis using Dynatrace Network Analyser (DNA) or Wireshark.
We’ll also be demonstrating how, together, EndaceProbes and Dynatrace’s DC RUM (Data Centre Real User Monitoring) streamline real-time application performance investigations and provide definitive evidence for troubleshooting network and application performance problems. And how EndaceProbes can also host, and integrate with, other analytics applications such as network security or performance monitoring tools.
We look forward to meeting you at Perform and explaining more about how Endace’s technology delivers a unique advantage to DevOps, NetOps, IT Operations and SecOps teams responsible for ensuring the performance, reliability, and security of applications.
Late last month, Paypal announced that TIO Networks, a company it acquired in July 2017, experienced a major data breach that has compromised the sensitive information of approximately 1.6million customers.
While Paypal has publicly acknowledged the breach, which could have occurred any time before it acquired TIO, customers are still unaware of the impact the brief and Paypal has yet to contact customers to notify them of the data that may have been accessed.
However, in a statement Paypal did say it had “identified a potential compromise of personally identifiable information for approximately 1.6 million customers.”
Paypal should be commended for identifying the breach and taking full responsibility. However, introducing free identity theft insurance and credit checks shows us that the information that may have been breached is incredibly sensitive – and could possibly be used to damage a credit rating or for identity theft. Further to this, Paypal has stated that TIO services, “will not be fully restored until [PayPal] are confident in the security of the TIO systems and network” a measure it has taken in order to protect its customers.
For all the work Paypal is doing to address the impact of this breach, it’s interesting to see just how long it has taken to identify and respond to the breach. According to reports, the breach occurred sometime before the acquisition and was announced a full four months later, in November.
TIO Networks and Paypal stand as a message to other companies: the question you’re asking shouldn’t be: will a breach occur? But when will a breach occur or has one occurred?
Recorded Network History lets SecOps teams quickly find, rewind and playback relevant network traffic and investigate security alerts before they turn into more serious breaches . And in the event of a breach like TIO’s, recorded Network History could have also allowed their SecOps team to get ahead of the breach before it was found by Paypal.
For the TIO Networks analysts, the ability to go back and examine the packets to see exactly what happened on their network could have substantially reduced the damage caused by the hackers. And for Paypal, it could have prevented a financial hit.
This breach also highlights the need for cybersecurity audits to be included as a key part of the due-diligence process when companies are looking at potential acquisitions. As we saw with the purchase of Yahoo, the potential cost of dealing with an inherited breach can have a significant impact on the value of the company. Knowing the risk of having to deal with such an inherited breach can help the acquirer to avoid being hit with significant unexpected costs.
With EndaceProbes Network Recorders SecOps teams can investigate and respond to data breaches quickly and conclusively.
In the event of a breach they can be sure exactly what happened: how the attacker got in, and what was compromised. Which means they can respond appropriately – offering credit and identity theft protection to their customers, or not if the breach wasn’t sufficiently serious to warrant it.
Our Summer Internship Programme is back and this year we are pleased to welcome three new interns to the Endace team.
Interns are paired with a mentor and on day one have a team-building exercise (with a little friendly competition). Using only what they can find in the office and their wits and ingenuity, they need to build a race-worthy vehicle that can propel itself across the lunchroom of our Hamilton R&D center.
Endace’s Engineering Managers will judge the event for creativity, innovation and artistic merit. There are two rules: it can’t cause harm to people or property (so no mini tanks, sorry guys) and it can’t use fire in any form (such as for a propellant).
The interns and their mentors have been challenged by the Auckland-team for a rematch at the end of their internship. So, let the games begin!
The Intern Programme
Throughout the next 12 weeks, our interns will be heavily involved with R&D projects that are designed to give them an edge in the technology industry and help shape the future of packet-capture and network monitoring technologies.
They will complete 1,500 hours of project-based R&D work, receive up to 100 dedicated mentoring hours and have the opportunity to prepare formal professional and career development plans.
They’re also given 64 hours of structured training which will give them an overview of running a technology business across different areas – including finance, supply chain, sales and quality control.
The culmination of the 12-week programme is a presentation and shared learning session between the interns and members of the senior leadership team, project managers and their mentors.
Endace is excited to welcome our new team of interns and looking forward to working with them on a number of projects. We are committed to ensuring their internship is a robust experience that supports their innovation, drive and talent development and that it is an experience that they’ll remember fondly. Endace is a committed member of the NZ Tech community.
We are proud of the Endace Internship Programme and see it as a great way to help computer science students and graduates build talent and experience and grow the industry. And it helps demonstrate why Endace is an employer of choice for IT and engineering graduates in New Zealand.
Endace was the proud sponsor of the Royal Navy at the Birmingham International Tattoo 2017.
For those not familiar with the pomp and ceremony of such events, the tattoo is an elaborate celebration of the military. It includes music, advanced drill, dance and, most importantly, a Field Gun competition.
Endace was a previous sponsor of MOD Corsham’s Tri-Service Field Gun Crew, which won the Plate 1 Final at the Royal Navy Royal Marines Charity Field Gun Competition at HMS Collingwood. So when we were invited to be the sole sponsor of the Royal Navy at the 2017 International Tattoo in Birmingham we were thrilled to accept the opportunity to support this highly enjoyable event.
The team from the Royal Navy performed admirably over the two days. Well done to everyone in what was an extremely tough competition!.
Take a look at the video below to see the team in action:
It was an interesting week at SharkFest Europe 2017 this month. The Annual Sharkfest conference ran from 7th-10th November at the rather comfortable Palacio Estoril in Estoril, Portugal. Endace was there and our CTO, Dr. Stephen Donnelly, presented a session on packet capture meta-data.
This was the second Wireshark Europe event and was very well attended, attracting attendees from more than 30 countries. Congratulations to Janice and the team for an excellent event – and we look forward to hearing more about the inaugural Wireshark Asia in due course.
Stephen’s presentation, ‘Augmenting Packet Capture with Contextual Meta-Data: the What, Why & How’, was well received by the audience.
For those who couldn’t make SharkFest, here is a video of the presentation (if you’d like a copy of the full presentation please let us know)
Stephen outlined the importance of retaining context for packet capture files by pointing out that the oft-use line “Packets Don’t Lie” isn’t true if:
You don’t know where they came from
You don’t know if there was packet loss
You don’t know if they’ve been filtered
You don’t know if the time stamps are right
This becomes even important in environments where packet capture is happening in multiple places across a distributed network. Understanding where the packets came from, and what the state of the environment was like at the time, is crucial if you are to draw solid conclusions from examining the packet trace file.
The role of metadata, Stephen argues, is to provide this context. He went on to talk about some of the different types of packet capture metadata and what it can be useful for, outlining three main categories of metadata:
Static metadata: data about things that do not change over time, such as the host name of the system that captured the packets, the speed of the link and so on.
Dynamic metadata: data about environmental conditions that change over time – such as optical power levels or timing accuracy.
Post-capture metadata: data such as user comments, flow information, statistics and annotations from analytics applications that process the captured packet data.
Stephen took a deep dive into three common formats for packet trace files – pcap, pcagng (now the default format in Wireshark) and Provenance™ and approach to writing metadata used in Endace’s Extensible Record Format (ERF) (which is also compatible with Wireshark). The presentation looked at what each offers in terms of recording packet capture metadata and how they go about associating it with packet trace files.
Provenance uses a different approach to writing metadata into packet capture files from either pcap or pcap ng. Provenace is designed to be able to record changing (dynamic data) that may change during the course of a packet capture. It works by writing a Provenance record into the ERF capture file once every second, as the diagram below shows.
One of the use cases for this is recording the accuracy of time stamping information over the course of a packet capture of high-frequency trade data. Under new MiFID 2 regulations which come into force in 2018, traders must record every trade and be able to demonstrate that the recorded trade data is timestamped accurately to a time-source that is synchronized to UTC with a maximum divergence of less than 100 microseconds. Provenance provides an easy way for them to record compliance with this regulatory obligation.
If you have an interesting use case for packet capture metadata (particularly post-capture metadata use cases), we’d love to hear more. Let us know. We see this as a fascinating area for further development.
SharkFest was an excellent opportunity for the Endace team to meet like-minded members of the Wireshark global community, including the original creator of the Wireshark Core Developers, Gerald Combs, and to share knowledge of the best practices in packet analysis.
We’re looking forward to seeing how SharkFest continues to grow in scale and influence, with three SharkFest events taking place in 2018, including the first-ever SharkFest Asia in Singapore.
For all nations attending the Russia World Cup, the risk of hooliganism isn’t the only issue that they face. The World Cup is a hacker’s gold mine, with recent news reporting that the FA is to beef up cybersecurity if England qualifies for Russia World Cup 2018. Given the profile and asset class of the people and teams there—including the USA, France and Spain—who have been burnt by previous cyber-attacks, it will be vital for attending nations to secure their networks.
Whereas other World Cup events have caused concern about the physical safety of players, staff, and spectators, Russia’s World Cup has raised considerable concern about online threats. The football industry is facing huge challenges in defending networks in the build-up to such a global event, and organizations need to have a complete programme of preparedness in the event of a breach.
Preparing for the worst
Events like the World Cup entice criminals, including online hackers and cybercriminals. When it comes to the Russian World Cup, football associations are worried about a specific hacker group, Fancy Bears (which has targeted the FA and Olympics in the past), but the risk is not limited to a single group of cybercriminals.
Football federations around the world have already begun planning for the World Cup, and this year preparing to protect against cybersecurity risks is an essential part of the overall planning process. Some plans have already put in place, including installing anti-hacking software on the phones of players, and ensuring staff and players use the FA Wi-Fi. The US government has banned the use of Kaspersky—a Russian cyber-security software—and it may not be long before other countries or officials follow suit.
So, what could cybercriminals take if they successfully hacked into data at the event? Valuable personal data will be accessible, with players’ personal details, medical records, and performance data, among others, stored online. If these assets are stolen, important information will be at risk of being shared or sold.
However, it isn’t just the players’ confidential data at risk. Spectators and staff are also being advised not to use open Wi-Fi while in Russia, as these networks could put their personal data in jeopardy. The team hotels are now known—although those details are not yet public—so cybercriminals can already begin to plan and set-up cyber traps.
With some guidelines and advice already in place for both players and spectators, federations need to educate themselves on how to safeguard their data, including early warning signs of what to look out for, and how to minimise the impact of an attack if one is detected. Football federations must learn from past scandals, including WADA and IAAF, and introduce technology and skills to reach faster and more certain conclusions when investigating and potential threats or incidents.