Endace 2023/24 Internship Program concludes another successful year

Original Entry by : Katrina Schollum

By Katrina Schollum, HR Manager, Endace


Our six interns for the Summer 2021/22 Internship Program joined us in our R&D centre in Hamilton, and recently concluded their 12-week program. Our Internship Program saw them working on individual, commercially relevant projects with the support of their managers and mentors. We are pleased to say it was another highly successful year!

Project Showcase

The Internship Program concluded with each intern presenting their individual projects to an audience. This year, the audience included Endace team members from five countries: project managers and mentors as well as all the members of our Senior Leadership Team. We were also very happy to welcome faculty members from the University of Waikato, continuing our strong link with the Endace origin story.

Stuart Wilson CEO and 2023/24 Endace InternsThe interns gave an overview of their projects and the specific challenges they aimed to address. They discussed the design of their solutions, implementation challenges they had faced, and also demonstrated their solutions in action. They concluded by outlining how these projects could be applied – and potentially extended further – in the future. At the end of each presentation, audience members had an opportunity to ask questions and delve deeper into the outcomes of the projects.

Highlights of the Program

Throughout Endace’s structured Internship Program, interns hone their technical skills and practically apply their university knowledge. Beyond acquiring technical skills, our interns also have an opportunity to gain an understanding of all the different areas of Endace’s business – from sales and marketing, to finance and operations. They also get to develop their communication and organisational skills by interacting with members of the Endace team from all engineering departments.

The interns are supported throughout the Internship Program by individual managers and mentors. They observe how teams work together cohesively in an environment where ideas are respected and individuals are trusted to do excellent work. It was fantastic to see these learnings reflected in the intern’s final presentations.

Our managers and mentors also benefit hugely from the Internship Program – which provides a great opportunity to build leadership skills in their intern support roles and gives them the satisfaction of seeing the impact of sharing their expertise.

Following the presentations, Stuart Wilson, Endace’s CEO, summed up everybody’s thoughts when he said, “It constantly amazes me how much interns can achieve in a relatively short period of time!” He emphasised the importance of Endace’s determination that intern projects should be real, commercially-focused projects – and talked about how the intern projects have helped shape product improvement, automation, scaling our testing environments and enhancing customer experience for Endace.

Garima Bhatia, QA Manager, said “The Endace Internship Program helps us see university students grow into confident, professional engineers.  Not only do they learn industry standards, tools and security aspects of software development but the confidence and pride with which they showcase their work is really satisfying to watch.”

At Endace we are proud of our interns’ achievements thus far and look forward to following their future accomplishments in the industry. As we conclude another successful program we now look forward to the next round in Spring, bringing in further perspectives, learning and career development to Endace.


Endace Packet Forensics Files: Episode #52

Original Entry by : Michael Morris

Michael talks to Tiktok influencer Caitlin Sarian, CEO of Cybersecurity Girl

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

In this episode, I talk with to Tiktok and Instagram influencer Caitlin Sarian, CEO of Cybersecurity Girl, who discusses her journey into the cybersecurity field and her mission to break down stigmas surrounding the industry.

Emphasizing the importance of a love for learning and problem-solving over coding skills, Caitlin encourages individuals to explore diverse paths within cybersecurity, ranging from technical roles like ethical hacking to non-technical roles in data privacy.

The conversation highlights the need for continuous learning in the rapidly evolving cybersecurity landscape, with Caitlin recommending various channels for staying updated, including news alerts, newsletters, and professional groups. She addresses common misconceptions about coding requirements, debunking the idea that a specific educational background is essential, and stresses the value of gaining practical experience and obtaining certifications tailored to one’s chosen specialization.

Finally, Caitlin highlights the importance of advocating for diversity and inclusivity in cybersecurity. She emphasizes the need for mentorship, role models, and a supportive company culture to encourage women and minorities to enter and thrive in the industry. You won’t want to miss this episode if you’re looking for valuable insights about a career in cybersecurity. 

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.


Endace Packet Forensics Files: Episode #51

Original Entry by : Michael Morris

In this episode, Michael talks to Eric Buchaus, Director of Sales at Niagara Networks

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Are SPAN ports sufficient to provide network traffic visibility for high-quality security (NDR) and network (NPM) investigations? What about cloud workloads?  What do you need to gain insights into cloud network activity?

In this episode of the Endace Packet Forensic Files, I talk with Eric Buchaus, Director of Sales at Niagara Networks. Eric outlines potential pitfalls and challenges associated with SPAN ports and highlights situations where they may fall short for network and security analysts.

Eric walks us through some alternative options, discussing the merits of network TAPS, network packet brokers, and in-line bypass solutions which can offer NoC / SoC teams more reliable, efficient, and scalable ways to get network packet data to the right tools in large-scale and complex environments.  He discusses some of the specific challenges of network visibility in cloud infrastructures and suggests some practical ways to overcome these obstacles.

Eric suggests things organizations should consider when exploring different packet brokers or TAP vendors and outlines the management and scrutiny that needs to be applied to encrypted traffic to achieve in-depth visibility securely.

Finally, Eric talks about how TAPs and packet brokers can help in dynamic SDN environments with high traffic volumes. He emphasizes why they are important for organizations looking to implement zero-trust infrastructures – particularly environments with many walled gardens and lots of VLANs for IOT/IOTM devices and technologies.

Don’t miss this informative episode as Eric demystifies the complexities of network visibility and supplies some valuable guidance for navigating the challenges posed by evolving network landscapes.

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.


Endace 2023/24 Internship Program Kicks Off

Original Entry by : Katrina Schollum

By Katrina Schollum, HR Manager, Endace


The Endace Summer Internship Program has kicked off for another year, following a record amount of interest.  We recently welcomed six interns to our R&D centre in Hamilton, NZ, who will spend 12 weeks working on individual projects.

We look forward to seeing what this year’s interns can learn and achieve.

Induction Day

The first day of our internship program offers interns an opportunity to gain an understanding of what it’s like to be an Endace team member and to acquaint themselves with their individual mentors. From engaging in a conversation with our CEO, Stuart Wilson, to participating in a networking lunch and team-building activities, there was a lot to learn.

One of our new mentors, Al Edgar, IT Security Manager, said, “It’s awesome to be involved in our Intern program and to witness that we are providing young, talented individuals with a great opportunity to learn from the Endace team. You could practically sense the excitement radiating from our interns during the Induction day.”

By the end of the day, interns departed with a clear sense of their projects and an understanding of what will be required to accomplish them in our structured and supportive program.

Our Program

Over 13 weeks, the intern program focuses on commercially relevant individual projects and provides structured training, including lunch-and-learns to introduce interns to various areas of the business such as finance, HR, marketing, and operations, creating a well-rounded experience. The program culminates with interns delivering presentations at a shared learning session involving their mentors, members of the senior leadership team, and project managers.

The Endace Internship Program is an excellent way to assist computer science students and graduates in building talent and gaining experience to contribute to the industry. It also serves as a platform for showcasing Endace as an employer of choice for IT and engineering graduates in New Zealand, with our continued ties to tertiary education. Our intentional, hands-on learning approach with commercially relevant projects provides a fantastic opportunity for interns to kick-start their careers.


Endace Packet Forensics Files: Episode #50

Original Entry by : Michael Morris

In our 50th Episode, Michael talks to Martyn Crew, Senior Director, Solutions Marketing and Partner Technologies at Gigamon

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

It’s my pleasure to welcome Martyn Crew from Gigamon for this 50th Episode of the Packet Forensics Files. It’s a great milestone to have reached, and the series continues to grow in popularity – thanks to people like Martyn who have joined me to share their valuable expertise and advice.

In this episode Martyn, a 30-year veteran in the cyber security and network management space shares his expertise on the limitations and risks associated with exclusively using log and meta-data as the primary resources for your security team’s investigations. He discusses various use cases where network traffic and full packet data can play a crucial role in security investigations, highlighting the potential oversights that could occur when you rely solely on log data.

We talk about how to address the scalability challenges of leveraging full-packet data and delve into the storage and retention obstacles that many organizations fear when looking at solution options.

Finally, Martyn suggests how to balance the telemetry sources and costs for your SOC team, and shares some key considerations for maintaining visibility in your hybrid cloud infrastructure encompassing both on-prem and public or private cloud environments.

.

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.


Endace Packet Forensics Files: Episode #49

Original Entry by : Michael Morris

Michael talks to ICS and SCADA security expert, Lionel Jacobs

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

In this episode, Michael talks to Lionel Jacobs, Senior Partner Engineer, ICS and SCADA security expert, at Palo Alto Networks. Lionel draws on his more than 25 years of experience in OT (Operational Technology) and almost a decade at Palo Alto Networks in discussing some of the challenges of securing OT, IoT and critical infrastructure from cyberattack.

Lionel talks about some of the unique challenges that OT systems present for security teams and why being prepared to defend against attacks on critical infrastructure is so crucial.

Nation-state actors obviously see critical infrastructure as a prime target for attacks. But so too do criminal actors who see critical infrastructure operators as potentially more vulnerable to extortion than other targets.

Lionel discusses the role of Zero Trust and limited access zoning in reducing the risk of attackers expanding their ability to move from OT environments into the enterprise network. Carefully mapping the network and assets and understanding the requirements for access between different areas of the infrastructure is key to this. Often legacy OT devices and control systems can’t be easily patched so placing these elements into a security zone with a remediating factor between that zone and other parts of the network is the only feasible way to protect them from attack.

Lionel talks about the challenge of detecting attacks in OT environments, how to spot unusual activity, and the importance of having a reference baseline to compare against. He highlights the importance of packet data in providing insight into what is happening on OT networks.

Lionel also stresses the importance of close collaboration between OT security teams and the operators of OT networks. It’s crucial to ensure that the safe and effective operation of critical infrastructure isn’t adversely impacted by security teams that don’t understand the operational processes and procedures that are designed to ensure the safety of the plant and the people that work there.

Lastly, Lionel reiterates the importance of gathering reliable evidence, and enabling security analysts to quickly get to the evidence that’s pertinent to their investigation. It’s not just about collecting data, but about making sure that data is relevant and easy to access.

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.


Combining Endace and Elastic delivers detailed visibility into real-time and historical network activity

Original Entry by : Cary Wright

By Cary Wright, VP Product Management, Endace


Cary Wright, VP Product Management, Endace

We’re pleased to announce our newest technical partnership with leading SIEM and observability platform provider, Elastic. By combining together EndaceProbe™ always-on Hybrid Cloud packet capture, Elastic™ Stack and Elastic™ Security, we’re providing the packet-level network visibility and detailed network metadata that Security and IT teams need when responding to security threats and network or application performance issues.

How Do We Work Together?

By combining Endace and Elastic Stack, organizations gain accurate, highly detailed visibility into both real-time and historical network activity. Security and IT analysts can search network metadata in Elastic, and quickly pivot to full packet data for forensic investigations when they need to. The result is faster, more accurate incident investigation and resolution. The combination of Elastic Stack and EndaceProbe gives cybersecurity and IT teams the ability to see exactly what’s happening on their network in real-time. EndaceProbes can record weeks or months of full packet capture across hybrid cloud networks to provide a complete and accurate record of all network activity. The detailed full packet capture data recorded by EndaceProbes is a perfect complement to the rich logs and metadata collected by Elastic Stack. When analysts need to go back-in-time to investigate any incident they have a complete record of that activity at their fingertips. Beyond this, the ability to pivot from anomalies or security alerts directly to forensic examination of packet-level data lets analysts see exactly what’s happening. They can quickly respond to incidents and dramatically mitigate threat risk to their organizations.

EndaceFlow and Elastic Stack

In addition, EndaceProbe appliances can host EndaceFlow™, which generates extremely high-fidelity NetFlow data at full line rate. This NetFlow data can be ingested by Elastic Stack to provide detailed metadata for monitoring the security and performance of the network and interrogating network activity. Pre-built integration between EndaceProbes and Elastic Stack enables streamlined investigation workflows. Analysts can click on alerts in the Elastic UI to go directly to the related full packet data recorded by EndaceProbe. Analysts can quickly view traffic right down to individual packet level to see precisely what occurred before, during and after any event, with absolute certainty.

For more information about our Fusion Partner integrations, please visit www.endace.com/fusion-partners.

To see a demonstration of this Elastic Security integration in action please visit the Elastic partner page at https://www.endace.com/elastic-security.


Endace Packet Forensics Files: Episode #48

Original Entry by : Michael Morris

Michael talks to Endace’s IT Security Manager, Al Edgar.

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, EndaceIn this Episode of Packet Forensics Files, I ask Al Edgar, former Information Security Manager for Health Alliance – and now IT Security Manager at Endace – about some of the important areas a security leader needs to focus on and what new challenges they are facing.

Firstly, Al says, it’s important to take an holistic approach to cybersecurity, by looking at the three critical components for robust security: people, processes, and technology. He stresses the importance of Incident Response planning and why it’s so critical to define clear objectives, roles, and responsibilities as part of the plan.

In order to stay ahead of emerging threats, Al says keeping up-to-date with cybersecurity trends is crucial. He recommends subscribing to cyber blogs, leveraging threat intelligence feeds, and mapping threat intelligence against your organizational infrastructure. He also highlights the importance of having a plan for managing third-party vendor risk.

Al provides some valuable recommendations on where to start to ensure a more robust security posture, including maintaining a centralized inventory, conducting thorough risk assessments, cataloging and categorizing risks, and incorporating appropriate security clauses into contracts with suppliers and partners.

Cybersecurity awareness training is another critical area, Al says. His view is that it’s the responsibility of every individual in an organization to prioritize cybersecurity but he highlights the importance of support and training to enable them do this effectively.

Lastly, Al talks about future cybersecurity threats, and calls out the potential risks associated with the weaponization of AI technology. He highlights the need for caution when sharing information with AI systems, reminding us to be mindful of potential privacy breaches and the risk that sensitive IP or data disclosed to AI tools may be misused or insufficiently protected.

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.