Black Hat Europe 2017: Where the Best Minds in Cybersecurity Meet

Original Entry by : Leah Jones

Christmas and New Year may be approaching fast, but the ever-changing and unpredictable world of Information Security continues at full speed.

From the 4th-7th of December, we’ll be exhibiting at Black Hat Europe at the ExCel, London.

Attended by cybersecurity professionals and enthusiasts from around the world, Black Hat Europe 2017 will bring the best and brightest in the industry together to share information on the latest research, developments and trends.

We’ll be at our at stand (booth 201) throughout the event to answer questions and to share thoughts and ideas with attendees, particularly on the major breaches of recent years and the impending GDPR legislation. With the May 2018 deadline not far away, organizations need to be aware of how to respond to potential data breaches quickly or face hefty fines if they are inadequately prepared.

Some of the major breaches that we’ll be discussing include:

  • Equifax, a victim of one of the largest hacks in recent memory. The company took two months to admit that the breach had taken place. Post-GDPR, Equifax would need to reduce their identification and reporting time from two months to just 72 hours.
  • Deloitte, where a cyberattack on the company’s Azure-hosted email server’s administration account resulted in confidential documents and emails being stolen. To prepare for GDPR, cloud providers need to prioritize network visibility, something that current cloud software structures often hinder.
  • TalkTalk, which announced in 2015 that a breach had taken place, erred on the side of caution by “over-reporting”, later discovering the breach was not as bad as first thought. Under GDPR, more companies may be inclined to over-report, given potential fines of up to 4% of their global revenue for under-reporting. In a post-GDPR world, precision in post-breach analysis and forensics is essential.

We’ll be demonstrating how our EndaceProbe Network Recorders can be integrated with security tools from partners like Cisco, Splunk, Plixer and Palo Alto Networks to accelerate the investigation of security alerts and help companies to identify and respond to intrusions before they can escalate into a major breach.

We’ll also be talking to attendees about why recording their network traffic provides the only truly reliable evidence for conclusively determining the cause and scope of security intrusions and breaches.

Attending Black Hat London 2017 and want to learn more about Endace? Visit our exhibition at booth 201 and meet our team. If you’re unable to attend Black Hat, visit our website to learn more about Endace and our EndaceProbe Network Recorders . Or follow us on Twitter or LinkedIn


NEW: EndaceProbe 114 Branch Office Network Recorders

Original Entry by : Endace

Launching at Black Hat this week, the EndaceProbe 114 is purpose-built for deployment in remote locations or branch offices. It offers the same 100% accurate recording, centralized management data mining and retrieval and application hosting as the rest of the EndaceProbe family but comes in a compact, short-depth format that makes it ideal for deployment in branch offices.

The EndaceProbe 114 allows organizations to cost-effectively extend their network visibility right out to the network edge and eradicate the blind spots that can make branch office locations an attractive target for attackers.


EndaceProbe 9000-XS: Industry-leading storage density provides extended back-in-time network history for forensic analysis

Original Entry by : Endace

With up to 192TB of storage per appliance, the new EndaceProbe™ 9000-XS series network recorders provide a highly scalable network recording solution, offering Petabytes of clustered and/or distributed storage capable of storing weeks, or months, of network history.

The massive storage of the 9000-XS EndaceProbes makes them an ideal choice as always-on recorders capturing a detailed history of network activity for forensic analysis of data breaches and speeding up the investigation and resolution of network security or performance issues.

See our press release about the new XS series and check out the complete range of EndaceProbe 100% accurate, high-speed network recorders.

Or download the EndaceProbe 9000 series datasheet.


Finding session-related problems using EndaceVision

Original Entry by : Endace

Network monitoring tends to focus heavily on bandwidth, addressing the question, “Do I have the capacity to carry the traffic that my business requires?” Capacity, however, must include session count and lifecycle, which are often overlooked until they become a problem. That’s why EndaceVisionTM 6.0 Network Visibility Software has added two new tools to deal with sessions: TCP Flags view and client/server breakdown.

Continue reading “Finding session-related problems using EndaceVision”


Improving network monitoring performance with the next generation EndaceProbes

Original Entry by : Erez Birenzwig

When the current EndaceProbe® Network Recorder product range was introduced more than five years ago, most enterprise networks were only starting to think about upgrading to 10Gb Ethernet (10GbE) speeds.  Since then, most IT departments use 10GbE in their core, 1GbE to the desktop and laptop has become standard, and many are organizations are looking to move up to 25GbE, 40GbE or higher speeds.  At the time, EndaceProbes were the highest performing and most reliable network packet capture device available, helping our customers migrate their monitoring from 1GbE to 10GbE.  In the same way that we enabled that migration, we are now introducing the next generation of network recording products as enterprises incorporate higher network speeds.

Continue reading “Improving network monitoring performance with the next generation EndaceProbes”


User and device attribution comes to EndaceVision: Empowering network and security incident analysis

Original Entry by : Barry Shaw

We’ve all heard that the application is now the network. This paradigm shift moved us from the simple port-based definition of applications that was prevalent up until the end of the last decade, to the more awkward reality that applications are much more complex and no longer conformed to such a simple scheme. For network operators, understanding the applications on the networks was paramount and Endace responded to this by incorporating deep packet inspection (DPI) technology into its EndaceProbeTM Network Recorders in 2012.

Continue reading “User and device attribution comes to EndaceVision: Empowering network and security incident analysis”


Playing a hunch with confidence with the latest EndaceProbe software release 5.2

Original Entry by : Andy Summers

In the world of mission-critical networks, the very idea that you may be ‘playing a hunch’ when it comes to investigating a service-affecting issue likely would be met with utter derision. The pressure is to provide confident answers to critical questions; what happened, who was affected and how long will it take to resolve. This can be daunting especially when the air is thick with accusations and the ‘interested parties’ trending towards ‘C-level’ can be insurmountable.

Of course, the truth is that playing educated hunches lies at the very heart of network troubleshooting.  It is only after following and discarding a number of possibilities that you can exonerate yourself in what is known as the mean-time-to-innocence.

Continue reading “Playing a hunch with confidence with the latest EndaceProbe software release 5.2”


Are your systems safe against the Heartbleed bug?

Original Entry by : Endace

On April 7, the “Heartbleed” bug was announced.  It’s a serious flaw in the OpenSSL 1.0 – 1.0.1 code series which affects all applications using it for encryption.  In short, it means that anyone who can connect to the server can remotely read the server’s memory – including the SSL certificate secret key, usernames and passwords, and anything else.

With the Heartbleed bug exploit code in the wild,  anyone can take advantage of the critical time between public exposure of the exploit and when all organizations can patch (or take offline) vulnerable systems.  So, for almost every organization in the world, there are three questions that come to mind. The first question is “which of my public facing servers is vulnerable?”  The second question is “have I been exploited since this became public?”  And the third question is “what have I lost?”

The EndaceProbe™ Network Recorder helps answer all three questions.

Continue reading “Are your systems safe against the Heartbleed bug?”


Starting 2014 with a bang (and a new EndaceProbe release)!

Original Entry by : Endace

The beginning of any new year is the perfect time to build upon the positive momentum of its predecessor and what better way to start than with the new EndaceProbe™ Network Recorder EP5.1.3 release which does exactly that!

Whilst there’s too much to cover in this blog alone, I’ve focused on some of the key additions to our network visibility tool EndaceVision ™ to give a flavour of the new capabilities that this release brings.

Continue reading “Starting 2014 with a bang (and a new EndaceProbe release)!”


DDoS Attacks on Port 0 – Does it mean what you think it does?

Original Entry by : Tom Jones

Network monitoring best practice includes watching the latest trends not only in your own network, but also in other networks across the Internet. Fortunately, there are some great companies out there tracking what’s happening and issuing periodic reports to keep the rest of us up to speed.

I was very interested to read the recent report from Arbor Networks with the Q2 DDoS (distributed denial of service) attack data collated through their ATLAS Internet monitoring system. The report highlights a 43% increase in attacks from the same period in 2012.

Continue reading “DDoS Attacks on Port 0 – Does it mean what you think it does?”