Endace Packet Forensics Files: Episode #59

Original Entry by : Michael Morris

Michael talks to Matt Bromiley about the importance of packet capture in threat hunting and how AI can improve detection and response.

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

With limited network visibility and overwhelming data volumes, organizations struggle to detect and respond to advanced cyber threats.  

In this episode of the Endace Packet Forensics Files, I talk with Matt Bromiley, a veteran in threat hunting and incident response. With over a decade of experience and a role as a SANS instructor, Matt brings a wealth of practical knowledge to our discussion.

Matt highlights the importance of robust detection and response systems before beginning any threat hunt. He explains that even when a hunt doesn’t yield immediate results, the insights gained are invaluable for understanding the security landscape. Matt points out that proactive threat hunting is about deeply understanding network traffic, which offers significant advantages over more traditional reactive approaches.

During our conversation, Matt emphasised network packet data’s critical role in cybersecurity. He describes it as the “glue” that ties together various pieces of evidence, providing a comprehensive view of any potential attack. According to Matt, analyzing decrypted traffic and DNS logs is essential for uncovering hidden threats that might remain undetected.

Matt talks about the challenges of threat hunting, particularly when dealing with large volumes of packet data and navigating legal constraints. He stresses the necessity of having a skilled team and the right tools to manage these challenges effectively. He also shares his insights on the growing role of AI in threat hunting, predicting that it will increasingly help automate routine tasks, freeing up analysts to focus on more complex threats.

Matt’s expertise underscores the importance of a proactive approach, a deep understanding of network data, and the use of the right tools to stay ahead of cyber threats.

Don’t miss this insightful episode, where Matt provides actionable advice for enhancing your threat-hunting capabilities and strengthening your cybersecurity defenses.  

Follow Matt on Linkedin

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.


Endace Packet Forensics Files: Episode #57

Original Entry by : Michael Morris

Michael talks to Ryan Chapman about the growing complexity of ransomware – how to prepare, investigate and respond.

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Ransomware has shifted from simple, isolated attacks to coordinated, human-operated campaigns that target entire organizations.  

In this episode of the Endace Packet Forensics FilesI talk with Ryan Chapman, SANS Instructor and expert in Digital Forensic and Incident Response (DFIR) about these evolving threats.  

Ryan explains how attackers are becoming more methodical and sophisticated, focusing on disabling EDR/XDR solutions to evade detection and leaving organizations vulnerable to advanced attacks.  

One of the key challenges Ryan highlights is visibility. Without robust logging, packet capture, and monitoring tools, it’s nearly impossible to understand how an attack happened fully. Even encrypted traffic can reveal critical patterns if analyzed properly.   

Ryan shares examples of organizations that suffered reinfections because they rushed to restore systems without identifying the original entry point. Packet capture data plays a vital role in pinpointing when and how attackers infiltrated, ensuring a safe recovery and minimizing disruption.  

As ransomware tactics evolve, adopting a Zero-Trust approach is essential. Ryan discusses how limiting permissions and avoiding overly trusting software configurations can help prevent breaches. He cites the Kaseya attack, where some organizations avoided compromise by not blindly whitelisting trusted directories. As attackers increasingly use legitimate tools, verifying all network activity and following least privilege principles are critical defenses.   

Don’t miss this insightful episode, where Ryan provides actionable advice for preparing your organization against today’s ransomware threats.  

Follow Ryan on Linkedin

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.


Endace Packet Forensics Files: Episode #56

Original Entry by : Michael Morris

Michael talks to Cary Wright about why security certifications such as FIPS, NIAP, and DoD APL are important across industries.

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

In this episode of the Endace Packet Forensics Files, I talk with Cary Wright, VP, Product at Endace about the importance and impact of Federal security certifications such as FIPS, NIAP, and DoD APL  to ensure the robust security of cybersecurity tools.

Although these standards are primarily applied in Federal Government, the rigorous testing that products must undergo to be compliant is extensive.  Regardless of your industry, you can be confident that products certified to these standards are robust and have been thoroughly tested and scrutinized.

Cary explores the detailed testing procedures these certifications entail and their role in enhancing network device security. The standards are continuously updated to ensure that they continue to address new cybersecurity challenges that emerge. We discuss the relevance of these standards for Government and Defense sectors as well as how they can provide surety for large enterprises looking to improve their security measures.

Cary explains what these certifications test in order to validate cybersecurity tools’ encryption strength and overall security robustness. He also talks about the challenges and costs to manufacturers of achieving these standards, and the real-world benefits this testing delivers – such as improved protocol security.

Don’t miss this episode as Cary provides valuable insights into the impact of Federal security certifications and the critical role they play in helping ensure best practices in  cybersecurity.

Follow Cary on Linkedin

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.