Endace Packet Forensics Files: Episode #51

Original Entry by : Michael Morris

In this episode, Michael talks to Eric Buchaus, Director of Sales at Niagara Networks

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Are SPAN ports sufficient to provide network traffic visibility for high-quality security (NDR) and network (NPM) investigations? What about cloud workloads?  What do you need to gain insights into cloud network activity?

In this episode of the Endace Packet Forensic Files, I talk with Eric Buchaus, Director of Sales at Niagara Networks. Eric outlines potential pitfalls and challenges associated with SPAN ports and highlights situations where they may fall short for network and security analysts.

Eric walks us through some alternative options, discussing the merits of network TAPS, network packet brokers, and in-line bypass solutions which can offer NoC / SoC teams more reliable, efficient, and scalable ways to get network packet data to the right tools in large-scale and complex environments.  He discusses some of the specific challenges of network visibility in cloud infrastructures and suggests some practical ways to overcome these obstacles.

Eric suggests things organizations should consider when exploring different packet brokers or TAP vendors and outlines the management and scrutiny that needs to be applied to encrypted traffic to achieve in-depth visibility securely.

Finally, Eric talks about how TAPs and packet brokers can help in dynamic SDN environments with high traffic volumes. He emphasizes why they are important for organizations looking to implement zero-trust infrastructures – particularly environments with many walled gardens and lots of VLANs for IOT/IOTM devices and technologies.

Don’t miss this informative episode as Eric demystifies the complexities of network visibility and supplies some valuable guidance for navigating the challenges posed by evolving network landscapes.

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.


Combining Endace and Elastic delivers detailed visibility into real-time and historical network activity

Original Entry by : Cary Wright

By Cary Wright, VP Product Management, Endace


Cary Wright, VP Product Management, Endace

We’re pleased to announce our newest technical partnership with leading SIEM and observability platform provider, Elastic. By combining together EndaceProbe™ always-on Hybrid Cloud packet capture, Elastic™ Stack and Elastic™ Security, we’re providing the packet-level network visibility and detailed network metadata that Security and IT teams need when responding to security threats and network or application performance issues.

How Do We Work Together?

By combining Endace and Elastic Stack, organizations gain accurate, highly detailed visibility into both real-time and historical network activity. Security and IT analysts can search network metadata in Elastic, and quickly pivot to full packet data for forensic investigations when they need to. The result is faster, more accurate incident investigation and resolution. The combination of Elastic Stack and EndaceProbe gives cybersecurity and IT teams the ability to see exactly what’s happening on their network in real-time. EndaceProbes can record weeks or months of full packet capture across hybrid cloud networks to provide a complete and accurate record of all network activity. The detailed full packet capture data recorded by EndaceProbes is a perfect complement to the rich logs and metadata collected by Elastic Stack. When analysts need to go back-in-time to investigate any incident they have a complete record of that activity at their fingertips. Beyond this, the ability to pivot from anomalies or security alerts directly to forensic examination of packet-level data lets analysts see exactly what’s happening. They can quickly respond to incidents and dramatically mitigate threat risk to their organizations.

EndaceFlow and Elastic Stack

In addition, EndaceProbe appliances can host EndaceFlow™, which generates extremely high-fidelity NetFlow data at full line rate. This NetFlow data can be ingested by Elastic Stack to provide detailed metadata for monitoring the security and performance of the network and interrogating network activity. Pre-built integration between EndaceProbes and Elastic Stack enables streamlined investigation workflows. Analysts can click on alerts in the Elastic UI to go directly to the related full packet data recorded by EndaceProbe. Analysts can quickly view traffic right down to individual packet level to see precisely what occurred before, during and after any event, with absolute certainty.

For more information about our Fusion Partner integrations, please visit www.endace.com/fusion-partners.

To see a demonstration of this Elastic Security integration in action please visit the Elastic partner page at https://www.endace.com/elastic-security.


Introducing EndaceProbe Cloud

Original Entry by : Cary Wright

Scalable Packet Capture for Hybrid Cloud

By Cary Wright, VP Product Management, Endace


Cary Wright, VP Product Management, Endace

The rapid growth of cloud vulnerabilities, hijacked cloud credentials, APTs targeting cloud, and lack of network layer visibility in cloud has made one thing clear: recorded network packet data is just as essential in the cloud as it is in physical networks. 

Enterprises know the value of our packet capture solutions, and they have told us they need the power of packets in the cloud as well. In many cases, they have moved – or plan to move – workloads to the cloud but have been hampered by an inability to gain the same visibility into activity in their public cloud infrastructure as they are used to relying on in on-premise environments.

Leveraging our 20-plus years of experience in delivering accurate, reliable packet capture for some of the world’s largest organizations, Endace developed EndaceProbe Cloud as the first truly scalable, enterprise-class solution for providing always-on packet capture in public cloud environments.

Unlike many solutions on the market, we’ve done it in a way that scales easily and delivers truly unified visibility that lets security, network and IT teams analyze packet data from across hybrid cloud and multi-cloud environments quickly and easily from a central console. 

EndaceProbe Cloud delivers packet-level visibility for public cloud that is critical for threat hunting, incident response and performance management in those environments. It operates seamlessly with EndaceProbe hardware appliances to deliver always-on packet capture across on-premise, private and public cloud infrastructure, to provide unified visibility across the entire network.

See it in Action

The demo below shows how easy it is to quickly search for packet data across a multi-cloud – AWS and Azure – environment, recreate files from packet data and drill-in to analyze the full packets. All from a single console.

EndaceProbe Cloud is a full-featured EndaceProbe, purpose-built for deployment in AWS and Microsoft Azure environments that provides the following benefits to customers in cloud and hybrid cloud environments:  

    • Continuous, zero-loss, packet capture in public and hybrid cloud environments that provides weeks or months of visibility 
    • A unified console for fast global search and analysis across on-premise, private and public cloud environments.  
    • Full visibility into North-South and East-West traffic 
    • Secure packet storage within the customers’ own virtual network or virtual private cloud (VPC). 
    • Powerful traffic analysis and investigation tools including file extraction, log generation, and hosted Wireshark™ 
    • Seamless workflow integration with an open API and strong ecosystem of third-party network and security tools (https://www.endace.com/fusion-partners) 
    • Subscription-based pricing that offers flexibility and scalability  

EndaceProbe Cloud complements Endace’s hardware appliances to provide unified and seamless visibility across the entire network.

 

 

Endace Packet Forensics Files: Episode #5

Original Entry by : Michael Morris

Michael talks to Gerard Martir, Network Solutions Team Specialist at Keysight Technologies

By Michael Morris, Director of Global Business Development, Endace


Michael Morris, Director of Global Business Development, Endace

Tune in for the latest episode of our Endace Packet Forensic Files Vidcast/Podcast series with this week’s special guest Gerard Martir, Network Solutions Team Specialist for KeySight Technologies.

Gerard’s years of experience in the telecom space give him great insight as to how carriers are addressing cybersecurity along with how the roll out 5G will deliver better performance and tighter security.

Gerard talks about some of the adjustments telecom providers are making in the era of the global pandemic and the changing priorities cause by massive shifts to remote workforces across the globe. He also provides insight into some of the technology best practices carriers are implementing to ensure performance, resiliency and security across their cutting-edge networks.

Other episodes in the Secure Networks video/audio podcast series are available here.


On decreasing incident response time

Original Entry by : Boni Bruno

Seems like security incidents are occurring more often with mild to significant impact on consumers and various organizations, such as Target and Sony.

Referring to the Verizon Data Breach Report year after year confirms that incident response times to such incidents are increasing, rather than decreasing, with root cause identification of the problems not occurring for months after the security incident in many cases. This can cause a pessimistic view among many security teams, however, there are a lot of good things happening in the security space that I want to share with you.

Continue reading “On decreasing incident response time”


Network (In)Visibility Leads to IT Blame Game

Original Entry by : Mike Heumann

Significant changes in the structure and use of IT, including such seismic trends as Bring Your Own Device (BYOD), virtualization and cloud computing, have introduced new challenges to IT administrators and staff. Added layers of complexity require new skill sets and knowledge bases as well as tools to effectively run a modern enterprise network. This raises a few questions about how IT teams are coping with the changes.

Continue reading “Network (In)Visibility Leads to IT Blame Game”


Dynatrace-Endace Partnership Enhances AA-NPM with EndaceProbe

Original Entry by : Mike Heumann

While at Cisco Live today, I was struck by the traffic patterns on the show floor.  Wherever there was a traffic jam, it seemed as though it was caused by a few people walking slower than everyone else, or by a momentary obstruction that halted traffic.  Enterprise networks share many of the same attributes (and problems) that show floors do in that respect.  The part that makes it worse for enterprise networks (vs. show floors) is that there are mission-critical applications that run on top of these networks.  When networks have performance issues (even momentary ones), the impact on these applications can be catastrophic.

Continue reading “Dynatrace-Endace Partnership Enhances AA-NPM with EndaceProbe”


Endace Network Visibility Solutions Part of InteropNet at Interop 2014!

Original Entry by : Barry Shaw

As Interop once again draws near, the InteropNet infrastructure stands ready and waiting to provide critical connectivity to the thousands of visitors and hundreds of exhibitors who attend the show.  Each year, InteropNet is provided by a dedicated band of volunteer vendors, whose preparation starts early in February at the UBM hot stage. There, the network is designed, constructed and tested, so that it is ready to be shipped to Las Vegas in time to provide the network for Interop. Each year, the team reviews the latest technology to determine what is needed to provide a state of the art network that can showcase emergent trends in the networking space.

Continue reading “Endace Network Visibility Solutions Part of InteropNet at Interop 2014!”