Secure Networks: Endace Packet Forensics Files

Threat hunting is a critical cybersecurity activity that is growing in importance and prevalence around the globe.  Are your SOC analysts developing the skills and toolsets they need to enable more efficient and effective threat hunting?  What are the inhibitors your teams face and do you have the right tools and processes in place?In this episode of the Endace Packet Forensic files, Michael Morris talks with Chris Greer of Packet Pioneer.Chris is an experienced protocol analyst and forensics expert. He is a renowned instructor for Wireshark University as well as the host of a popular YouTube channel where he shares insights into threat hunting and demonstrates the importance of understanding how to investigate and resolve issues using packet analysis. In this episode, In this episode, Chris talks about some of the problems or threats you can only see as part of your incident response investigation processes and workflows if you have access to full packet dataFinally, Chris highlights some of the gaps that organizations have in their security stacks that make it hard for them to confirm or deny false positives and how to resolve this visibility issue. He offers recommendations for training and suggests how to improve your organization’s threat-hunting capability.ABOUT ENDACE*****************Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance.Endace’s open EndaceProbe Analytics Platform (https://www.endace.com/endaceprobe) can host 3rd-party analytics solutions while simultaneously recording a 100% accurate history of network activity. EndaceProbes are deployed on some of the world's largest, fastest and most critical networks.

In this episode, Endace's Michael Morris welcomes back Justin Fier, VP Tactical Risk and Response at Darktrace (who was our very first guest in this series almost 40 episodes ago!) to talk about nation-state cyber, where he sees the threats lie, and what organizations can do to better prepare for possible attacks.Justin talks about some of the great work being done by organizations like CISA, and the signs of increased collaboration between nation state defenders as being positive indications that things are moving in the right direction. But there are also significant challenges. Overcoming the slow pace of organizational change, addressing the dearth of skilled cybersecurity professionals, and building the agility to respond to the constantly evolving threat landscape are all major issues that we need to respond to as an industry – whether that’s in government defense or in securing the enterprise.Don't miss this episode!ABOUT ENDACE*****************Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance.Endace’s open EndaceProbe Analytics Platform (https://www.endace.com/endaceprobe) can host 3rd-party analytics solutions while simultaneously recording a 100% accurate history of network activity. EndaceProbes are deployed on some of the world's largest, fastest and most critical networks.

As data growth accelerates and distributed workloads increase, enterprises are prioritising cost efficiency and space minimization in modern datacenters. They are looking to leverage new technologies and use smaller, more cost-efficient appliances to reduce cost and improve efficiency.By architecting infrastructure to prioritize stability and robustness and focusing on reducing carbon footprint, organizations can dramatically reduce power, storage and cooling requirements while also improving efficiency. A win-win outcome.In this podcast, Hakan Holmgren, EVP Sales  at Cubro, talks about how new technologies like Intel barefoot ASICs can accelerate packet processing for cloud datacenters and edge deployments and enable consolidation of infrastructure to reduce cost and minimize environmental impact.ABOUT ENDACE*****************Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance.Endace’s open EndaceProbe Analytics Platform (https://www.endace.com/endaceprobe) can host 3rd-party analytics solutions while simultaneously recording a 100% accurate history of network activity. EndaceProbes are deployed on some of the world's largest, fastest and most critical networks.

In this episode of the Endace Packet Forensic files, Endace's Michael Morris talks with Rick Jenssen, VP of Global Operations for Plixer, who shares his experience into building robust security at scale. Rick recommends some best practices to address the common challenges in delivering resilient security in large environments and talks about ways to address the flood of alarms SOC teams face on a daily basis. He suggests a nice, six-step, iterative approach to continually improving your security position.Finally, Rick reinforces how important the mantra of “practice, practice, practice” is when it comes to preparing your security teams - and the wider organization. Practicing how to investigate, remediate, and respond to potential security breaches makes sure you know what needs to happen in the event of a real crisis and uncovers areas you need to work on to be better prepared.ABOUT ENDACE*****************Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance.Endace’s open EndaceProbe Analytics Platform (https://www.endace.com/endaceprobe) can host 3rd-party analytics solutions while simultaneously recording a 100% accurate history of network activity. EndaceProbes are deployed on some of the world's largest, fastest and most critical networks.

What does it mean to have security at scale?   For large infrastructures with rapid data growth have you maintained or improved your security posture as you have scaled?In this episode of the Endace Packet Forensic files Michael Morris talks with Neil Wilkins, Technical Director for EMEA at Garland Technology, who outlines some of the challenges he sees organizations facing when it comes to maintaining security at scale.  He shares some recommendations and best practices to get on the right path to improve security in large environments.Neil also shares his thoughts on Security Orchestration and Automation Response (SOAR) platforms and how they can help in environments with lots of tools and events and multiple teams trying to manage the cyber security infrastructure. He provides suggestions for rolling out SOAR solutions and highlights some things to avoid to ensure the platform delivers the returns and efficiencies hoped for.ABOUT ENDACE*****************Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance.Endace’s open EndaceProbe Analytics Platform (https://www.endace.com/endaceprobe) can host 3rd-party analytics solutions while simultaneously recording a 100% accurate history of network activity. EndaceProbes are deployed on some of the world's largest, fastest and most critical networks.

What did we learn from the recent Log4J 2 vulnerability? How are security holes like this changing the way organizations think about deploying enterprise software solutions?In this episode of the Endace Packet Forensic files Michael Morris talks with Timothy Wilson-Johnston about the Log4J 2 threat and how it is being exploited in the wild. Timothy shares his thoughts about what Log4J 2 has taught us, and why organizations need to look at the bigger picture:- How can you better defend against vulnerabilities of this type- Why it's so important to closely scrutinize solutions that are deployed – and make sure you have visibility into components that might be included with those solutions.ABOUT ENDACE*****************Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance.Endace’s open EndaceProbe Analytics Platform (https://www.endace.com/endaceprobe) can host 3rd-party analytics solutions while simultaneously recording a 100% accurate history of network activity. EndaceProbes are deployed on some of the world's largest, fastest and most critical networks.

Increasingly the security of Operational Technology (OT) - Industrial Control Systems - is a major focus of concern. These systems are used in many environments across industries such as manufacturing, transportation, energy, critical infrastructure and more, and are a target for both sophisticated, nation-state attackers and cybercriminals .In this episode of the Endace Packet Forensic files Michael Morris talks with Rick Peters, CISO Operational Technology at Fortinet. With a long career in engineering and almost four decades in the US Intelligence community before taking on his role at Fortinet, Rick knows intimately how attackers can target OT systems and has spent many years helping to defend OT systems from cyber attackers. He shares his advice on best practice in securing OT environments and where to start.ABOUT ENDACE*****************Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance.Endace’s open EndaceProbe Analytics Platform (https://www.endace.com/endaceprobe) can host 3rd-party analytics solutions while simultaneously recording a 100% accurate history of network activity. EndaceProbes are deployed on some of the world's largest, fastest and most critical networks.

In this episode of the Endace Packet Forensic files Michael Morris talks with Ron Ross, Fellow at NIST, who shares how cyber security standards are evolving to keep pace with new threats and challenges. Ron highlights where he sees most organizations falling short and the highest priorities they should be addressing. He shares some insights into new standards and recommendations for protecting operational technologies which are becoming an attractive target for threat actors.Finally, Ron talks about the need to move from a mindset of “prevention” to building “resiliency” into your security architecture to stay ahead of cyberthreats.ABOUT ENDACE*****************Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance.Endace’s open EndaceProbe Analytics Platform (https://www.endace.com/endaceprobe) can host 3rd-party analytics solutions while simultaneously recording a 100% accurate history of network activity. EndaceProbes are deployed on some of the world's largest, fastest and most critical networks.

In this episode of the Endace Packet Forensic files Michael Morris talks with Merritt Baer, Principal in the Office of the CISO at AWS, who shares her experience in how to design and build robust, dynamic security at scale. Merritt discusses what security at scale looks like, some of the things that are often missed, and how to protect rapidly evolving hybrid cloud infrastructures.  She highlights some common pitfalls that organizations run into as they shift workloads to cloud providers and how to pivot your SOC teams and tools to ensure you have robust security forensics in place.Finally, Merritt examines how adopting SOAR platforms can help, and things you can do to prevent gaps and breakdowns in your security posture.ABOUT ENDACE*****************Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance.Endace’s open EndaceProbe Analytics Platform (https://www.endace.com/endaceprobe) can host 3rd-party analytics solutions while simultaneously recording a 100% accurate history of network activity. EndaceProbes are deployed on some of the world's largest, fastest and most critical networks.

Modernizing the SOC is one of the latest trends cyber security teams are undertaking to stay current and on a level playing field against today’s threat actors. Whether it is adapting to simply keep up with the volume of threats or implementing AI and ML technologies to find and prevent more sophisticated threat vectors SecOps need to improve and upgrade.In this episode of the Endace Packet Forensic files, Michael Morris talks with seasoned SOC Director, Kamal Khlefat, now Product Manager at LinkShadow, who shares his perspectives on the movement to modernize the SOC.ABOUT ENDACE*****************Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance.Endace’s open EndaceProbe Analytics Platform (https://www.endace.com/endaceprobe) can host 3rd-party analytics solutions while simultaneously recording a 100% accurate history of network activity. EndaceProbes are deployed on some of the world's largest, fastest and most critical networks.