Secure Networks: Endace Packet Forensics Files

In this episode of the @Endace Packet Forensics Files, I talk to Jean-Paul Bergeaux, Federal CTO at GuidePoint Security.  We unravel the complex world of federal cybersecurity and discuss the critical importance of certifications, the game-changing M-21-31 directives, and how packet capture data is revolutionizing threat detection. We also uncover the potential risks and opportunities presented by generative AI in the cybersecurity landscape. From SolarWinds lessons to the emerging generative AI challenge, Jean-Paul provides unprecedented insights into how government agencies fight to stay ahead of sophisticated cyber threats. This episode offers a must-watch deep dive into the frontlines of digital defense.ABOUT ENDACE *****************Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance. EndaceProbes are deployed on some of the world's largest, fastest and most critical networks. EndaceProbe models are available for on-premise, private cloud and public cloud deployments - delivering complete hybrid cloud visibility from a 'single-pane-of-glass'.Endace's open EndaceProbe Analytics appliances (https://www.endace.com/endaceprobe) can be deployed in on-prem locations and can also host third-party security and performance monitoring solutions while simultaneously recording a 100% accurate history of network activity.

How Generative AI and Machine Learning are Revolutionizing CybersecurityIn this episode of the Endace Packet Forensic Files, Michael Morris explores how advanced technologies like AI and machine learning are transforming security operations with James Spiteri. With extensive experience in cybersecurity and security operations, including leading SOC teams and developing innovative solutions for AI and machine learning, James offers unparalleled insights.He delves into the growing sophistication of nation-state threats, the critical role of SIEM tools, and how AI-driven insights are enabling faster, smarter threat detection by prioritizing critical alerts, automating mundane tasks, analyzing complex data patterns, and operationalizing unstructured threat intelligence in real-time.Don't miss this insightful episode, where James shares expert tips on leveraging cutting-edge technology to strengthen your cybersecurity defenses and stay ahead of evolving threats.ABOUT ENDACE*****************Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance.For more than two decades, Endace has revolutionized enterprise-class, always-on packet capture. The scalable EndaceProbe Analytics Platform (https://www.endace.com/endaceprobe) delivers deep, unified visibility across on-premise, private, and public cloud networks. Get to forensic evidence quickly, with rapid search and powerful tool integration. Protect your network and accelerate investigation and response with Endace.

Unlock the Power of Network Packet Data in CybersecurityIn this episode of the Endace Packet Forensics Files, Michael Morris dives into the critical role of network packet data in cybersecurity with Matt Bromiley, a seasoned threat-hunting expert. Matt shares why robust detection systems and proactive threat hunting are essential, and how network data serves as the “glue” that ties together evidence in cybersecurity investigations.The challenges of managing large data volumes, the growing role of AI in threat detection, and the tools needed to stay ahead of emerging threats are explored. Matt provides practical steps to seamlessly integrate packet capture into a threat-hunting toolkit, enabling teams to uncover and respond to even the most elusive threats.Matt emphasizes the importance of implementing a comprehensive packet capture strategy and using advanced tools, including AI, to manage data and enhance detection. He also stresses the need for continuous team training to effectively interpret data and respond to real-time threats, strengthening your defense against complex threats.Don't miss this insightful episode, where Matt shares expert tips on optimizing threat hunting and leveraging packet capture to strengthen your cybersecurity defenses.

Ransomware has shifted from simple, isolated attacks to coordinated, human-operated campaigns that target entire organizations.  In this episode of the Endace Packet Forensics Files, Michael Morris talks with Ryan Chapman, SANS Instructor and expert in Digital Forensic and Incident Response (DFIR) about these evolving threats.  Ryan explains how attackers are becoming more methodical and sophisticated, focusing on disabling EDR/XDR solutions to evade detection and leaving organizations vulnerable to advanced attacks.  One of the key challenges Ryan highlights is visibility. Without robust logging, packet capture, and monitoring tools, it's nearly impossible to understand how an attack happened fully. Even encrypted traffic can reveal critical patterns if analyzed properly.   Ryan shares examples of organizations that suffered reinfections because they rushed to restore systems without identifying the original entry point. Packet capture data plays a vital role in pinpointing when and how attackers infiltrated, ensuring a safe recovery and minimizing disruption.  As ransomware tactics evolve, adopting a Zero-Trust approach is essential. Ryan discusses how limiting permissions and avoiding overly trusting software configurations can help prevent breaches. He cites the Kaseya attack, where some organizations avoided compromise by not blindly whitelisting trusted directories. As attackers increasingly use legitimate tools, verifying all network activity and following least privilege principles are critical defenses.   Don't miss this insightful episode, where Ryan provides actionable advice for preparing your organization against today's ransomware threats.  

In this episode, I chat with Taran Singh, VP of Product Management at Keysight Technologies, about network observability.  Taran explains its importance within the zero-trust architecture and discusses the challenges organizations face in achieving clear network visibility.  He highlights the role of historical data analysis in cybersecurity and outlines Keysight's approach to network visibility.  Don't miss this insightful discussion on network observability and its significance in modern cybersecurity. Follow Taran here on LinkedIn  - https://www.linkedin.com/in/taransingh/ 

In this episode of the Endace Packet Forensics Files, Michael chats with Jake Williams, aka @MalwareJake who delves into the concept of Zero Trust and its significance for organizations seeking to bolster their security defences.Discover how Zero Trust challenges traditional security models and learn about the crucial role of continuous verification and network visibility in mitigating threats. Gain valuable insights into networking fundamentals and the integration of cybersecurity principles from an industry veteran.Don't miss out on this opportunity to enhance your cybersecurity knowledge and stay ahead of evolving threats.

In this episode of Secure Networks, Michael chats with Tanya Janka, aka SheHacksPurple, head of education and community at Semgrep and founder of We Hack Purple. Tanya discusses her transition from developer to security expert, the real issues behind the cybersecurity skills gap, and strategies for employee retention. She also dives into the implications of emerging technologies on security practices and the balance between automation and human expertise. Don't miss these valuable insights.Visit Tanya's websites: ► We Hack Purple - [https://wehackpurple.com/] ► Semgrep - [https://semgrep.dev/]

In this episode of the Endace Packet Forensic Files, Michael Morris chats with Cybersecurity Tiktok and Instagram influencer Caitlin Sarian, CEO of Cybersecurity Girl LLC, who discusses her journey into the cybersecurity field and her mission to break down stigmas surrounding the industry.Caitlin highlights the need for continuous learning in the rapidly evolving cybersecurity landscape and recommends various channels for staying updated, including news alerts, newsletters, and professional groups. She addresses common misconceptions about coding requirements, debunking the idea that a specific educational background is essential, and stresses the value of gaining practical experience and obtaining certifications tailored to one's chosen specialization.Lastly, Caitlin advocates for diversity and inclusivity in cybersecurity. She emphasizes the need for mentorship, role models, and a supportive company culture to encourage women and minorities to enter and thrive in the industry.This episode provides valuable insights for those considering a career in cybersecurity and underscores the importance of fostering a diverse and inclusive environment within the field.

Are SPAN ports sufficient to provide network traffic visibility for high-quality security (NDR) and network (NPM) investigations? What about cloud workloads?  What do you need to gain insights into cloud network activity?In this episode of the Endace Packet Forensic Files, I talk with Eric Buchaus, Director of Sales at Niagara Networks. Eric outlines potential pitfalls and challenges associated with SPAN ports and highlights situations where they may fall short for network and security analysts.Eric walks us through some alternative options, discussing the merits of network TAPS, network packet brokers, and in-line bypass solutions which can offer NoC / SoC teams more reliable, efficient, and scalable ways to get network packet data to the right tools in large-scale and complex environments.  He discusses some of the specific challenges of network visibility in cloud infrastructures and suggests some practical ways to overcome these obstacles.Eric suggests things organizations should consider when exploring different packet brokers or TAP vendors and outlines the management and scrutiny that needs to be applied to encrypted traffic to achieve in-depth visibility securely.Finally, Eric talks about how TAPs and packet brokers can help in dynamic SDN environments with high traffic volumes. He emphasizes why they are important for organizations looking to implement zero-trust infrastructures - particularly environments with many walled gardens and lots of VLANs for IOT/IOTM devices and technologies.

In this episode of the Endace Packet Forensics Files, Michael Morris talks with Martyn Crew, Senior Director, Solutions Marketing and Partner Technologies at Gigamon, a 30-year veteran in the cyber security and network management space.Martyn shares his expertise on the limitations and risks associated with exclusively using log and meta-data as the primary resources for your security team's investigations. He discusses various use cases where network traffic and full packet data can play a crucial role in security investigations, highlighting the potential oversights that could occur when teams rely solely on log data.Martyn  recommends  how to address the scalability challenges of leveraging full-packet data and delves into the storage and retention obstacles that many organizations fear when looking at solution options.Finally, Martyn suggests how to achieve a balance with telemetry sources and costs for your SOC team, and shares some key considerations for maintaining visibility in your hybrid cloud infrastructure - encompassing both on-prem and public or private cloud environments.

In this Episode of Packet Forensics Files, Endace's Michael Morris talks to Lionel Jacobs, Senior Partner Engineer, ICS and SCADA security expert, at Palo Alto Networks. Lionel draws on his more than 25 years of experience in OT and almost a decade at Palo Alto Networks in discussing some of the challenges of securing OT, IoT and critical infrastructure from cyber-attack.Lionel talks about the challenge of detecting attacks in OT environments, how to spot unusual activity, and the importance of having a reference baseline to compare against. He highlights the importance of packet data in providing insight into what is happening on OT networks.Lionel also stresses the importance of close collaboration between OT security teams and the operators of OT networks. It's crucial to ensure that the safe and effective operation of critical infrastructure isn't adversely impacted by security teams that don't understand the operational processes and procedures that are designed to ensure the safety of the plant and the people that work there.Lastly, Lionel reiterates the importance of gathering reliable evidence, and enabling security analysts to quickly get to the evidence that's pertinent to their investigation. It's not just about collecting data, but about making sure that data is relevant and easy to access.

In this Episode of Packet Forensics Files, Michael Morris asks Al Edgar, former Information Security Manager for Health Alliance - and now IT Security Manager at Endace - about some of the important areas a security leader needs to focus on and what new challenges they are facing.Firstly,  Al says, it's important to take an holistic approach to cybersecurity, by looking at the three critical components for robust security: people, processes, and technology. He stresses the importance of Incident Response planning and why it's so critical to define clear objectives, roles, and responsibilities as part of the plan.In order to stay ahead of emerging threats, Al says keeping up-to-date with cybersecurity trends is crucial. He recommends subscribing to cyber blogs, leveraging threat intelligence feeds, and mapping threat intelligence against your organizational infrastructure. He also highlights the importance of having a plan for managing third-party vendor risk.Al provides some valuable recommendations on where to start to ensure a more robust security posture, including maintaining a centralized inventory, conducting thorough risk assessments, cataloging and categorizing risks, and incorporating appropriate security clauses into contracts with suppliers and partners.Cybersecurity awareness training is another critical area, Al says. His view is that it's the responsibility of every individual in an organization to prioritize cybersecurity but he highlights the importance of support and training to enable them do this effectively. Lastly, Al talks about future cybersecurity threats, and calls out the potential risks associated with the weaponization of AI technology. He highlights the need for caution when sharing information with AI systems, reminding us to be mindful of potential privacy breaches and the risk that sensitive IP or data disclosed to AI tools may be misused or insufficiently protected.

What are some of the challenges of responding to a serious incident – such as a ransomware attack or advanced persistent attack? Where do you start, and what are the critical things you need to do?In this episode we are lucky to welcome Jasper Bongertz, Head of Digital Forensics and Incident Response at G DATA Advanced Analytics in Germany. Jasper has a wealth of experience from working in the front line of incident response at G DATA as well as in his previous role at Airbus. He also has a long background in network forensics – having been a Wireshark and network forensics instructor - and continues to be a very active member of the Wireshark community.Jasper starts by outlining some of the steps to mitigate “headless chicken mode” which is what he often sees when organization first uncovers a serious cybersecurity incident.The process starts with understanding exactly what has happened, and what the impact is so that a clear response plan and timeline for resolution can be established. This requires gathering the available evidence – including network packet data if it's available. It's important to be able to do this quickly – particularly in the case of ransomware attacks where the organization's IT systems may be unavailable as a result of the attack. With ransomware, speed is crucial since the organization's primary priority is typically to get back to an emergency operating state as quickly as possible. Jasper lists some of the tools that his team finds useful in rapidly gathering that critical evidence.Once the scope of the incident has been established, you need to have the specific expertise on hand to do the initial investigation to understand what happened and how it happened so you can identify the right response. Typically, Jasper says, that will involve having at least an incident response specialist, a forensic expert, and a malware reverse engineer, but depending on the scale of the event may involve many others too.Jasper outlines the most important steps organizations can take to protect themselves against ransomware attacks and ensure that in the event of a successful attack they can recover. The two most important of these are making sure domain administrator credentials are protected to prevent privilege escalation and ensuring backups are complete and protected from sabotage.Lastly, Jasper discusses the changing cyberthreat landscape. He outlines why he thinks data exfiltration and extortion will become more a common threat than ransomware and encryption, and why network data is critical to combat this growing risk.

How did Wireshark come to be, and what's made it so successful – not just as the pre-eminent tool for analyzing network packet data, but as an open-source project in general?In this episode Michael Morris talks to Wireshark founder, Gerald Combs, and Endace CTO, Stephen Donnelly, about the origins of Wireshark, and why packet capture data is so crucial for investigating and resolving network security threats and network or application performance issues.Gerald talks about the early days of Ethereal, a “packet sniffer” he originally created for his own use in his role at an ISP, but subsequently open-sourced as Wireshark. That fortuitous decision was key, Gerald says, to the subsequent ongoing growth and success of the Wireshark project – which will turn 25 years old in July! It enabled developers from around the world to contribute to the project, creating a Windows version in the process, and helping Wireshark to become the gold standard tool for network analysis, used by SecOps, NetOps and IT teams the world over.Stephen has been using Wireshark right from the earliest days – when it was still called Ethereal – and is one of the many contributors to the project.Stephen and Gerald both talk about why packet analysis is so important for cybersecurity and network performance analysis (the ubiquitous “Packets Don't Lie” T-shirt – available from the Wireshark Foundation store – says it all really), and discuss examples of the many and varied problems that Wireshark is helping people to solve.Stephen outlines the differences between network flow data and packet capture data and why packet data is essential for solving some problems where flow data just doesn't contain the level of detail required.Wireshark is continually evolving, with support for new protocols, and new UI enhancements that make it easier for analysts to slice-and-dice packet data. Gerald says that Wireshark is almost the perfect open-source project because it allows for a lot of parallel collaboration from contributors in creating new dissectors and ensuring that Wireshark continues to keep pace with the rapid pace of change in networking. Now that planning for Wireshark 5.x has started Gerald also looks ahead to some of the possible new features that might appear in future releases.And finally, Gerald talks about the new Wireshark Foundation (which Endace is a sponsor of) which has been setup to provide support for ongoing development of the Wireshark project and ensure it continues its resounding success into the future.Wireshark is coming up on its 25th birthday and still going from strength-to-strength. Don't miss this fascinating interview with the leader of one of the most successful open-source projects around. Gerald and Stephen's insightful commentary as well some fantastic tips-and-tricks make this a must-listen episode.

Increasingly complex systems, expanding threat landscape, and explosion in the number of potential entry points all make managing security at scale a daunting prospect. So what can you do to implement effective security at scale and what are some of the pitfalls to avoid?In this episode Michael Morris talks with Dimitri McKay, Principal Security Strategist and CISO Advisor at Splunk, about where to start addressing the challenges of security at scale. He highlights the importance of robust risk assessment, developing clear security goals and ensuring leadership buy-in to the organization's security strategy. And the importance of balancing the needs of users with the need to secure the enterprise.Dimitri discusses some of the pitfalls organizations often fall into, and what security leaders can do – and where they should start – to avoid making the same mistakes. He talks about the importance of thinking strategically not just tactically, of being proactive rather than just reactive, and of creating a roadmap for where the organization's security needs to be in a year, two years, three years into the future.Dimitri also highlights the need to collect the right data to ensure the organization can accomplish the security goals it has set, to enable high-fidelity threat detection and provide the necessary context for effective, and efficient, threat response. Security teams started by collecting what they had he says – firewall logs, authentication logs etc. – but this isn't necessarily sufficient to enable them to accomplish their objectives because it focuses more on IT risks, rather than on the critical business risks.Finally, Dimitri puts on his futurist hat to predict what security teams should be on the look out for. Not surprisingly, he predicts the rapid development of AI tools like ChatGPT and OpenAI have the potential to offer huge benefits to cyber defenders. But they will also enable cyber attackers to create increasingly sophisticated threats and circumvent defences. AI is both an opportunity and a threat.

Cyberthreats are something all organizations are facing. But Pharmaceutical and Healthcare Providers have some unique challenges and vulnerabilities and come in for more than their fair share of attention from threat actors. What can your SOC team learn from some of the best practices these organizations are implementing? Are you architecting your environment to separate IOT devices from other critical assets and are you managing them with the same level of scrutiny?In this episode I talk with David Monahan, a 30-year expert in cybersecurity and network management and former researcher at Enterprise Management Associates. David draws on his research background as well as his current experience working as the Business Information Security Officer at a large global pharmaceutical company.He talks about some of the similarities and differences the Healthcare and Pharmaceutical industries have with other industries. He shares his insights into why the Healthcare and Pharmaceutical industries are so strongly targeted by threat actors and things consumers or patients can do to help protect themselves and their information.David also discusses some of the unique challenges Healthcare organizations have around IOT devices and suggests ways to help manage these risks.  He shares some best practices your security organization can be leveraging and points out tools and solutions that are critical for any security stack.Finally, David talks about what training and skills are important to ensure your SOC analysts are as prepared as possible to defend against cyberthreats.

In this episode of the Endace Packet Forensic files, Michael Morris talks to Jim Mandelbaum, Field CTO at Gigamon, about what “security at scale” means. Jim draws on more than a decade of experience as a CTO in the security industry, and shares best-practise tips to ensure that as your infrastructure evolves, your security posture keeps pace.Jim highlights the importance of leveraging automation to help deal with the increasingly complex network environment. Key to this is having visibility into exactly what's happening on your network – including on-prem, cloud and hybrid-cloud environments – so you can make informed decisions about what traffic needs to be monitored and recorded. And what tasks can be automated to ensure threat visibility. It's also critical to break down team silos, Jim says. Otherwise, responsibility has a tendency to fall through the cracks. Teams need to collaborate closely and include the security team on IT strategy planning - and particularly cloud migration projects. That makes it easier to determine who is responsible for what parts of security from the get-go. When teams have the opportunity to discuss the challenges they face they can often leverage solutions that have been successfully implemented elsewhere in the organization – saving time, resources and budget as a result.Lastly, Jim highlights the importance of talking with your vendors about their future product strategies to ensure they align with your organization's plans. Otherwise, there's a risk of divergence which could prove very costly down the track.

In this episode of the Endace Packet Forensic files, Michael Morris talks with RoseAnn Guttierrez, Technical Enablement Specialist BM at IBM Security and a former SOC analyst.Rose shares her experience of what a day in the life of a SOC engineer is really like. She discusses the best practices she and her team put in place to manage the day-to-day challenges and improve their security posture. She also highlights some of the tools that were most valued in their daily operations and the critical importance of interoperability and integrated workflows to ensure efficiency and simplicity for SOC teams.Rose's combination of SOC experience and deep knowledge of the security landscape has given her unique insight into the importance of having an interoperable ecosystem of tools and vendors that enables SOC teams to build resiliency and efficiency into their DNA.You can catch previous episodes in the Secure Networks Series here: https://blog.endace.com/category/pack...Or hit Subscribe to be notified when we post new episodes.ABOUT ENDACE *****************Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance. Endace's open EndaceProbe Analytics Platform (https://www.endace.com/endaceprobe) can host 3rd-party analytics solutions while simultaneously recording a 100% accurate history of network activity. EndaceProbes are deployed on some of the world's largest, fastest and most critical networks.

In this episode of the Endace Packet Forensic files, Michael Morris talks with Andrew Stewart, Senior National Security and Government Strategist at Cisco.  Andrew, CAPT, USN (Ret.) is a Senior Federal Strategist at Cisco where he implements strategies to support innovative cybersecurity and AI/ML solutions across the Federal Government.  He also served as the Commanding Officer and Program Manager at the Navy Cyber Warfare Development Group (NCWDG).With Andrew's experience in national security and government agencies, Michael asks him for his thoughts about all the new Whitehouse mandates, and cybersecurity policies from CISA such as the emphasis on Zero Trust and other important initiatives.  We discuss whether what organizations are doing is sufficient given the risks posed by nation-state threat actors.Andrew highlights some cybersecurity trends, including the ever-changing nature of threats as hybrid cloud operating environments continue to expand the threat spectrum and transform the way we work.  Visibility, he says, remains the key to mastering and controlling such a dynamic threat environment.

Threat hunting is a critical cybersecurity activity that is growing in importance and prevalence around the globe.  Are your SOC analysts developing the skills and toolsets they need to enable more efficient and effective threat hunting?  What are the inhibitors your teams face and do you have the right tools and processes in place?In this episode of the Endace Packet Forensic files, Michael Morris talks with Chris Greer of Packet Pioneer.Chris is an experienced protocol analyst and forensics expert. He is a renowned instructor for Wireshark University as well as the host of a popular YouTube channel where he shares insights into threat hunting and demonstrates the importance of understanding how to investigate and resolve issues using packet analysis. In this episode, In this episode, Chris talks about some of the problems or threats you can only see as part of your incident response investigation processes and workflows if you have access to full packet dataFinally, Chris highlights some of the gaps that organizations have in their security stacks that make it hard for them to confirm or deny false positives and how to resolve this visibility issue. He offers recommendations for training and suggests how to improve your organization's threat-hunting capability.

In this episode, Endace's Michael Morris welcomes back Justin Fier, VP Tactical Risk and Response at Darktrace (who was our very first guest in this series almost 40 episodes ago!) to talk about nation-state cyber, where he sees the threats lie, and what organizations can do to better prepare for possible attacks.Justin talks about some of the great work being done by organizations like CISA, and the signs of increased collaboration between nation state defenders as being positive indications that things are moving in the right direction. But there are also significant challenges. Overcoming the slow pace of organizational change, addressing the dearth of skilled cybersecurity professionals, and building the agility to respond to the constantly evolving threat landscape are all major issues that we need to respond to as an industry – whether that's in government defense or in securing the enterprise.Don't miss this episode!

As data growth accelerates and distributed workloads increase, enterprises are prioritising cost efficiency and space minimization in modern datacenters. They are looking to leverage new technologies and use smaller, more cost-efficient appliances to reduce cost and improve efficiency.By architecting infrastructure to prioritize stability and robustness and focusing on reducing carbon footprint, organizations can dramatically reduce power, storage and cooling requirements while also improving efficiency. A win-win outcome.In this podcast, Hakan Holmgren, EVP Sales  at Cubro, talks about how new technologies like Intel barefoot ASICs can accelerate packet processing for cloud datacenters and edge deployments and enable consolidation of infrastructure to reduce cost and minimize environmental impact.

In this episode of the Endace Packet Forensic files, Endace's Michael Morris talks with Rick Jenssen, VP of Global Operations for Plixer, who shares his experience into building robust security at scale. Rick recommends some best practices to address the common challenges in delivering resilient security in large environments and talks about ways to address the flood of alarms SOC teams face on a daily basis. He suggests a nice, six-step, iterative approach to continually improving your security position.Finally, Rick reinforces how important the mantra of “practice, practice, practice” is when it comes to preparing your security teams - and the wider organization. Practicing how to investigate, remediate, and respond to potential security breaches makes sure you know what needs to happen in the event of a real crisis and uncovers areas you need to work on to be better prepared.

What does it mean to have security at scale?   For large infrastructures with rapid data growth have you maintained or improved your security posture as you have scaled?In this episode of the Endace Packet Forensic files Michael Morris talks with Neil Wilkins, Technical Director for EMEA at Garland Technology, who outlines some of the challenges he sees organizations facing when it comes to maintaining security at scale.  He shares some recommendations and best practices to get on the right path to improve security in large environments.Neil also shares his thoughts on Security Orchestration and Automation Response (SOAR) platforms and how they can help in environments with lots of tools and events and multiple teams trying to manage the cyber security infrastructure. He provides suggestions for rolling out SOAR solutions and highlights some things to avoid to ensure the platform delivers the returns and efficiencies hoped for.

What did we learn from the recent Log4J 2 vulnerability? How are security holes like this changing the way organizations think about deploying enterprise software solutions?In this episode of the Endace Packet Forensic files Michael Morris talks with Timothy Wilson-Johnston about the Log4J 2 threat and how it is being exploited in the wild. Timothy shares his thoughts about what Log4J 2 has taught us, and why organizations need to look at the bigger picture:- How can you better defend against vulnerabilities of this type- Why it's so important to closely scrutinize solutions that are deployed – and make sure you have visibility into components that might be included with those solutions

Increasingly the security of Operational Technology (OT) - Industrial Control Systems - is a major focus of concern. These systems are used in many environments across industries such as manufacturing, transportation, energy, critical infrastructure and more, and are a target for both sophisticated, nation-state attackers and cybercriminals .In this episode of the Endace Packet Forensic files Michael Morris talks with Rick Peters, CISO Operational Technology at Fortinet. With a long career in engineering and almost four decades in the US Intelligence community before taking on his role at Fortinet, Rick knows intimately how attackers can target OT systems and has spent many years helping to defend OT systems from cyber attackers. He shares his advice on best practice in securing OT environments and where to start.

In this episode of the Endace Packet Forensic files Michael Morris talks with Ron Ross, Fellow at NIST, who shares how cyber security standards are evolving to keep pace with new threats and challenges. Ron highlights where he sees most organizations falling short and the highest priorities they should be addressing. He shares some insights into new standards and recommendations for protecting operational technologies which are becoming an attractive target for threat actors.Finally, Ron talks about the need to move from a mindset of “prevention” to building “resiliency” into your security architecture to stay ahead of cyberthreats.

In this episode of the Endace Packet Forensic files Michael Morris talks with Merritt Baer, Principal in the Office of the CISO at AWS, who shares her experience in how to design and build robust, dynamic security at scale. Merritt discusses what security at scale looks like, some of the things that are often missed, and how to protect rapidly evolving hybrid cloud infrastructures.  She highlights some common pitfalls that organizations run into as they shift workloads to cloud providers and how to pivot your SOC teams and tools to ensure you have robust security forensics in place.Finally, Merritt examines how adopting SOAR platforms can help, and things you can do to prevent gaps and breakdowns in your security posture.

Modernizing the SOC is one of the latest trends cyber security teams are undertaking to stay current and on a level playing field against today's threat actors. Whether it is adapting to simply keep up with the volume of threats or implementing AI and ML technologies to find and prevent more sophisticated threat vectors SecOps need to improve and upgrade.In this episode of the Endace Packet Forensic files, Michael Morris talks with seasoned SOC Director, Kamal Khlefat, now Product Manager at LinkShadow, who shares his perspectives on the movement to modernize the SOC.

In this episode of the Endace Packet Forensic files, Michael Morris talk with Tony Krzyzewski, Director of SAM for Compliance, Global Cyber Alliance Ambassador, and New Zealand's Convenor on the International Standards Organization SC27 Information Security, Cybersecurity and Privacy Protection Standards Committee.With more than four decades working in IT and Networking, and almost three decades in cybersecurity, there are few more experienced practitioners than Tony. In this episode, Tony draws on his extensive experience to give some practical, pragmatic advice about where organizations need to focus to improve their cyber defenses. He highlights the importance of focusing on operational management processes for any cyber security program and reinforces the mantra I have been hearing from many CISOs about how the importance of regularly practising and performing “Security FireDrills”.Tony talks about his long-time campaign to encourage organizations to adopt DMARC, “Domain-based Message Authentication, Reporting and Conformance” policies to improve protections against fraudulent email and phishing attacks.

In this episode of the Endace Packet Forensic files, Endace's Michael Morris talks with Tim Dales, VP of Labs and Analyst for IT Brand Pulse. Tim shares the results of an IT Brand Pulse study that examines the cost of in-house developed packet capture solutions versus off-the-shelf, vendor-built solutions. Tim shares details of the report's findings including the pros and cons and some of the key things many people don't consider before trying to build solutions in-house.Finally, Tim discusses key changes in how organizations are thinking about their security architectures and the gaps they are looking to address. He shares the importance of integrated workflows in helping analysts to accelerate investigation times and confirm or dispense potential indicators of compromise more definitively.

In this episode of the Endace Packet Forensic files I talk with Tim Wade, Technical Director from the Office of the CTO at Vectra.AI, who shares his insights into the “SOC Modernization” trend and three pillars that he suggests require a change in thinking to ultimately be successful.Tim starts with a fundamental change in philosophy - he suggests SOC teams need to shift from a “prevention” to a “resiliency” approach to cyberdefense. He illustrates the importance of taking incremental and iterative steps with monthly and even weekly measurement and review cycles to evaluate progress.Tim suggests SOC teams need to better understand the rules of the game so they can step back and actively work to break them - because that is exactly what our treat actor adversaries are doing every day. Challenge everything and think like your opponent.Finally, Tim advises CISOs that modernization needs to address challenges holistically. Not just focusing on technologies, but also ensuring they are working on people and processes and gaps in training, communication, and thinking.

Cyber security teams around the globe are embarking on a variety of “modernization” initiatives, as they try to keep up with the dynamic threat landscape, but what are the must-have elements if you are looking to modernize your SOC?In this episode of the Endace Packet Forensic files I talk with Phillip Solakov, Client Solutions Director for Optiv Canada, who shares his view of what “SOC Modernization” means and what's driving these efforts.Phillip explains some of the biggest issues SOC teams are facing and things they are working on to overcome these challenges. He drills into how alert fatigue is compounded with more detection tools, more telemetry and why it is becoming critical for more automation in SOC processes and tools.Finally, he highlights some things SOC teams are still missing and gives some examples of how these gaps can still be addressed with the right security architecture and mindset.

Many organizations are undertaking SOC and NOC modernizations, but what does this mean and what is driving it?If your company is planning a “modernization” you won't want to miss this episode of the Endace Packet Forensic files as Pavel Minarik, CTO of Kemp Technologies, talks about what's important and what is fueling the need to modernize.Pavel gives his insights into some of the biggest challenges NOCs and SOCs are facing and shares some tips to help these separate teams work together and collaborate more.  He underscores why this is becoming more important with increasing network complexity, virtualization, and escalating threat attack vectors.

How does an organization quantify its cybersecurity readiness and robustness?  What does a strong cybersecurity posture look like?  These are questions many CISO and SecOps analysts are trying to figure out so they can sleep at night knowing they are doing all they can to protect their organization's cyber assets.In this episode of the Endace Packet Forensic files, Michael Morris talks with David Ellis, VP of Sales and Corporate Relations for SecureIQLab, who shares his insights into what the SecureIQLab team sees in their role as both a test lab and a security assessment consultancy.David outlines the elements of a successful security team and what metrics SecOps should be monitoring to quantify their security posture.  He shares common vulnerabilities that he sees many organizations are still facing and the table-stakes that every security team should have in terms of tools, processes, and policies.

You won't want to miss this episode of the Endace Packet Forensic files as I talk with Ajit Thyagarajan, Principal Security Architect for Cisco, who talks about the challenges security analysts are facing and shares his views and ideas on how to improve their day-to-day operation.Ajit shares the concept of the Intelligent Telemetry Plane that he and his team at Cisco have been developing. He highlights the value of the provenance of telemetry data and how important bringing different data sources together is in staying ahead of threat actors.Finally, Ajit shares some ideas about the types of challenges a common telemetry management platform can help solve and what to keep your eyes on over the year ahead when it comes to security threats and cyber defense.

Nation-state cybersecurity is fast becoming the new battle frontline in international conflict. It is complicated by rogue threat actor groups inserting their cyber weapons into the mix, extorting money for funding, fanning the flames of nation-state disputes, and crippling potential targets.You won't want to miss this episode of the Endace Packet Forensic files as I talk with Stephen Tsirtsonis, Director EMEA Federal Business for Endace, who shares his view of the threat landscape that government agencies around the world are facing and how it is evolving.Stephen talks about what he sees governments doing to combat escalating cyber threats, what are some of the unique challenges they face, and how they are evolving their security using SOAR, AI, and NDR tools to be as prepared as possible to defend critical infrastructure .Finally, Stephen gives his thoughts on the key things security teams should look out for in the years ahead and what we can all learn from government security practices.

Has the fluidity of your network perimeter created holes in your cybersecurity defenses?Tune in for this episode of the Endace Packet Forensic files as I get insights from expert cybersecurity consultant,m and former CISO of Air New Zealand, Michael Wallmannsberger.Michael shares some of the systemic and foundational mistakes that he sees organizations are continuing to make that hamper their security posture.  He gives some great advice for new CISOs as to what to prioritize and to focus on as they build their security maturity.Finally, Michael shares from a CISO perspective some key elements to start with and help you walk before you run in your push for strong cybersecurity and highlights the importance of taking the time to develop your organization's security competencies across the whole business.

Are you aware if your network has  spoofed DNS traffic and do you know what things to look for in your network traffic to find supply chain attacks?If you’re not sure then you won’t want to miss this episode of the Endace Packet Forensic files as I talk with Alex Kirk Director Global Principal Engineer for Corelight.Alex gives his expert insights to the Solarwinds Sunburst supply-chain attacks on the details, what to look for, and why it took so long for security experts to uncover the threat.    He highlights the importance of asset management and the integration of IT planning into security operations practices and policies.Finally, Alex gives tips for finding and preventing these types of attacks in the future and advises where he still sees many organizations have gaps in their security stacks.

What are the latest threats that Threat Intelligence teams are seeing and what are they recommending as best practices for defending against the latest cybersecurity threats? You won’t want to miss this episode of the Endace Packet Forensic files as Michael sits down with Craig Williams, Director of Talos Outreach at Cisco. Craig talks about how threats have been evolving over the last year - particularly during the Covid-19 pandemic - and gives us some insights into recent high-profile security issues.  He also shares some advice how you can validate your corporate applications and implement zero-trust policies to reduce your exposure to threats.

Do your cybersecurity skills meet foundational requirements for security analysts of tomorrow?You won’t want to miss this informative episode with Dr. Ryan Ko, Chair and Director of Cybersecurity for the University of Queensland. Ryan talks about how the university is building programs around the critical skills needed by cybersecurity analysts of the future.Ryan is a founder of, and contributor to, the CCSP certification and has developed a variety of masters and post-graduate degree programs in Cybersecurity. He makes his case for why a broad inter-disciplinary approach will be critical for security teams in the years ahead.Ryan also talks about how new breaches and threats such as supply chain attacks are becoming the norm and some approaches for hunting down these threats.

Interested in hearing what some of the UK’s leading government cyber defense experts are doing to address their biggest concerns and challenges?Then don’t miss this insightful episode with Tim Dudman, Senior Principal Consultant for Riskaware, where he shares his experiences in collaborating with academia, industry, and UK Defense funding to generate leading-edge cybersecurity capabilities.

Want to hear about the latest attack trends, what to expect in the future and how best to prepare your defenses?Then don’t miss this episode of our Packet Forensic Files series as Michael catches up with Jen Miller-Osborn from Unit 42 – the threat intelligence group at Palo Alto Networks.

Are you struggling to see all the things happening on your network and ensure you are thoroughly monitoring and securing your cyber architecture?You won’t want to miss our latest episode of the Endace Packet Forensic Files series with special guest, Chris Bihary, CEO and Founder of Garland Technology.Chris’s expertise as an innovator and network solution problem solver is unparalleled. In this episode, he shares his insights on the fundamentals for any robust network and security architecture. Chris talks about the complexity of security stacks and why the sheer number of both in-line and out-of-band vendor solutions is making it increasingly challenging to ensure network performance and security.Hear how to give your teams more time and better data to effectively investigate and mitigate threats and issues. Finally, get Chris’s outlook on the digital world for the year ahead and things you can do to strengthen your network’s performance and security.

How is cybersecurity training and expertise affecting SecOps teams’ ability to effectively manage and secure their cyber-infrastructures?If you want to hear insights from someone with 30 years in the network security industry don’t miss our first episode of the Endace Packet Forensic Files series for 2021 with special guest, Brian Ford, Assistant Professor at the State University of New York at Farmingdale and former Cisco Security Expert.Brian shares his insights into how focused threat hunting can make a huge difference, not only allowing analysts to hone their security skills but also connecting an organization’s assets, architecture, policies, and procedures to elevate its security posture. Get some tips to sharpen your skills as a cybersecurity analyst and hear why “practice” is so important for being ready for the real thing.

Looking for insights into how to improve your cybersecurity posture? You won’t want to miss the last episode of the Endace Packet Forensic Files for 2020. This episode's special guest is Brett White, Cyber Security Advisor and Architect. Brett has many years of experience at Juniper, Cisco and Palo Alto Networks architecting security solutions and advising clients how to improve their security stacks and processes. He has also worked as both an in-house CISO and as a “CISO for hire”.In this episode, Brett shares some recommended best practices for robust cybersecurity including the key foundational components of network-wide visibility and high-quality threat intelligence. He also highlights the importance of stepping back from focusing on technology alone and building a security strategy focused around your organization’s business goals and outcomes, and security imperatives. We'll be back with more episodes of the Packet Forensics Files in 2021. In the meantime, we wish you a happy and healthy Christmas and New Year. See you in 2021!

How are Government agencies being pushed to transform in the new cybersecurity landscape?If you want to hear insights from someone from the inside don’t miss our latest episode of the Endace Packet Forensic Files with special guest Juliana Vida, Chief Technical Advisor for Splunk Public Sector.Juliana had a long and highly distinguished career as a Navy Officer serving as a helicopter and ship pilot before ultimately becoming Deputy CIO for the US Navy. In this episode, she shares her insights into how some government agencies are changing their approaches to cybersecurity, what they are doing to stay ahead of threat actors, and some of the challenges they are facing.Don’t miss Juliana’s insights into the Government’s cybersecurity evolution!

Security Orchestration, Automation and Response, or SOAR is the hottest growth area in the cybersecurity industry and probably one of the most complex adoptions for most security teams to undertake.You won’t want to miss our latest episode of the Endace Packet Forensic Files Vidcast/Podcast series with special guest Paul Giorgi, CTO for DeFY Security.Paul has had many years of experience building and implementing security solutions with DeFY Security customers. In this episode he suggests some best practices tips on where to start when deploying a SOAR solution and how to make time for your SecOps teams with all the things they already have on their plates.

Concerned about changes happening in the cybersecurity threat landscape?Then you want to tune in for this latest episode of the Endace Packet Forensic Files Vidcast/Podcast series with special guest Thomas Pore, VP of Technical Services for Plixer.Thomas talks about the growing problems of insider threats, Covid-19 phishing scams and the importance of VPN monitoring to ensure you’re not missing breaches occurring outside your physical perimeter.

What are some of the top things on the minds of CISOs in today’s COVID-affected, remote-working, rapidly digitally transforming world?If you want to hear what's dominating their thinking then don’t miss our latest episode of the Endace Packet Forensic Files Vidcast/Podcast series with special guest Kate Kuehn, SVP at vArmour.Kate is a seasoned security executive with years of experience as a CISO herself as well as working alongside many other CISOs. In this episode, Kate talks about what she sees are some of the biggest challenges that CISOs and their security teams face in response to digital transformation and rapid changes to their hybrid cloud and on-premise environments

Don’t miss this latest episode of the Endace Packet Forensic Files Vidcast/Podcast series with special guest Shamus McGillicuddy, VP of Research at Enterprise Management Associates (EMA).Shamus is an industry-leading market research analyst with years of experience in the Network Operations space. In this episode he shares his insights into some of the biggest changes going on with NetOps teams, and tools, including the impact of the pandemic and the massive shift to remote workforces which is driving greater complexity and introducing performance challenges.