Listen Now

What does it mean to have security at scale?   For large infrastructures with rapid data growth have you maintained or improved your security posture as you have scaled? In this episode of the Endace Packet Forensic files Michael Morris talks with Neil Wilkins, Technical Director for EMEA at Garland Technology, who outlines some of the challenges he sees organizations facing when it comes to maintaining security at scale.  He shares some recommendations and best practices to get on the right path to improve security in large environments.Neil also shares his thoughts on Security Orchestration and Automation Response (SOAR) platforms and how they can help in environments with lots of tools and events and multiple teams trying to manage the cyber security infrastructure. He provides suggestions for rolling out SOAR solutions and highlights some things to avoid to ensure the platform delivers the returns and efficiencies hoped for.

What did we learn from the recent Log4J 2 vulnerability? How are security holes like this changing the way organizations think about deploying enterprise software solutions?In this episode of the Endace Packet Forensic files Michael Morris talks with Timothy Wilson-Johnston about the Log4J 2 threat and how it is being exploited in the wild. Timothy shares his thoughts about what Log4J 2 has taught us, and why organizations need to look at the bigger picture:- How can you better defend against vulnerabilities of this type- Why it's so important to closely scrutinize solutions that are deployed – and make sure you have visibility into components that might be included with those solutions

Increasingly the security of Operational Technology (OT) - Industrial Control Systems - is a major focus of concern. These systems are used in many environments across industries such as manufacturing, transportation, energy, critical infrastructure and more, and are a target for both sophisticated, nation-state attackers and cybercriminals .In this episode of the Endace Packet Forensic files Michael Morris talks with Rick Peters, CISO Operational Technology at Fortinet. With a long career in engineering and almost four decades in the US Intelligence community before taking on his role at Fortinet, Rick knows intimately how attackers can target OT systems and has spent many years helping to defend OT systems from cyber attackers. He shares his advice on best practice in securing OT environments and where to start.

In this episode of the Endace Packet Forensic files Michael Morris talks with Ron Ross, Fellow at NIST, who shares how cyber security standards are evolving to keep pace with new threats and challenges. Ron highlights where he sees most organizations falling short and the highest priorities they should be addressing. He shares some insights into new standards and recommendations for protecting operational technologies which are becoming an attractive target for threat actors. Finally, Ron talks about the need to move from a mindset of “prevention” to building “resiliency” into your security architecture to stay ahead of cyberthreats.

In this episode of the Endace Packet Forensic files Michael Morris talks with Merritt Baer, Principal in the Office of the CISO at AWS, who shares her experience in how to design and build robust, dynamic security at scale. Merritt discusses what security at scale looks like, some of the things that are often missed, and how to protect rapidly evolving hybrid cloud infrastructures.  She highlights some common pitfalls that organizations run into as they shift workloads to cloud providers and how to pivot your SOC teams and tools to ensure you have robust security forensics in place. Finally, Merritt examines how adopting SOAR platforms can help, and things you can do to prevent gaps and breakdowns in your security posture.

Modernizing the SOC is one of the latest trends cyber security teams are undertaking to stay current and on a level playing field against today’s threat actors. Whether it is adapting to simply keep up with the volume of threats or implementing AI and ML technologies to find and prevent more sophisticated threat vectors SecOps need to improve and upgrade. In this episode of the Endace Packet Forensic files, Michael Morris talks with seasoned SOC Director, Kamal Khlefat, now Product Manager at LinkShadow, who shares his perspectives on the movement to modernize the SOC.

In this episode of the Endace Packet Forensic files, Michael Morris talk with Tony Krzyzewski, Director of SAM for Compliance, Global Cyber Alliance Ambassador, and New Zealand’s Convenor on the International Standards Organization SC27 Information Security, Cybersecurity and Privacy Protection Standards Committee. With more than four decades working in IT and Networking, and almost three decades in cybersecurity, there are few more experienced practitioners than Tony. In this episode, Tony draws on his extensive experience to give some practical, pragmatic advice about where organizations need to focus to improve their cyber defenses. He highlights the importance of focusing on operational management processes for any cyber security program and reinforces the mantra I have been hearing from many CISOs about how the importance of regularly practising and performing “Security FireDrills”. Tony talks about his long-time campaign to encourage organizations to adopt DMARC, “Domain-based Message Authentication, Reporting and Conformance” policies to improve protections against fraudulent email and phishing attacks.

In this episode of the Endace Packet Forensic files, Endace's Michael Morris talks with Tim Dales, VP of Labs and Analyst for IT Brand Pulse. Tim shares the results of an IT Brand Pulse study that examines the cost of in-house developed packet capture solutions versus off-the-shelf, vendor-built solutions.  Tim shares details of the report's findings including the pros and cons and some of the key things many people don’t consider before trying to build solutions in-house. Finally, Tim discusses key changes in how organizations are thinking about their security architectures and the gaps they are looking to address. He shares the importance of integrated workflows in helping analysts to accelerate investigation times and confirm or dispense potential indicators of compromise more definitively.

In this episode of the Endace Packet Forensic files I talk with Tim Wade, Technical Director from the Office of the CTO at Vectra.AI, who shares his insights into the “SOC Modernization” trend and three pillars that he suggests require a change in thinking to ultimately be successful. Tim starts with a fundamental change in philosophy - he suggests SOC teams need to shift from a “prevention” to a “resiliency” approach to cyberdefense. He illustrates the importance of taking incremental and iterative steps with monthly and even weekly measurement and review cycles to evaluate progress. Tim suggests SOC teams need to better understand the rules of the game so they can step back and actively work to break them - because that is exactly what our treat actor adversaries are doing every day. Challenge everything and think like your opponent. Finally, Tim advises CISOs that modernization needs to address challenges holistically. Not just focusing on technologies, but also ensuring they are working on people and processes and gaps in training, communication, and thinking.

Cyber security teams around the globe are embarking on a variety of “modernization” initiatives, as they try to keep up with the dynamic threat landscape, but what are the must-have elements if you are looking to modernize your SOC? In this episode of the Endace Packet Forensic files I talk with Phillip Solakov, Client Solutions Director for Optiv Canada, who shares his view of what “SOC Modernization” means and what’s driving these efforts. Phillip explains some of the biggest issues SOC teams are facing and things they are working on to overcome these challenges. He drills into how alert fatigue is compounded with more detection tools, more telemetry and why it is becoming critical for more automation in SOC processes and tools. Finally, he highlights some things SOC teams are still missing and gives some examples of how these gaps can still be addressed with the right security architecture and mindset.

Many organizations are undertaking SOC and NOC modernizations, but what does this mean and what is driving it? If your company is planning a “modernization” you won’t want to miss this episode of the Endace Packet Forensic files as Pavel Minarik, CTO of Kemp Technologies, talks about what’s important and what is fueling the need to modernize. Pavel gives his insights into some of the biggest challenges NOCs and SOCs are facing and shares some tips to help these separate teams work together and collaborate more.  He underscores why this is becoming more important with increasing network complexity, virtualization, and escalating threat attack vectors.

How does an organization quantify its cybersecurity readiness and robustness?  What does a strong cybersecurity posture look like?  These are questions many CISO and SecOps analysts are trying to figure out so they can sleep at night knowing they are doing all they can to protect their organization's cyber assets. In this episode of the Endace Packet Forensic files, Michael Morris talks with David Ellis, VP of Sales and Corporate Relations for SecureIQLab, who shares his insights into what the SecureIQLab team sees in their role as both a test lab and a security assessment consultancy.David outlines the elements of a successful security team and what metrics SecOps should be monitoring to quantify their security posture.  He shares common vulnerabilities that he sees many organizations are still facing and the table-stakes that every security team should have in terms of tools, processes, and policies.

You won’t want to miss this episode of the Endace Packet Forensic files as I talk with Ajit Thyagarajan, Principal Security Architect for Cisco, who talks about the challenges security analysts are facing and shares his views and ideas on how to improve their day-to-day operation. Ajit shares the concept of the Intelligent Telemetry Plane that he and his team at Cisco have been developing. He highlights the value of the provenance of telemetry data and how important bringing different data sources together is in staying ahead of threat actors. Finally, Ajit shares some ideas about the types of challenges a common telemetry management platform can help solve and what to keep your eyes on over the year ahead when it comes to security threats and cyber defense.

Nation-state cybersecurity is fast becoming the new battle frontline in international conflict. It is complicated by rogue threat actor groups inserting their cyber weapons into the mix, extorting money for funding, fanning the flames of nation-state disputes, and crippling potential targets. You won’t want to miss this episode of the Endace Packet Forensic files as I talk with Stephen Tsirtsonis, Director EMEA Federal Business for Endace, who shares his view of the threat landscape that government agencies around the world are facing and how it is evolving. Stephen talks about what he sees governments doing to combat escalating cyber threats, what are some of the unique challenges they face, and how they are evolving their security using SOAR, AI, and NDR tools to be as prepared as possible to defend critical infrastructure . Finally, Stephen gives his thoughts on the key things security teams should look out for in the years ahead and what we can all learn from government security practices.

Has the fluidity of your network perimeter created holes in your cybersecurity defenses? Tune in for this episode of the Endace Packet Forensic files as I get insights from expert cybersecurity consultant,m and former CISO of Air New Zealand, Michael Wallmannsberger. Michael shares some of the systemic and foundational mistakes that he sees organizations are continuing to make that hamper their security posture.  He gives some great advice for new CISOs as to what to prioritize and to focus on as they build their security maturity. Finally, Michael shares from a CISO perspective some key elements to start with and help you walk before you run in your push for strong cybersecurity and highlights the importance of taking the time to develop your organization's security competencies across the whole business.

Are you aware if your network has  spoofed DNS traffic and do you know what things to look for in your network traffic to find supply chain attacks? If you’re not sure then you won’t want to miss this episode of the Endace Packet Forensic files as I talk with Alex Kirk Director Global Principal Engineer for Corelight. Alex gives his expert insights to the Solarwinds Sunburst supply-chain attacks on the details, what to look for, and why it took so long for security experts to uncover the threat.    He highlights the importance of asset management and the integration of IT planning into security operations practices and policies. Finally, Alex gives tips for finding and preventing these types of attacks in the future and advises where he still sees many organizations have gaps in their security stacks.

What are the latest threats that Threat Intelligence teams are seeing and what are they recommending as best practices for defending against the latest cybersecurity threats? You won’t want to miss this episode of the Endace Packet Forensic files as Michael sits down with Craig Williams, Director of Talos Outreach at Cisco. Craig talks about how threats have been evolving over the last year - particularly during the Covid-19 pandemic - and gives us some insights into recent high-profile security issues.  He also shares some advice how you can validate your corporate applications and implement zero-trust policies to reduce your exposure to threats.

Do your cybersecurity skills meet foundational requirements for security analysts of tomorrow? You won’t want to miss this informative episode with Dr. Ryan Ko, Chair and Director of Cybersecurity for the University of Queensland. Ryan talks about how the university is building programs around the critical skills needed by cybersecurity analysts of the future. Ryan is a founder of, and contributor to, the CCSP certification and has developed a variety of masters and post-graduate degree programs in Cybersecurity. He makes his case for why a broad inter-disciplinary approach will be critical for security teams in the years ahead. Ryan also talks about how new breaches and threats such as supply chain attacks are becoming the norm and some approaches for hunting down these threats.

Interested in hearing what some of the UK’s leading government cyber defense experts are doing to address their biggest concerns and challenges? Then don’t miss this insightful episode with Tim Dudman, Senior Principal Consultant for Riskaware, where he shares his experiences in collaborating with academia, industry, and UK Defense funding to generate leading-edge cybersecurity capabilities.

Want to hear about the latest attack trends, what to expect in the future and how best to prepare your defenses? Then don’t miss this episode of our Packet Forensic Files series as Michael catches up with Jen Miller-Osborn from Unit 42 – the threat intelligence group at Palo Alto Networks.