In this episode, I chat with Taran Singh, VP of Product Management at Keysight Technologies, about network observability.

Taran explains its importance within the zero-trust architecture and discusses the challenges organizations face in achieving clear network visibility.

He highlights the role of historical data analysis in cybersecurity and outlines Keysight's approach to network visibility.

Don’t miss this insightful discussion on network observability and its significance in modern cybersecurity.

Follow Taran here on LinkedIn - https://www.linkedin.com/in/taransingh/

In this episode of the Endace Packet Forensics Files, Michael chats with Jake Williams, aka @MalwareJake who delves into the concept of Zero Trust and its significance for organizations seeking to bolster their security defences.

Discover how Zero Trust challenges traditional security models and learn about the crucial role of continuous verification and network visibility in mitigating threats. Gain valuable insights into networking fundamentals and the integration of cybersecurity principles from an industry veteran.

Don't miss out on this opportunity to enhance your cybersecurity knowledge and stay ahead of evolving threats.

In this episode of Secure Networks, Michael chats with Tanya Janka, aka SheHacksPurple, head of education and community at Semgrep and founder of We Hack Purple. Tanya discusses her transition from developer to security expert, the real issues behind the cybersecurity skills gap, and strategies for employee retention. She also dives into the implications of emerging technologies on security practices and the balance between automation and human expertise. Don’t miss these valuable insights.

Visit Tanya's websites:
► We Hack Purple - [https://wehackpurple.com/]
► Semgrep - [https://semgrep.dev/]

In this episode of the Endace Packet Forensic Files, Michael Morris chats with Cybersecurity Tiktok and Instagram influencer Caitlin Sarian, CEO of Cybersecurity Girl LLC, who discusses her journey into the cybersecurity field and her mission to break down stigmas surrounding the industry.

Caitlin highlights the need for continuous learning in the rapidly evolving cybersecurity landscape and recommends various channels for staying updated, including news alerts, newsletters, and professional groups. She addresses common misconceptions about coding requirements, debunking the idea that a specific educational background is essential, and stresses the value of gaining practical experience and obtaining certifications tailored to one's chosen specialization.

Lastly, Caitlin advocates for diversity and inclusivity in cybersecurity. She emphasizes the need for mentorship, role models, and a supportive company culture to encourage women and minorities to enter and thrive in the industry.

This episode provides valuable insights for those considering a career in cybersecurity and underscores the importance of fostering a diverse and inclusive environment within the field.

Are SPAN ports sufficient to provide network traffic visibility for high-quality security (NDR) and network (NPM) investigations? What about cloud workloads? What do you need to gain insights into cloud network activity?

In this episode of the Endace Packet Forensic Files, I talk with Eric Buchaus, Director of Sales at Niagara Networks. Eric outlines potential pitfalls and challenges associated with SPAN ports and highlights situations where they may fall short for network and security analysts.

Eric walks us through some alternative options, discussing the merits of network TAPS, network packet brokers, and in-line bypass solutions which can offer NoC / SoC teams more reliable, efficient, and scalable ways to get network packet data to the right tools in large-scale and complex environments. He discusses some of the specific challenges of network visibility in cloud infrastructures and suggests some practical ways to overcome these obstacles.

Eric suggests things organizations should consider when exploring different packet brokers or TAP vendors and outlines the management and scrutiny that needs to be applied to encrypted traffic to achieve in-depth visibility securely.

Finally, Eric talks about how TAPs and packet brokers can help in dynamic SDN environments with high traffic volumes. He emphasizes why they are important for organizations looking to implement zero-trust infrastructures - particularly environments with many walled gardens and lots of VLANs for IOT/IOTM devices and technologies.

In this episode of the Endace Packet Forensics Files, Michael Morris talks with Martyn Crew, Senior Director, Solutions Marketing and Partner Technologies at Gigamon, a 30-year veteran in the cyber security and network management space.

Martyn shares his expertise on the limitations and risks associated with exclusively using log and meta-data as the primary resources for your security team's investigations. He discusses various use cases where network traffic and full packet data can play a crucial role in security investigations, highlighting the potential oversights that could occur when teams rely solely on log data.

Martyn recommends how to address the scalability challenges of leveraging full-packet data and delves into the storage and retention obstacles that many organizations fear when looking at solution options.

Finally, Martyn suggests how to achieve a balance with telemetry sources and costs for your SOC team, and shares some key considerations for maintaining visibility in your hybrid cloud infrastructure - encompassing both on-prem and public or private cloud environments.

In this Episode of Packet Forensics Files, Endace's Michael Morris talks to Lionel Jacobs, Senior Partner Engineer, ICS and SCADA security expert, at Palo Alto Networks. Lionel draws on his more than 25 years of experience in OT and almost a decade at Palo Alto Networks in discussing some of the challenges of securing OT, IoT and critical infrastructure from cyber-attack.

Lionel talks about the challenge of detecting attacks in OT environments, how to spot unusual activity, and the importance of having a reference baseline to compare against. He highlights the importance of packet data in providing insight into what is happening on OT networks.

Lionel also stresses the importance of close collaboration between OT security teams and the operators of OT networks. It’s crucial to ensure that the safe and effective operation of critical infrastructure isn’t adversely impacted by security teams that don’t understand the operational processes and procedures that are designed to ensure the safety of the plant and the people that work there.

Lastly, Lionel reiterates the importance of gathering reliable evidence, and enabling security analysts to quickly get to the evidence that’s pertinent to their investigation. It’s not just about collecting data, but about making sure that data is relevant and easy to access.

In this Episode of Packet Forensics Files, Michael Morris asks Al Edgar, former Information Security Manager for Health Alliance - and now IT Security Manager at Endace - about some of the important areas a security leader needs to focus on and what new challenges they are facing.

Firstly, Al says, it’s important to take an holistic approach to cybersecurity, by looking at the three critical components for robust security: people, processes, and technology. He stresses the importance of Incident Response planning and why it’s so critical to define clear objectives, roles, and responsibilities as part of the plan.

In order to stay ahead of emerging threats, Al says keeping up-to-date with cybersecurity trends is crucial. He recommends subscribing to cyber blogs, leveraging threat intelligence feeds, and mapping threat intelligence against your organizational infrastructure. He also highlights the importance of having a plan for managing third-party vendor risk.

Al provides some valuable recommendations on where to start to ensure a more robust security posture, including maintaining a centralized inventory, conducting thorough risk assessments, cataloging and categorizing risks, and incorporating appropriate security clauses into contracts with suppliers and partners.

Cybersecurity awareness training is another critical area, Al says. His view is that it's the responsibility of every individual in an organization to prioritize cybersecurity but he highlights the importance of support and training to enable them do this effectively.

Lastly, Al talks about future cybersecurity threats, and calls out the potential risks associated with the weaponization of AI technology. He highlights the need for caution when sharing information with AI systems, reminding us to be mindful of potential privacy breaches and the risk that sensitive IP or data disclosed to AI tools may be misused or insufficiently protected.