Secure Networks: Endace Packet Forensics Files

Episode 65: Andrew Cook, CTO Recon InfoSec

In this episode of the @Endace, Packet Forensic Files, Michael Morris chats with Andrew Cook, CTO of Recon InfoSec and host of the Thursday Defensive Podcast about Incident Investigation and Response, and Threat Hunting .  Andrew has a wealth of experience in high-pressure cyberdefense environments and shares some of the key lessons he's learned along the way, as well as passing some great advice. This episode is a must-listen for cybersecurity professionals who want to learn more about the latest incident response and threat hunting tips, tools and techniques. ABOUT ENDACE  ***************** Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance.  EndaceProbes are deployed on some of the world's largest, fastest and most critical networks. EndaceProbe models are available for on-premise, private cloud and public cloud deployments - delivering complete hybrid cloud visibility from a single pane-of-glass. Endace’s open EndaceProbe Analytics appliances (https://www.endace.com/endaceprobe) can be deployed in on-premise locations and can also host third-party security and performance monitoring solutions while simultaneously recording a 100% accurate history of network activity.

Episode 64: Steve Fink, CTO and CISO at Secure Yeti

In this episode of the @Endace, Packet Forensic Files, Michael Morris chats with Steve Fink, CTO and CISO of Secure Yeti and architect of the SOCs for Black Hat, RSA Conference, and Cisco Live, for an in-depth look at building effective Security Operations Centers (SOCs).  With 26 years of cybersecurity experience, Fink shares strategies for leveraging packet data, integrating AI for automation, fostering vendor collaboration, and ensuring scalability and resilience.  This expert-led discussion is a must-watch for cybersecurity professionals who want to learn how to optimize threat detection and avoid data swamps . ABOUT ENDACE  ***************** Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance.  EndaceProbes are deployed on some of the world's largest, fastest and most critical networks. EndaceProbe models are available for on-premise, private cloud and public cloud deployments - delivering complete hybrid cloud visibility from a single pane-of-glass. Endace’s open EndaceProbe Analytics appliances (https://www.endace.com/endaceprobe) can be deployed in on-premise locations and can also host third-party security and performance monitoring solutions while simultaneously recording a 100% accurate history of network activity. CHAPTERS 01:24 Why is your nickname 'Fink' and not Steve? 02:17 What foundational, architectural principles are essential when designing a next-gen SOC? 05:43 How do you approach scalability & modularity in NOC/SOC design to accommodate future growth? 08:57 How have you evolved to integrate cloud native technology or hybrid environments into your SOC and what were the challenges? 12:04 What role does packet data and centralized logging play in your SOC design and how do you ensure efficient data ingestion and retrieval? 14:45 How do you architect SOC to support real time threat detection and response across geographically distributed global infrastructures? 17:55 What strategies do you use for disaster recovery? 20:35 How do you incorporate AI, ML and automation capabilities into your SOC architecture to enhance threat hunting? 23:02 What are your best practices for integrating third-party tools?

Episode 63: Jack Chan, VP of Product and Field CTO at Fortinet

Why NDR is Evolving—And What Enterprises Should Demand From It In this episode of  the @Endace Packet Forensic Files, Michael Morris [https://www.linkedin.com/in/michael-morris1/] is joined by Jack Chan [https://www.linkedin.com/in/jack-chan-02464a11/], VP of Product and Field CTO at Fortinet [https://www.fortinet.com/], to unpack what makes a truly effective Network Detection and Response (NDR) solution. Jack shares his perspective on why visibility, historical context, and deep threat hunting capabilities matter more than flashy features. They explore how AI and machine learning are transforming NDR—helping detect threats in encrypted traffic and reduce alert fatigue for SOC teams. Jack also talks about integrating NDR with firewalls and EDR tools to improve response decisions and streamline investigations. Finally, Jack leaves us with a powerful reminder: security starts with people. From secure coding to user awareness, the human element is often the weakest link—and the best place to strengthen your defences. ABOUT ENDACE  ***************** Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance.  EndaceProbes are deployed on some of the world's largest, fastest and most critical networks. EndaceProbe models are available for on-premise, private cloud and public cloud deployments - delivering complete hybrid cloud visibility from a 'single-pane-of-glass'. Endace’s open EndaceProbe Analytics appliances (https://www.endace.com/endaceprobe) can be deployed in on-prem locations and can also host third-party security and performance monitoring solutions while simultaneously recording a 100% accurate history of network activity.

Episode 62: Jessica (Bair) Oppenheimer, Cisco's Director of Security Operations

What does it take to run a world-class Security Operations Center (SOC) in today’s high-stakes, high-speed cybersecurity landscape? In this episode of the @Endace, Packet Forensic Files, Michael Morris chats with Jessica (Bair) Oppenheimer, Cisco's Director of Security Operations, for an in-depth look at next-generation Security Operations Centers (SOCs).  Jessica shares her expertise from securing high-stakes events like the Paris 2024 Olympics, NFL Super Bowl, Black Hat, and RSAC Conference. Discover how her team leverages AI, full packet capture with EndaceProbes, and integrations with Cisco XDR and Splunk to combat AI-driven threats and ensure rapid detection and response.  This episode is a must-listen for cybersecurity professionals who want to stay ahead of evolving threats. It is packed with insights on balancing automation with human expertise and key KPIs for SOC success. ABOUT ENDACE  ***************** Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance.  EndaceProbes are deployed on some of the world's largest, fastest and most critical networks. EndaceProbe models are available for on-premise, private cloud and public cloud deployments - delivering complete hybrid cloud visibility from a single pane-of-glass. Endace’s open EndaceProbe Analytics appliances (https://www.endace.com/endaceprobe) can be deployed in on-premise locations and can also host third-party security and performance monitoring solutions while simultaneously recording a 100% accurate history of network activity.

Episode 61: Jean-Pierre Bergeaux - Federal CTO, GuidePoint Security

In this episode of the @Endace Packet Forensics Files, I talk to Jean-Paul Bergeaux, Federal CTO at GuidePoint Security.  We unravel the complex world of federal cybersecurity and discuss the critical importance of certifications, the game-changing M-21-31 directives, and how packet capture data is revolutionizing threat detection.  We also uncover the potential risks and opportunities presented by generative AI in the cybersecurity landscape. From SolarWinds lessons to the emerging generative AI challenge, Jean-Paul provides unprecedented insights into how government agencies fight to stay ahead of sophisticated cyber threats.  This episode offers a must-watch deep dive into the frontlines of digital defense. ABOUT ENDACE  ***************** Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance.  EndaceProbes are deployed on some of the world's largest, fastest and most critical networks. EndaceProbe models are available for on-premise, private cloud and public cloud deployments - delivering complete hybrid cloud visibility from a 'single-pane-of-glass'. Endace’s open EndaceProbe Analytics appliances (https://www.endace.com/endaceprobe) can be deployed in on-prem locations and can also host third-party security and performance monitoring solutions while simultaneously recording a 100% accurate history of network activity.