Packet Forensic Files Ep 57 Ryan Chapman

In this episode of the Endace Packet Forensics Files, Michael talks with Ryan Chapman, SANS Instructor and DFIR expert, about how attackers are using more sophisticated methods to disable security tools like EDR/XDR, leaving businesses vulnerable.

Ryan highlights the importance of visibility in combating ransomware. Without proper logging, packet capture and monitoring tools, understanding how an attack happened becomes nearly impossible.

Ryan shares examples of reinfections caused by rushing recovery without identifying the original entry point, highlighting how packet capture data is crucial for pinpointing infiltration and ensuring safe recovery and minimizing disruption.

As ransomware tactics evolve, Ryan emphasizes the importance of adopting a Zero-Trust approach by limiting permissions, avoiding overly trusting configurations, and continuously verifying network activity to prevent breaches, as seen in the Kaseya attack.

Don’t miss this insightful episode, where Ryan provides actionable advice for preparing your organization against today’s ransomware threats.

ABOUT ENDACE
*****************
Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance.

EndaceProbes are deployed on some of the world's largest, fastest and most critical networks. EndaceProbe models are available for on-premise, private cloud and public cloud deployments - delivering complete hybrid cloud visibility from a single pane-of-glass.

Endace’s open EndaceProbe Analytics appliances (https://www.endace.com/endaceprobe) for deployment in on-premise locations can also host 3rd-party security and performance monitoring solutions while simultaneously recording a 100% accurate history of network activity.