This will enable customers to retrace the detailed, step-by-step actions of an attacker to accelerate forensic investigation.
EndaceProbe Network Analytics Platform captures, indexes, and stores network traffic while simultaneously hosting a wide variety of network security and performance monitoring applications in Application Dock, EndaceProbe’s built-in hosting environment.
The application is freely available to the security community through IBM Security App Exchange. The latter is a marketplace where developers across the industry can create applications based on IBM Security technologies.
As threats are evolving faster than ever, collaborative development amongst the security community will help organisations adapt quickly and speed innovation in the fight against cybercrime, says Endace, in a statement.
EndaceProbe works with IBM Security QRadar, the company’s security intelligence platform, which analyses data across an organisation’s IT infrastructure in real-time to identify potential security threats.
Through QRadar’s open application programming interfaces (API), EndaceProbe allows Endace and IBM customers to better understand and respond to, network events, including everything from anomalous behavior to insider and advanced threats.
“Corporate networks are more vulnerable than ever to an accelerating volume of threats, and security analysts need to understand what’s happened with a threat to accelerate security investigation and response,” says Stuart Wilson, CEO, Endace.
“Leveraging the Pivot-to-Vision API integration of EndaceProbes, analysts can click on an alert in QRadar to go directly to view the related packets in EndaceVision, the EndaceProbe’s built-in investigation tool, to see precisely what’s happened so they can respond appropriately.”
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.