Endace launched the EndaceProbe integration with IBM Security to enable customers to retrace the actions of an attacker to accelerate forensic investigation. EndaceProbe Network Analytics Platform captures, indexes, and stores network traffic while hosting a variety of network security and performance monitoring applications in Application Dock, EndaceProbe’s built-in hosting environment.
The new application is freely available to the security community through IBM Security App Exchange, a marketplace where developers across the industry can create applications based on IBM Security technologies. As threats are evolving faster than ever, collaborative development amongst the security community will help organizations adapt and speed innovation in the fight against cybercrime.
EndaceProbe leverages IBM Security QRadar, the company’s security intelligence platform, which analyzes data across an organization’s IT infrastructure in real-time to identify potential security threats. Leveraging QRadar’s open application programming interfaces (API), EndaceProbe allows Endace and IBM customers to understand and respond to, network events, including everything from anomalous behavior to insider and threats.
“Corporate networks are more vulnerable than ever to an accelerating volume of threats, and security analysts need to understand what’s happened with a threat to accelerate security investigation and response,” said Stuart Wilson, CEO, Endace.
“Leveraging the Pivot-to-Vision API integration of EndaceProbes, analysts can click on an alert in QRadar to go directly to view the related packets in EndaceVision, the EndaceProbe’s built-in investigation tool, to see precisely what’s happened so they can respond appropriately.”