sb-au logo
Story image

Endace and Palo Alto Networks launch integration to empower security teams

Endace has integrated with Palo Alto Networks in order to advance the forensic investigation of cyber threats to achieve more robust security.

The integration combines EndaceProbe Analytics Platform with Cortex XSOAR, Cortex XSOAR, previously known as Demisto.

The technology is designed to empower cybersecurity investigations with network-wide packet history investigation, the companies state.

Cortex XSOAR is reportedly the industry’s first extended security, orchestration, automation and response platform with native threat intel management. It aims to provide security teams with instant capabilities against threats across their entire enterprise.

The integration leverages Endace’s rapid-search and data-mining APIs to integrate network history into Cortex XSOAR. Using Cortex XSOAR’s automation capabilities, the full packet history relating to specific security incidents is automatically retrieved from one or more EndaceProbes and provided back to analysts as definitive forensic evidence.

Analysts can leverage Cortex XSOARs integration with Endace’s InvestigationManager and EndaceVision for detailed packet level investigations across global EndaceProbe estates.

This enables users to go from an investigation in Cortex XSOAR directly to the global packet history related to that incident, and as such extend their investigation into associated network activity such as lateral movement, data exfiltration or command-and-control (C2) traffic.

Palo Alto Networks vice president of product strategy for Cortex XSOAR, Rishi Bhargava, says, “Endace’s scalable, network-wide full packet capture is a powerful addition to the Cortex XSOAR ecosystem.

“It provides customers with rapid access to rich forensic evidence for investigating security incidents and the ability to include packet history into Cortex XSOAR use cases and playbooks to put definitive evidence at analysts fingertips.”

Endace VP product management Cary Wright says, “Security teams are desperate to combat alert fatigue, streamline workflows and accelerate investigations to provide certainty when responding to network threats.

“The combination of Cortex XSOAR’s powerful orchestration and automation capabilities with the rich network history recorded by the EndaceProbe Analytics Platform gives security operations access to the conclusive forensic evidence they need to respond quickly and accurately to threats.”

Cortex XSOAR is an extended security orchestration, automation and response platform that unifies case management, automation, real-time collaboration and threat intel management for the incident lifecycle.

Teams can manage alerts across all sources, standardise processes with playbooks, take action on threat intel and automate response for any security use case. This is quicker than manual reviews, the company states.

The EndaceProbe Analytics Platform combines network-wide packet capture with the ability to host and integrate with a range of commercial and open source network security and performance solutions.

This helps to deliver evidence for troubleshooting network and application performance issues and responding to cyberthreats.

Story image
Commvault launches Metallic in A/NZ region for first global expansion
The Australia and New Zealand region continues to be a priority market for Commvault, as cloud adoption across the region leads global averages, the company states.More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
75% of IT execs 'worried' about being targeted in cyber-attack
A new report from ConnectWise has shed light on the widespread concern about cyber-attacks, with 91% of SMB executives considering a move to an MSP if it provided the 'right' solution.More
Link image
How reckless email behaviour can almost sink a company
Cyber attackers become smarter and more efficient every day. Protect yourself from the perfect storm with this new invaluable resource.More
Story image
Video: 10 Minute IT Jams - Who is CrowdStrike?
Today, Techday speaks to CrowdStrike ANZ channel director Luke Francis about the company's key products and offerings, its upcoming annual security conference, and the infrastructure it leverages in the A/NZ region.More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More