sb-eu logo
Story image

Endace and Palo Alto Networks launch integration to empower security teams

Endace has integrated with Palo Alto Networks in order to advance the forensic investigation of cyber threats to achieve more robust security.

The integration combines EndaceProbe Analytics Platform with Cortex XSOAR, Cortex XSOAR, previously known as Demisto.

The technology is designed to empower cybersecurity investigations with network-wide packet history investigation, the companies state.

Cortex XSOAR is reportedly the industry’s first extended security, orchestration, automation and response platform with native threat intel management. It aims to provide security teams with instant capabilities against threats across their entire enterprise.

The integration leverages Endace’s rapid-search and data-mining APIs to integrate network history into Cortex XSOAR. Using Cortex XSOAR’s automation capabilities, the full packet history relating to specific security incidents is automatically retrieved from one or more EndaceProbes and provided back to analysts as definitive forensic evidence.

Analysts can leverage Cortex XSOARs integration with Endace’s InvestigationManager and EndaceVision for detailed packet level investigations across global EndaceProbe estates.

This enables users to go from an investigation in Cortex XSOAR directly to the global packet history related to that incident, and as such extend their investigation into associated network activity such as lateral movement, data exfiltration or command-and-control (C2) traffic.

Palo Alto Networks vice president of product strategy for Cortex XSOAR, Rishi Bhargava, says, “Endace’s scalable, network-wide full packet capture is a powerful addition to the Cortex XSOAR ecosystem.

“It provides customers with rapid access to rich forensic evidence for investigating security incidents and the ability to include packet history into Cortex XSOAR use cases and playbooks to put definitive evidence at analysts fingertips.”

Endace VP product management Cary Wright says, “Security teams are desperate to combat alert fatigue, streamline workflows and accelerate investigations to provide certainty when responding to network threats.

“The combination of Cortex XSOAR’s powerful orchestration and automation capabilities with the rich network history recorded by the EndaceProbe Analytics Platform gives security operations access to the conclusive forensic evidence they need to respond quickly and accurately to threats.”

Cortex XSOAR is an extended security orchestration, automation and response platform that unifies case management, automation, real-time collaboration and threat intel management for the incident lifecycle.

Teams can manage alerts across all sources, standardise processes with playbooks, take action on threat intel and automate response for any security use case. This is quicker than manual reviews, the company states.

The EndaceProbe Analytics Platform combines network-wide packet capture with the ability to host and integrate with a range of commercial and open source network security and performance solutions.

This helps to deliver evidence for troubleshooting network and application performance issues and responding to cyberthreats.

Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
Proofpoint enhances security awareness training platform
Available in Q4 2020, the platform will integrate more closely with Proofpoint’s best-in-class threat intelligence.More
Story image
Average cost of insider attack $2 million - Bitglass
A report has found 61% of companies had an insider attack in past year.More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More