Endace has integrated with Palo Alto Networks in order to advance the forensic investigation of cyber threats to achieve more robust security.
The integration combines EndaceProbe Analytics Platform with Cortex XSOAR, Cortex XSOAR, previously known as Demisto.
The technology is designed to empower cybersecurity investigations with network-wide packet history investigation, the companies state.
Cortex XSOAR is reportedly the industry's first extended security, orchestration, automation and response platform with native threat intel management. It aims to provide security teams with instant capabilities against threats across their entire enterprise.
The integration leverages Endace's rapid-search and data-mining APIs to integrate network history into Cortex XSOAR. Using Cortex XSOAR's automation capabilities, the full packet history relating to specific security incidents is automatically retrieved from one or more EndaceProbes and provided back to analysts as definitive forensic evidence.
Analysts can leverage Cortex XSOARs integration with Endace's InvestigationManager and EndaceVision for detailed packet level investigations across global EndaceProbe estates.
This enables users to go from an investigation in Cortex XSOAR directly to the global packet history related to that incident, and as such extend their investigation into associated network activity such as lateral movement, data exfiltration or command-and-control (C2) traffic.
Palo Alto Networks vice president of product strategy for Cortex XSOAR, Rishi Bhargava, says, “Endace's scalable, network-wide full packet capture is a powerful addition to the Cortex XSOAR ecosystem.
“It provides customers with rapid access to rich forensic evidence for investigating security incidents and the ability to include packet history into Cortex XSOAR use cases and playbooks to put definitive evidence at analysts fingertips.
Endace VP product management Cary Wright says, “Security teams are desperate to combat alert fatigue, streamline workflows and accelerate investigations to provide certainty when responding to network threats.
“The combination of Cortex XSOAR's powerful orchestration and automation capabilities with the rich network history recorded by the EndaceProbe Analytics Platform gives security operations access to the conclusive forensic evidence they need to respond quickly and accurately to threats.
Cortex XSOAR is an extended security orchestration, automation and response platform that unifies case management, automation, real-time collaboration and threat intel management for the incident lifecycle.
Teams can manage alerts across all sources, standardise processes with playbooks, take action on threat intel and automate response for any security use case. This is quicker than manual reviews, the company states.
The EndaceProbe Analytics Platform combines network-wide packet capture with the ability to host and integrate with a range of commercial and open source network security and performance solutions.
This helps to deliver evidence for troubleshooting network and application performance issues and responding to cyberthreats.