Threat detection solution vendor Idappcom has become an Endace Fusion technology partner. As part of that deal, Idappcom has developed a Snort-based threat management solution for the EndaceProbe Network Analytics Platform.
According to Simon Wesseldine, CSO, Idappcom: “the need to detect, record and rapidly triage security threats in all the far reaches of the network has become critical given the increasing frequency of breaches and new strict reporting requirements. This joint solution solves that need with a very open and scalable architecture. We are very excited to make our security solution available to all EndaceProbe customers.”
What does the Snort solution do?
Snort does real-time traffic analysis and packet logging on network traffic. It does protocol analysis, content searching and matching. This means that network and security teams can develop rules that can trigger alerts or actions based on what Snort detects.
The solution gives customers using an EndaceProbe access to the Idappcom-managed Intrusion Detection System (IDS). This allows users to use either rules either from Idappcom or any third party supplier via Idappcom’s DRM.
All alerts can be viewed in the DRM log. Clicking on an alert allows a security analyst to use several of the Endace tools to do more detailed investigation. This could be as simple as checking where the packets came from or monitoring everything they do on the network.
EndaceProbe users are able to use that products new Playback feature. This allows security analysts to trace the historical details of an attack. They can then use that data to devise new rules to prevent future attacks.
What does this mean?
The explosion of security companies is not slowing down. However, many of the small to mid-sized companies are beginning to integrate their products with each other. This speeds up the delivery of new features without the heavy cost of development or acquisition. Importantly for customers they get properly integrated technology without having to do that work themselves. It also means that security analysts can stay with interfaces that they know and trust.