Story image

Endace onboards network security firm Idappcom as new tech partner

17 Jan 18

New Zealand-born network analytics provider Endace and global network security services provider Idappcom have partnered to fuse threat management capabilities across the Endace platform.

Endace and Idappcom have both signed the Endace Fusion technology partner agreement. As part of the agreement, Idappcom has developed a SNORT-based, scalable threat management solution that is both hosted and integrated with EndaceProbe Network Analytics Platform.

According to Endace’s VP of product management Cary Wright, the company is pleased to have Idappcom on board.

“Fusion Partners are a select group of best-of-breed vendors that have integrated their solutions with the EndaceProbe platform. Its long history in threat analysis, signature creation and rules production makes Idappcom a very insightful security partner. Idappcom’s Distributed Rules Management software provides simple, scalable management of SNORT instances hosted on estates of hundreds of EndaceProbes,” Wright says.

Organisations will be able to deploy Idappcom’s managed Intrusion Detection System in any location an EndaceProbe is deployed. They will also be able to manage rules and policies through Idappcom’s Distributed Rules Manager (DRM). The DRM can import rules from Idappcom’s library and any third-party rule providers.

Idappcom CSO Simon Wessledine notes, “The need to detect, record and rapidly triage security threats in all the far reaches of the network has become critical given the increasing frequency of breaches and new strict reporting requirements. This joint solution solves that need with a very open and scalable architecture. We are very excited to make our security solution available to all EndaceProbe customers.”

The company says the technology aims to be a multi-source, multi-user and multi-sensor security platform.

“When a security threat is detected by a managed SNORT instance, the alert can be viewed centrally in the DRM log. A tightly integrated workflow lets security analysts click the alert to view the related packet history in EndaceVision and EndacePackets, the EndaceProbe’s built-in investigation tools, giving them access to definitive evidence of what’s taken place,” the company says.

It also says Idappcom’s DRM is able to manage the latest version of SNORT IDS specially packaged to run in the EndaceProbe’s high performance Application Dock hosting environment. Any EndaceProbe in the network can host Idappcom-managed SNORT instances to detect security threats in real time while simultaneously recording 100% of network traffic to disk.

“The EndaceProbe’s Playback feature allows new, unique historical analytics capability. For example, analysts can scan for zero day attacks when a new rule is released by playing back recorded network history to a hosted instance of an IDS, such as SNORT, with the new rule enabled. They can quickly determine if any zero day attacks were executed against their organisation prior to the new rule being available.”

Endace started as a university research project in New Zealand and has grown to become a global company that services large clients. Technology partners include Arista Networks, Finisair, Huntsman Security and Trimble.

Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Spark Lab launches free cybersecurity tool for SMBs
Spark Lab has launched a new tool that it hopes will help New Zealand’s small businesses understand their cybersecurity risks.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t.