Idappcom joins Endace Fusion technology partner programme and releases open threat detection platform
January 2018 by Marc Jacob
Endace and Idappcom announced that Idappcom has signed the Endace Fusion™ technology partner agreement. Under the agreement, Idappcom has developed a SNORT™ based, scalable threat-management solution that is hosted on, and integrated with, the EndaceProbe™ Network Analytics Platform.
The integrated solution allows organisations to deploy the Idappcom-managed Intrusion Detection System (IDS) anywhere an EndaceProbe is deployed, and manage rules and policies using Idappcom’s Distributed Rules Manager (DRM). DRM can import rules from Idappcom’s extensive library or any other third-party rule providers, making it a truly multi-source, multi-user, multi-sensor security platform.
When a security threat is detected by a managed SNORT instance, the alert can be viewed centrally in the DRM log. A tightly integrated workflow lets security analysts click the alert to view the related packet history in EndaceVision™ and EndacePackets™, the EndaceProbe’s built-in investigation tools, giving them access to definitive evidence of what’s taken place.
Idappcom’s DRM manages the latest version of SNORT IDS specially packaged to run in the EndaceProbe’s high performance Application Dock™ hosting environment. Any EndaceProbe in the network can host Idappcom-managed SNORT instances to detect security threats in real time while simultaneously recording 100% of network traffic to disk.
The EndaceProbe’s Playback feature allows new, unique historical analytics capability. For example, analysts can scan for zero day attacks when a new rule is released by playing back recorded network history to a hosted instance of an IDS, such as SNORT, with the new rule enabled. They can quickly determine if any zero day attacks were executed against their organisation prior to the new rule being available.