Endace Integrates with Palo Alto Networks Cortex XSOAR to Deliver Forensics for Accelerated Response to Cyberthreats

Integration combines EndaceProbe Analytics Platform with Cortex XSOAR to simplify and accelerate cybersecurity investigations with definitive, network-wide packet history

AUSTIN, Texas & AUCKLAND NEW ZEALAND–(BUSINESS WIRE)–Endace, a world leader in high-speed network recording, playback and analytics hosting, today announced that the EndaceProbe Analytics Platform is now integrated with Palo Alto Networks Cortex XSOAR (previously Demisto), the industry’s first extended security, orchestration, automation and response platform with native threat intel management that empowers security leaders with instant capabilities against threats across their entire enterprise. Through this integration, Endace and Cortex XSOAR provide customers with network packet capture from within Cortex XSOAR playbooks to enable accelerated, evidence-led, forensic investigation of cyberthreats.

The integration leverages Endace’s rapid-search and data-mining APIs to integrate network history into Cortex XSOAR. Using Cortex XSOAR’s powerful automation capabilities, the full packet history relating to specific security incidents is automatically retrieved from one or more EndaceProbes and provided back to analysts as definitive forensic evidence.

Analysts can leverage Cortex XSOAR’s integration with Endace’s InvestigationManager™ and EndaceVision™ for detailed packet level investigations across global EndaceProbe estates. This lets them pivot from an investigation in Cortex XSOAR directly to the global packet history related to that incident to extend their investigation and drill down to investigate associated network activity such as lateral movement, data exfiltration or command-and-control (C2) traffic.

“Endace’s scalable, network-wide full packet capture is a powerful addition to the Cortex XSOAR ecosystem,” said Rishi Bhargava, vice president of product strategy, Cortex XSOAR at Palo Alto Networks. “It provides customers with rapid access to rich forensic evidence for investigating security incidents and the ability to include packet history into Cortex XSOAR use cases and playbooks to put definitive evidence at analysts’ fingertips.”

“Security teams are desperate to combat alert fatigue, streamline workflows and accelerate investigations to provide certainty when responding to network threats,” says Cary Wright, VP of Product Management at Endace. “The combination of Cortex XSOAR’s powerful orchestration and automation capabilities with the rich network history recorded by the EndaceProbe Analytics Platform gives security operations access to the conclusive forensic evidence they need to respond quickly and accurately to threats.”

Cortex XSOAR is an extended security orchestration, automation and response platform that unifies case management, automation, real-time collaboration and threat intel management to transform every stage of the incident lifecycle. Teams can manage alerts across all sources, standardize processes with playbooks, take action on threat intel and automate response for any security use case – resulting in significantly faster responses that require less manual review.

The EndaceProbe Analytics Platform combines 100% accurate, network-wide packet capture with the ability to host and integrate with a wide range of commercial and open source network security and performance solutions to deliver definitive evidence for troubleshooting network and application performance issues and responding to cyberthreats.

About Endace

Endace specializes in high-speed, scalable packet capture for cybersecurity, network and application performance.

The open, EndaceProbe Analytics Platform lets customers record a 100% accurate history of activity on their network and integrates with a range of security tools for fast, accurate incident investigation and resolution. Endace’s Fusion Partners – including Cisco, Darktrace, IBM, Micro Focus, Palo Alto Networks, Plixer, Splunk and others – offer pre-built integration with the EndaceProbe platform to accelerate and streamline incident investigation and resolution.

EndaceProbes can also host network security and performance monitoring tools that need to analyze real-time or historical traffic. This hosting capability enables agile deployment and reduces cost by consolidating analytics solutions on a common hardware platform.

Endace’s global customers include banks, healthcare, telcos, broadcasters, retailers, web giants, governments and military. Follow Endace on Twitter and LinkedIn. For more information see www.endace.com.

Contacts

USA: Kelly Dorsey

mobile +1-818-436 9646

EMEA: Leah Jones (CommsCo)

+44 203 697 6680

Asia Pacific: Mark Evans

mobile +64-21-494 850