Applied Watch

OPEN SOURCE SECURITY: FAST AND SIMPLE

Endace Applied Watch  NinjaBox-Z and Appied Watch  NinjaBox-Z Snort Acceleration Visit the Snort Acceleration Site   New for AWCC Release 4.2! Flexible rule prioritization  Custom rule queries Automated policy updates Export events to other SIMs Saved event searches Pause control button Remote agent upgrades Enhanced reporting system IP tools for attack research

Building on Endace’s rich history as a leader in packet capturing components, the NinjaBox-Z has been specifically architected to accelerate Snort® intrusion detection system (IDS) deployments on high-speed segments by up to 16X. Employing commercial off-the-shelf computing hardware, the NinjaBox-Z leverages an exclusive combination of Endace innovations to help ensure that your biggest network vulnerability is not your IDS server.

Applied Watch is a trusted name in government, enterprise and service provider open source security management solutions. The Endace Applied Watch Command Center product portfolio simplifies the operations, administration, management and provisioning of not only Snort IDS, but also Labrea Tarpit, ClamAV and Nessus. Combined with the NinjaBox-Z, Endace delivers both a powerful Snort IDS sensor solution, and a unique application and services platform for all your open source security needs.

Endace Applied Watch products include a sensor Agent, centralized Server and client Dashboard. The Applied Watch Agent simplifies the command and control of Snort through a user-friendly wizard that, first and foremost, dramatically streamlines the deployment process. Snort installations which previously took many hours - even days – to complete can now be performed using a straightforward two-step process that enables the user to have an IDS sensor active in only minutes.

As the central nerve center of small, medium or large open source security deployments, the Applied Watch Server provides a central repository for event aggregation and data warehousing. The Commend Center Server is essentially a common database to which all alerts are sent from remote agents and a hub from where remote management of security sensors is performed.

  

The Applied Watch Dashboard provides a graphical user interface (GUI) to the entire command center infrastructure. Users are able to manage,monitor and respond to threats detected by remote Snort IDS sensors, under the control of the Agent element.

  

Through an intuitive user interface that provides an enterprise facelift to many open source security applications, organizations no longer need employ cumbersome command line interfaces (CLIs) or multiple scripts when managing their Snort sensors.

  

By interfacing with the Command Center Server, the Dashboard offers real-time monitoring of alerts from thousands of distributed Snort sensors. This allows users, with the aid of an integrated helpdesk ticketing system for incident investigations and threat mitigation, to take decisive action on threats to the network. The Dashboard presents real-time alert tables based on threat priority and can filter out events of interest. Auser can also select an aggregated alert view of every event related to an individual Snort Signature ID (SID). An incident resulting in a signature match may be dissected further by reviewing the entire packet dump from layer 1 to 7 in both HEX and ASCII.

  

Furthermore, the user interface provides policy management functionality for designing, managing, and simultaneously updating the rulesets of multiple Snort sensors - all at the click of a button. Finally, a heartbeat monitor is provided, presenting a visual indication of which Agents and Snort processes are operational, in-service and functioning correctly.

Endace delivers the complete solution for quickly and easily deploying high-performance distributed Snort IDS sensors on high-speed, congested and vulnerable network segments.