Cisco Firepower and Stealthwatch
Cisco Firepower
Cisco offers cybersecurity solutions, including Cisco Firepower (formerly Sourcefire) Intrusion Detection System (IDS). In combination, Cisco Firepower and EndaceProbe Analytics Platform provide a powerful security threat detection and investigation solution.
Cisco Firepower can be integrated with the Network History recorded by EndaceProbes to allow security analysts to click on a security alert and go straight to the related packet-level detail in EndaceVision™. EndaceVision lets them analyze the traffic using a range of data visualization tools and view the packet details in EndacePackets, the built-in, wireshark-based packet decode tool.
Endace Fusion Connector
Cisco's Firepower™ Management Center console is the administrative nerve center for Cisco Next Gen IPS and Next Gen Firewall and Malware network security solutions. It correlates attacks with real-time network and user intelligence, and centrally manages network security and operational functions, including event monitoring, incident prioritization, forensic analysis and reporting.
The Endace Fusion Connector for Cisco Firepower™ enables seamless, click-through workflow between security event alerts in the Cisco Firepower Management Center console, and recorded packet data on the EndaceProbe™ Analytics Platform for that event.
This integration enables rapid response and remediation and drastically cuts down the time and resources required to search for, and access, packet data for security breaches. This time-reduction increases the effectiveness of SecOps teams and reduces the costs of investigating security events.
Benefits of Endace Fusion Connector for Cisco Firepower
- Detailed, packet-level data for effective and conclusive investigation
- Lower operational expenditures (OPEX) and improved time-to resolution for network security incidents through more efficient security investigation workflows
- Single-click access to EndaceVision for powerful visualisation of network traffic and built-in packet decode with EndacePackets
- Complements Cisco’s best-of-breed Firepower Next Generation Intrusion Detection System
- Complete forensics visibility of impacted data in the case of breaches.
Implementation Details
The Pivot-to-Vision and Pivot-to-Packets integration with Cisco Firepower allows analysts to pivot from an alert in the Firepower console directly to the relevant packets.
It is implemented using the Fusion Connector for Cisco Firepower, which can be downloaded from the Endace Support Portal. If you don't have a Support Portal account, you can request a Support Portal account here.
Cisco Stealthwatch
Cisco Stealthwatch is a comprehensive, network telemetry-based security monitoring and analytics solution that streamlines incident response through behavioral analysis; detecting denial of service attacks, anomalous behaviour, malicious activity and insider threats.
If you use Cisco Stealthwatch, the EndaceProbe's built-in integration lets analysts jump directly from Stealthwatch alerts to examine the underlying packet-level evidence recorded by the EndaceProbes on your network.
How about a Demo?
Find out how to integrate Network History with Cisco Firepower for fast, accurate, investigation of security and network alerts.