Properly implemented, Intrusion Detection Systems (IDS) can be invaluable in helping to identify attacks that make it past initial defenses - such as Firewalls, anti-Virus and anti-Malware solutions.
Intrusion Detection Systems use detection rules to examine network traffic to look for patterns that indicate a known threat. They are often used in "passive" mode inside the network perimeter to detect suspicious traffic - as opposed to firewalls that are deployed in "active" mode to block traffic that is suspicious from entering the network or entering specific segments of the network.
One of the issues with Intrusion Detection Systems is that they tend to throw up lots of alerts, only some of which represent real threats.
Distinguishing between real threats, and so-called "False Positives" can often be challenging and time-consuming for security teams already struggling under a deluge of alerts.
With Network History integrated into your IDS, analysts can go from an alert to the recorded packets in a single click, dramatically speeding the investigation of incidents and more importantly, enabling definitive conclusions.
Integrating Network History with Intrusion Detection Systems (IDS)
Network History provides a definitive packet-level view of network activity. Connecting IDS tools to Network History allows analysts to access the actual packets relating to an alert and quickly determine whether the threat is real, or the alert is a false positive.
This speeds investigation times, enabling analysts to triage events more quickly and identify the threats that require further investigation. It is also invaluable in identifying what has caused false positives, allowing analysts to tune detection rules to make their IDS tool more accurate.
The Fusion Partner Program brings together solutions from leading security and performance analytics vendors who leverage the EndaceProbe's Application Dock hosting and workflow API to integrate Network History into their applications.
Yes I'd Like a Demo
How about a Demo?
Integrating Network History into your security and performance monitoring tools gives you definitive evidence at your fingertips.
Find out just how fast and accurate your investigations could be.