Original Entry by : Tim Nichols
We’re happy to announce a strategic partnership with netForensics, a world leader in high-performance, security information and event management solutions (SIEM). Endace and netForensics have partnered to offer the first fully integrated Threat Detection and Event Correlation solution, based on guaranteed 100 percent packet capture and analysis.
This partnership means that with immediate effect, the accuracy of threat information flowing into netForensics’ nFX SIM One solution will be improved thanks to interoperability with Endace’s range of high speed cyber security monitoring probes. In addition, Endace Probes will provide netForensics’ customers with the ability to go back in time and access packet data related to specific security alerts direct from the nFX SIM One dashboard – improving Mean Time to Resolution, a key issue for Security Operation Center (SOC) teams.
For more details on the partnership, head here.
Posted in Cyber Security Monitoring | No Comments » Read More
Original Entry by : Tim Nichols
The Open Information Security Foundation (OISF) hit a milestone today with the announcement the introduction of Suricata 1.0, the stable release version of its Open Source engine for Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) that will secure networks against next-generation network security threats. Available immediately for download under the Open Source GPL (GNU General Public License) version 2, Suricata includes innovative new features that will enable it to identify and prevent more of the pressing security concerns faced by organisations today.
Head over to the OISF site to grab your copy.
Posted in Cyber Security Monitoring | No Comments » Read More
Original Entry by : Tim Nichols
Cloud computing has led to questions about the future of various security tools, including IDS. Endace CTO Stu Wilson and CSO’s Bill Brenner discuss where IDS fits in with cloud computing in this podcast over at CSO.
Posted in Uncategorized | No Comments » Read More
Original Entry by : Tim Nichols
An extraordinary article caught our attention from the Chicago Tribune written by By Bill Lambrecht on June 28th that exposes the scale of the war that American defense contractors are fighting against Cyber Terrorism.
The article intimates that Boeing’s IDS logged 3,722 suspicious efforts to gain access to their systems in just one hour – which by anyone’s standards is a massive number of attacks for any organisation to deal with on a sustained basis.
The article highlights a number of important points about the attacks that are worth noting.
Tags: Cyber Security
Posted in Cyber Security Monitoring | No Comments » Read More
Original Entry by : Tim Nichols
Bill Brenner, Senior Editor at CSO talks to Endace’s Tim Nichols about the challenges of IDS and packet inspection in the Web 2.0 universe in this Podcast.
Tags: 100% packet capture
Posted in Uncategorized | No Comments » Read More
Original Entry by : Tim Nichols
SearchSecurity.com has profiled Endace on its Security Bytes blog. There are some good points there about the evolution of Intrusion Detection Systems, Intrusion Prevention, and the limitations of both, and how Endace is taking Intrusion Detection to the next level with its 100% packet capture technology and support for Suricata.
Tags: 100% packet capture, IPS
Posted in Uncategorized | No Comments » Read More
Original Entry by : Tim Nichols
NSS Labs conducted a test of multiple IPS solutions from 7 well-known vendors in Q4, 2009. Their full report is available for purchase here (if you are interested in a copy of the full report, let us know as we’ve still got a limited number to give away and we’ve also negotiated a special deal for “friends of Endace”).
The NSS testing revealed issues with IPS performance that tally with our experience in the field, and which we felt are important for people to know about. So, with agreement from NSS, we’ve just released a graph (anonymised) from the NSS IPS testing. This showed that, even with tuned rule-sets, the average block-rate performance of the IPS solutions tested was just 57%.
Tags: IPS, Performance Benchmarking
Posted in General | No Comments » Read More
Original Entry by : Tim Nichols
We’re happy to announce that the Endace Probe 3.7.1 Release is now available for existing customers from the Endace support site and will be available on newly factory shipped systems from May 17.
This release is primarily a bug fix release with further improvements to Endace Analytics via the latest 2.2 version of CACE Pilot. This release also provides support for the legacy 200/2000 and 500/5000 Probe platforms, as well as full support for the new 3000 and 7000 Probe platforms. It also includes Endace Security Manager update 5.2.0.0, and support for 1GbE/10GbE mixed SKU’s on the 7000 series.
Posted in General | No Comments » Read More
Original Entry by : Tim Nichols
We’re delighted to announce that we’ve just sold our 10,000th DAG card and our 1000th Probe. We’ve been selling our Cards and Probes to Government Agencies, Telecos and Large Enterprises all over the world since 2001 and, just like the networks we monitor, the business just keeps going faster.
Mike Riley, our Chief Executive, puts the rapid rate of adoption down to “the market’s growing realisation that 100% guaranteed packet capture is the foundation layer on which the best monitoring, surveillance, security and latency measurement systems are built, and that without a completely accurate baseline organisations are realising that they are just guessing”
Tags: 100% packet capture, DAG card, Probe
Posted in General | No Comments » Read More
Original Entry by : Tim Nichols
Rob O’Neil published a great article last week in Computerworld entitled ‘Anatomy of a Conficker Outbreak: Waikato District Health Board”
The Conficker outbreak actually happened right at the end of last year and we tweeted it at the time, but its only now that full facts behind the outbreak are public.
The story is a another classic case of an organisation only being as secure as the least secure point in the network. The report cited faulty software, aging systems, complexity and a lack of full network control as contributing factors. The outbreak caused some areas of the DHB to be shut down for two days. And the system responsible for the outbreak (the parking system) is still quarantined from the main network.
Tags: Conficker
Posted in General | No Comments » Read More