Packet capture authority Endace announced an integration between EndaceProbe and Microsoft Sentinel, a next-generation cloud security, information, and event management (SIEM) solution. The integration provides NetOps and SecOps teams with one-click access to definitive, full packet evidence from within Microsoft Sentinel to streamline investigations. Access to Endace’s Always-On packet capture enables accurate event reconstruction and helps security teams to investigate and respond to threats more quickly, with absolute confidence.
Benefits of the integration include:
- Streamlined investigation workflows, alerts, and playbooks from Microsoft Sentinel, with one-click, drill-down access to definitive, full packet evidence captured by EndaceProbe.
- Continuously capture weeks or months of full packet data, across Hybrid, On-Prem, and Multi-Cloud environments.
- Single central console for searching and analyzing recorded packet data across global scale networks, integrated with Microsoft Sentinel.
- Deep visibility that shows exactly what happened before, during, and after every event.
- Zero-Day Threat (ZDT) risk validation using playback of recorded network traffic
- Combining EndaceProbe’s centralized search with Microsoft Sentinel’s AI-powered SIEM enables faster, more efficient incident investigation and resolution.
- Military-grade Security: EndaceProbe appliances are FIPS 140-3 compliant and are listed on the DoDIIN APL.
Also Read: Seemplicity Boosts AI Exposure Management Tools
“Deep visibility into network activity is essential when responding to serious cybersecurity events, service outages, or performance issues. One-click access to EndaceProbe’s recorded packet data directly from Microsoft Sentinel shows incident responders exactly what happened before, during, and after any serious event,” said Cary Wright, VP Product at Endace.
“Microsoft Sentinel’s built in machine learning reduces noise and uncovers sophisticated threats while EndaceProbes provide a complete, packet-level record of network history. Integrating these two solutions gives SecOps teams easy access to definitive evidence required to triage the most serious threats on the network.”
SOURCE: Businesswire
