Key Capabilities / Features

EndaceProbe is the industry’s only open packet capture platform, offering highly-scalable, always-on packet capture and recording, across on-premises, private and public cloud environments with zero packet loss. With industry-leading speed, density, and storage capacity, EndaceProbes can record weeks or months of network traffic; allowing teams to go further back in time to accurately and decisively reconstruct, investigate and resolve threats, breaches, or performance issues.

Customers can deploy third-party security solutions (such as SOAR, IDS or AI-based tools), OT, or performance monitoring tools directly to where packet data is recorded, where they can analyze real-time traffic or replay recorded traffic for historical analysis. Endace partners with leading vendors such as Cisco, Palo Alto Networks, Fortinet, IBM, Darktrace and many others (see https://www.endace.com/fusion-partners) to integrate packet capture into their products. This integration allows analysts to go from alerts in their monitoring tools to related packet data with a single click.

Endace’s search and data mining component (InvestigationManager) provides fast, easy access to packet data across the entire network from a single pane of glass. EndaceCMS enables easy configuration and maintenance of the entire EndaceProbe estate from a central management console. EndaceVision is a browser-based traffic analysis tool within InvestigationManager. It gives teams a top-level view of the health of the network and provides a wide range of visualizations (including accurate microburst detection, traffic over time, and top talkers) for powerful analysis of network traffic and activity.

Detecting, investigating, and responding to threats is vital when time is of the essence and public safety is at risk. Endace’s modular architecture and decentralized data storage lets customers seamlessly expand throughput and/or storage capability of their monitoring infrastructure easily as their needs evolve, simply by adding additional EndaceProbes wherever they need them: on-prem networks (IT and OT) or in public or private cloud environments.

How we are different

• In December 2024, the US Defense Information Systems Agency (DISA) certified EndaceProbes on its Department of Defense Information Network Approved Products Lists (DoDIN APL). The certification means that EndaceProbes are certified as complying with the DoD’s stringent security testing and can be freely adopted and deployed at US federal agencies and defense departments with no further testing required. EndaceProbes are the only packet capture solution to pass this.

• Many OT devices were not designed with network security in mind, and are incapable of providing log data when, or after, an incident occurs. Deep, packet-level visibility may be the only way to determine if an event involving an OT device was malicious. The EndaceProbe enables always-on, zero loss packet capture across large, complex environments with the ability to store weeks or months of recorded network traffic. This gives customers an extensive “look-back” for conclusive forensic investigation and response to security threats and attacks. No other solution provides the same unlimited scalability and deep packet-level visibility across all hybrid cloud infrastructure. EndaceProbe Cloud works seamlessly with on-prem EndaceProbe appliances for single-pane-of-glass visibility and management. Teams can apply their tried-and-true workflows and investigation processes to all systems and assets on their network, regardless of architecture.

• EndaceProbe is the industry’s only open platform, having the ability to integrate and host third-party security and performance monitoring tools. This ensures all tools have access to a common, accurate source of network data for analysis and enables hardware consolidation and rapid tool deployment. The ability to integrate a common packet capture technology across tools from multiple vendors – including OT security vendors - as well as with custom or open-source solutions, gives teams complete visibility into activity on both OT and IT networks down to the packet level.