Endace and EndaceProbe: Protecting and Defending Government Networks with Always-on Packet Capture and Unified Visibility
Photo Gallery
 |
Endace and EndaceProbe: Protecting and Defending Government Networks with Always-on Packet Capture and Unified Visibility
Additional Info
| Company | Endace |
| Website | https://www.endace.com |
| Company size (employees) | 100 to 499 |
| Headquarters Region | North America |
Overview
Endace has been the industry leader in scalable, always-on, 100% accurate packet capture technology for more than 20 years. The company’s customers include many federal government departments, civilian agencies, as well as many defense organizations in the NATO alliance. EndaceProbes help these customers to defend critical infrastructure, protect confidential information, and ensure essential services are reliable and accessible to the people who need them.
Endace’s US Federal customers include the United States Defense Information Systems Agency (DISA), U.S. Marine Corps, US Federal Aviation Administration and the majority of the U.S. Department of Energy’s labs. EndaceProbes help these customers defend the public, neutralize threats, and ensure critical infrastructure and services are protected from cyber criminals and nation-state cyber threats.
Access to an accurate record of all network activity is essential in enabling SecOps and NetOps teams to quickly identify, investigate and respond to security threats. Only full packet data provides conclusive evidence of what happens on the network.
EndaceProbe appliances (for on-prem infrastructure) set industry benchmarks, able to natively record traffic at a sustained rate up to 100 Gbps. EndaceProbes can be grouped and stacked to scale to petabytes of distributed storage sufficient for weeks or months of storage and supporting speeds of 200 Gbps and beyond. EndaceProbe Cloud brings the same scalability, visibility and always-on packet capture to public cloud infrastructure that EndaceProbes provide in on-prem environments, and operates seamlessly alongside EndaceProbe appliances to deliver unified, packet-level visibility across all parts of an enterprise’s hybrid cloud network.
The ability to cost effectively record weeks or months of full packet history enables government departments and agencies to comply with White House Executive Order 14028, which requires a minimum of 72 hours of full packet capture to be available on request by either the FBI or Cybersecurity Infrastructure Security Agency (CISA).
Key Capabilities / Features
EndaceProbe and EndaceProbe Cloud offer powerful integration capabilities, enabling fast, centralized search and datamining to be integrated directly into a wide range of leading security and performance tools, putting accurate forensic evidence at analysts’ fingertips. The ability to quickly find and analyze the crucial packet evidence related to specific incidents speeds investigations and enables government SecOps and NetOps teams to respond to issues quickly without guesswork. Recorded packet data can also be replayed to analytics tools, delivering powerful back-in-time “re-investigation” and enabling accurate reconstruction of historical network activity to identify the root cause of issues.
One Endace customer, DISA, depends upon EndaceProbes’ continuous packet capture to defend critical networks and infrastructure while supporting hundreds of analysts working to neutralize threats, around the clock and across the globe. Endace enables DISA analysts to work with team members worldwide to quickly investigate and resolve security incidents. Analysts can access full packet data from within their existing security and network tools, enabling seamless workflow integrations.
According to Matthew Matzer, Program Manager – Enterprise Sensing, Cyber Security and Analytics Directorate for U.S. Defense Information Systems Agency (DISA): “DISA PEO Cyber selected Endace as our always-on global packet capture solution to support the DISA global security team. Our mission is to protect the US DoD network against a continuous barrage of the most serious cyber threats, continuously recording network traffic for in-depth incident response is essential for cyber defense. Deploying Endace has been a significant upgrade to our cyber infrastructure, and our security analysts are now able to centrally search weeks of recorded traffic to quickly understand and remediate threats. The Endace team is extremely professional, partnering closely with us to deliver a complete solution to our complex needs, ahead of schedule and within budget.”
How we are different
• Endace helps teams gain deeper visibility into their networks, and enables federal agencies to comply with White House Executive Order 14-028 that requires at least 72 hours of full network history to be recorded. EndaceProbes provide a common platform, enabling integration of full packet history into security tools (such as IDS/IPS, NGFWs, SIEM and SOAR tools and AI threat detection) so customers can streamline and standardize investigation workflows. Analysts can follow a common investigative process from any of their security tools, making it easy to access relevant packet evidence. With the Government’s focus on ensuring federal agencies implement best practice Zero Trust architecture, always-on packet capture provides an indispensable resource for agencies to help them ensure their Zero Trust infrastructure is correctly configured to protect critical assets and infrastructure and prevent unauthorized access.
• As governments migrate critical data to the cloud, the need for unified visibility into hybrid-cloud environments has become essential for effective security. EndaceProbe Cloud offers the same deep visibility, enterprise-class reliability, seamless scalability, and lossless performance as the award-winning EndaceProbe appliances, with the same highly accurate, always-on packet capture.
• EndaceProbes are the industry's only open packet capture platform, combining high-performance network recording with the ability to integrate with performance and security solutions from Endace’s Fusion Partners including Cisco, Darktrace, Gigamon, Fortinet, IBM Security, Palo Alto Networks, Splunk, and many others (see endace.com/fusion-partners for the full list), open-source tools, and customer-built solutions. This integration capability enables faster, more accurate threat investigation and response and more efficient, productive SecOps and NetOps workflows and processes.
-
Vote for this Nomination
(click the thumbs-up icon to cast your vote)
(7 votes)
Loading...