Endace and the EndaceProbe Analytics Platform

Additional Info

CompanyEndace
Websitehttp://www.endace.com
Company size (employees)100 to 499

Overview

Responding effectively to security breaches and threats means having the processes and tools in place to enable rapid incident investigation and supporting proactive threat hunting to defend against Zero Day threats or advanced persistent threats (APTs). One of the biggest challenges is often the lack of definitive evidence that allows analysts to accurately reconstruct attacks to see how they happened and what was affected.

For network-based attacks, the gold standard evidence is full packet capture data. Historically always-on packet capture has often not been deployed because of:
– The cost of deploying network-wide packet capture
– Lack of packet analysis expertise
– Challenges managing large volumes of packet data and making it usable.

The EndaceProbe Analytics Platform helps customers overcome these obstacles by cost-effectively recording full packet data from across the entire network and making it available to, and usable by, all the teams and tools that need it. This makes detecting, investigating and remediating security threats faster and more accurate and improves the productivity and efficiency of analysts by putting vital packet evidence at their fingertips.

The EndaceProbe’s modular architecture lets it scale to network speeds of >100 Gbps with petabytes of distributed storage for weeks or months of full packet history. Fast, centralized search, data-mining, and integration with a huge range of security tools makes it easy for even junior analysts to quickly find the packets relating to specific incidents. They can automatically reconstruct and export files to check for malware or exfiltrated data and check for lateral movement or command-and-control activity.

Always-on, long-term packet recording provides an unrivaled evidence source for threat discovery, remediation and response, allowing analysts to see, with certainty, the scope and impact of security breaches or attacks. The result is faster, more conclusive incident investigation and response.

How we are different

• Prevention alone can’t keep your network safe anymore; network-wide visibility and the ability to rapidly investigate attacks that make it past defenses is crucial. The EndaceProbe offers a full range of full packet recording solutions, enabling enterprises of all sizes to capture, index and store a 100% accurate record of network activity, providing the definitive evidence teams need to accelerate incident response and eliminate guesswork.


• The EndaceProbe’s ability to host and integrate with partner solutions, open-source tools and custom applications, enables customers to dramatically increase the effectiveness of their existing solutions and workflows. Integration allows analysts at all levels of experience to quickly locate and analyze full packet data from within the tools they are familiar with. The ability to pivot from any alert to the related packets in a single click means analysts can use a standardized investigation workflow regardless of the monitoring tool they are using at the time – which dramatically simplifies training.


• Access to definitive packet evidence eliminates the typical slow, inefficient investigation workflows requiring data from multiple sources such as application, event and system log files to be correlated and analyzed to reconstruct an attack so that its scope and severity can be determined. It provides a highly reliable evidence source that is accurately timestamped and immune from being altered or wiped by attackers – who are typically not even aware that packet data is being recorded. In this it is analogous to hidden video surveillance of network activity, giving defenders unparalleled visibility into attacks and attacker activity so they can respond quickly to thwart attackers before they can escalate their attacks.