Endace and the EndaceProbe Analytics Platform

Additional Info

Company size (employees)100 to 499
Type of solutionHardware


A key challenge that Security and Network teams face in defending against cyberattacks is having a clear picture of what’s happening across the network. Different tools rely on different telemetry data to detect and alert on suspicious activity and provide different insights. Without a definitive source of evidence about exactly what’s taken place analysts are forced to correlate information from multiple sources such as log files, network metadata and small fragments of full packet data from firewalls and IDS solutions in order to reconstruct and analyze threats.

The EndaceProbe Analytics Platform provides accurate, scalable, always on packet capture that can scale to large global networks with links operating at speeds of 100 Gbps and beyond to provide weeks or months of full packet history. This recorded history can be integrated directly into multiple security monitoring tools to give analysts one-click access to the packets relating to issues those tools detect. This dramatically accelerates incident investigation and response and lets teams quickly and accurately reconstruct network events without having to connect the dots from multiple data sources.

The EndaceProbe also provides hosting for security tools that analyze packet data – allowing multiple tools to share a single, authoritative source of packet data and letting customers share common infrastructure across SecOps, NetOps, DevOps and IT teams to reduce cost and simplify deployment.

The ability to use a common hardware platform to provide a complete and accurate source of network-wide packet data to all the teams and tools that need access to it provides a common, shared source of truth that gives analysts unparalleled visibility into network activity and the ability to respond to events quickly without guesswork. It enables organizations to extract greater ROI from their investment in existing security tools and provides the flexibility to evolve capability easily as needs change.

How we are different

• EndaceProbes are the industry's only open packet capture platform. As well as recording a 100% accurate history of network activity, they can host multiple 3rd-party security analytics applications and integrate with a wide variety of security and performance monitoring solutions to provide a common source of definitive evidence about network activity.

• There are a range of EndaceProbe models to suit deployment across the entire network - from the network edge or branch offices to datacenters and high-speed, core network locations. The modular design of the EndaceProbe platform allows multiple EndaceProbes to be “stacked” to support monitoring on high-speed links of 100Gbps and beyond and provide petabytes of distributed packet storage capacity. Centralized management reduces management overhead, while centralized search and datamining enables powerful, network-wide forensics and offers an API for easy integration with security and performance monitoring tools.

• By being able to deploy analytics functions on a common platform, enterprises benefit from the flexibility, speed, agility and cost savings that virtualization has delivered in the datacenter. Evaluating and deploying analytics functions can be done in days, not months, without costly hardware rollouts or hardware “rip-and-replaces”. New or upgraded monitoring solutions can be deployed quickly on-demand as needs change without deploying new hardware. As an example, a large global banking customer was alerted of an impending DDOS attack targeting multiple banks. In just a few hours, the customer was able to deploy a solution onto EndaceProbes in their datacenters around the world. This enabled them to detect and completely mitigate the attack. Other banks weren’t as lucky, with many suffering extended outages and embarrassing media coverage as a result of the attack.