Endace and the EndaceProbe Analytics Platform

Additional Info

Company size (employees)50 to 99
Headquarters RegionNorth America
Type of solutionHardware


Packet data is the most desirable form of evidence for investigating cybersecurity threats and breaches, because it is definitive. Unlike log data, packet data is tamper-resistant and attackers are typically unaware that network traffic is even being recorded. If an attack happens on the network the evidence is in the packets.

The EndaceProbe Analytics Platform provides affordable, fast, 100% accurate packet capture, recording the definitive evidence teams need to accelerate threat investigation and resolution. The platform can scale to speeds of 100 Gbps and beyond, with petabytes of distributed storage sufficient for weeks or months of full packet history.

Centralized, network-wide search and data-mining and integration with a wide variety of third-party security and network monitoring tools give analysts rapid access to the evidence they need to see exactly what has taken place on the network. SecOps and NetOps analysts can go from an alert in any of their tools directly to the related packet history with a single click, accelerating threat investigations and allowing analysts to reach accurate conclusions based on definitive evidence.

Integration of packet history into security tools such as IDS/IPS, Firewalls, SIEM and SOAR tools and AI threat detection allows customers to streamline and standardize investigation workflows, increasing analyst productivity and efficiency and reducing alert fatigue.

By combining EndaceProbes with the tools and applications they use every day, customers can leverage network recording to significantly improve the security of their critical network infrastructure. EndaceProbes dramatically increase a team’s ability to defend the entire network, from core to edge, and quickly remediate even the most serious threats. Customers gain a better, faster, more efficient and affordable process for recording, accessing and sharing recorded packet data. SecOps and NetOps teams gain access to the definitive evidence needed to accelerate threat investigation and response.

How we are different

• With industry-leading benchmarks for speed, density, and storage capacity, EndaceProbes have overcome the barriers to deploying always-on, network-wide packet capture. Enterprises can accurately record and store weeks or months of network traffic at full line rate, allowing teams to go further back in time to accurately reconstruct, investigate and resolve security threats or breaches. In addition, multiple monitoring tools can be hosted on the EndaceProbe platform itself, giving them line rate access to real-time packet data as well as the ability to replay recorded packet data for back-in-time analysis of historical events.

• The new 2100 Series EndaceProbes announced in September 2022 provide sustained recording at up to 40 Gbps, with up to 120 TB of effective packet storage in a compact, 1RU form factor. They are purpose-built for network edge locations, such as remote offices and branch offices. The new models dramatically increase packet capture performance and storage depth. They also quadruple the hosting capacity of previous models, enabling customers to deploy third-party network security and performance monitoring solutions.

• The Endace OSm 7.1 software update announced in March 2022: empowers security analysts, regardless of packet forensics experience, to easily reconstruct and extract files from recorded packet data to rapidly understand the nature and extent of threats or breaches, allows analysts to generate detailed logs from recorded packet data, and enables MSSPs or organizations with multiple tenants to securely share packet recording infrastructure.