Endace and the EndaceProbe Analytics Platform

Additional Info

Company size (employees)100 to 499
Type of solutionHardware


Security monitoring tools, and the teams that use them, need access to packet data to look for evidence of security threats and network breaches. But with increasing network speeds and loads, feeding security monitoring tools with accurate packet data for analysis has become increasingly challenging. Without access to lossless packet capture, tools and teams can miss vital clues to threats and attacks.

The EndaceProbe Analytics Platform was designed to provide a common, scalable, sharable platform for both network security and network monitoring teams and tools. EndaceProbes provide network-wide, always-on recording of full packet data. This data can made available, enterprise-wide, to all the teams and tools needing access to it – either in real-time at full line rate, or replayed for historical analysis.

The industry’s only open packet capture platform, EndaceProbes allow integration with, and hosting of, a wide range of commercial and open-source monitoring solutions. This integration gives analysts access to packet data from all their security tools (IDS, SIEM, AI, NGFW, SOAR, etc.), allowing them to get from alerts to related packets with a single click. EndaceProbes provide fast, distributed search and datamining of packet data across an entire network in seconds – not minutes or hours.

By deploying both security and network or application monitoring solutions on a common platform customers can ensure all tools and teams have access to the same complete and authoritative source of packet data. This lets SecOps and NetOps teams collaborate more efficiently and reduces the hardware investment required to support both teams – lowering CAPEX and OPEX costs and freeing up budget to deploy more tools in more places on the network to extend visibility.

How we are different

• The EndaceProbe‘s powerful API integrates with a wide range of security monitoring tools, allowing security and network teams to go from alerts directly to the related packet history with a single click. This dramatically reduces investigation response times, increasing productivity, and providing a streamlined, standardized investigation workflow. By providing the ability to automatically recreate and extract files and generate detailed logs from recorded packet history, the EndaceProbe enables even junior analysts to extract useful information from packet data without needing deep forensic expertise.

• The EndaceProbe’s open platform architecture and extensive Fusion Partner ecosystem gives customers a flexible and scalable ecosystem for real time and historical analysis of network traffic. Packet capture can be integrated with customers’ preferred monitoring solutions to deliver better network visibility and ensure teams have access to the definitive evidence they need to investigate and resolve threats quickly and conclusively. In addition, the EndaceProbe’s ability to host a wide variety of monitoring tools lets customers deploy new or upgraded monitoring capability as needs evolve without having to deploy new hardware.

• The EndaceProbe platform enables closer collaboration between teams. Recorded packet data is critical to detect and respond to threats and issues more rapidly and accurately. When NetOps and SecOps can share this packet data, alert detection, triage, response and resolution can be accomplished more quickly and conclusively. In addition, the costs of monitoring tools and the hardware infrastructure needed to monitor and manage the network can be shared across departments, further reducing OPEX and CAPEX costs and enabling customers to extend visibility more broadly across the network.