Endace – EndaceProbe and EndaceProbe Cloud

Additional Info

CompanyEndace
Websitehttps://www.endace.com
Company size (employees)50 to 99
Headquarters RegionAsia

Overview

For more than two decades, Endace has provided high-speed, network recording and visibility solutions to monitor and protect some of the world’s largest, most critical networks. The award-winning EndaceProbe Analytics Platform has continued to set industry benchmarks for speed, storage, and reliability to monitor traffic across the entire network, from core to edge. Endace’s always-on, lossless packet capture and fast global search gives SecOps and NetOps teams reliable forensic evidence for rapid and conclusive incident investigation and response.

EndaceProbe appliances are the industry’s only open packet capture platform, combining high-performance, always-on packet capture with the ability to integrate with performance analytics and network security applications from Endace’s world-leading Fusion Partners, including Cisco, Darktrace, Gigamon, Fortinet, IBM Security, Splunk, and many others (see endace.com/fusion-partners for the full list). The EndaceProbe can also host and integrate with open-source tools and customer-built solutions.

When Endace customers began migrating to the cloud, it became apparent that the reliable level of network recording needed to detect, investigate, and respond to network performance issues and security threats in public cloud environments was lacking. In July 2023, Endace announced EndaceProbe Cloud, which, when combined with EndaceProbe appliances for on-premise environments, gives organizations unified visibility across their entire hybrid cloud network. EndaceProbe Cloud offers the same enterprise-class reliability, scalability, and performance as EndaceProbe appliances deliver for on-premise infrastructure.

When high-speed, ultra-reliable packet capture is combined with the ability to integrate best-of-breed analytics and performance monitoring tools, SecOps and NetOps teams gain access to the definitive evidence needed to accelerate threat investigation and response. With EndaceProbe and EndaceProbe Cloud, customers are assured of seamless, always-on packet capture and unified visibility across any infrastructure, from core to edge, with the reliability and excellence they have come to expect from Endace.

Key Capabilities / Features

EndaceProbe and EndaceProbe Cloud are the industry’s only open packet capture platform, offering ultra-reliable, always-on packet capture with zero packet loss. Organizations can capture, index and store all network traffic and activity, ensuring total network visibility across all network infrastructure – on-premise and cloud. EndaceProbes cost-effectively record weeks or months of network traffic, so NetOps and SecOps teams can delve further back in time to accurately reconstruct and investigate threats, breaches or performance issues.


Customers can deploy third-party security solutions (such as SOAR, IDS or AI-based tools) or performance monitoring tools directly to where packet data is recorded, where they can analyze real-time traffic or replay recorded traffic for historical analysis. Endace partners with leading vendors such as Cisco, Palo Alto Networks, Fortinet, IBM, Darktrace and many others (see https://www.endace.com/fusion-partners) to integrate packet capture into their products. This integration allows analysts to go from alerts in their monitoring tools to related packet data with a single click.


InvestigationManager enables single pane-of-glass visibility across all EndaceProbes on the network – whether they are deployed in public cloud, private cloud or on-premise locations. EndaceVision is a browser-based traffic analysis tool within InvestigationManager. It gives teams a top-level view of the health of the network, and provides a wide range of visualizations (including accurate microburst detection, traffic over time, and top talkers). Analysts can use EndaceVision to quickly locate and examine the packets relating to specific incidents, and accelerate investigation and response to network traffic issues.


EndaceProbe Cloud operates seamlessly alongside EndaceProbe appliances deployed on-premise or in private cloud, to deliver truly unified packet-level visibility into activity across all parts of an enterprise’s hybrid cloud network.


How we are different

• EndaceProbe and EndaceProbe Cloud provide centralized data mining and rapid search, centralized management, and workflow integration, to expand storage and throughput, and deliver full visibility into North-South and East-West network traffic. Integration puts accurate forensic evidence at an analyst’s fingertips, enabling them to go directly from an alert in their monitoring tools directly to the related packets with a single click. This reduces investigation time from potentially hours or days to minutes. Recorded packet data can also be replayed to analytics tools, to deliver powerful back-in-time “re-investigation” and enable accurate reconstruction of historical network activity to identify the root cause of issues.


• Endace’s modular architecture and decentralized data storage gives customers the ability to deploy packet capture across large, complex hybrid cloud environments and scale as needs evolve. No other solution provides the same scalability and packet-level visibility across all hybrid cloud infrastructure. Endace’s search and data mining component (InvestigationManager) provides fast, easy access to packet data across the entire network from a single pane of glass. EndaceCMS enables easy configuration and maintenance of the entire EndaceProbe estate from a central management console. The unlimited scalability of EndaceProbes means customers can seamlessly expand the throughput and/or storage capability of their monitoring infrastructure easily as their needs evolve, simply by adding additional EndaceProbes wherever they need them: on-premise or in public or private cloud environments.


• Customers maintain complete control over their recorded cloud network traffic because it is stored within their own VPC/Virtual Network, unlike SaaS solutions. This minimizes expensive cloud operator egress charges and allows customers to keep full control of their data.