EndaceProbe: always-on packet capture and deep, unified network visibility for network security

Additional Info

CompanyEndace
Websitehttps://www.endace.com
Company size (employees)100 to 499
Headquarters RegionNorth America

Overview

Packets provide crucial, tamper-resistant evidence of network activity. The EndaceProbe Analytical Platform product line provides highly scalable, continuous, full packet capture and recording, with zero packet loss, on network links to 100Gbps and beyond, enabling organizations to cost-effectively capture, index and store a 100% accurate record of network activity. Customers can integrate with a wide range of network security and monitoring solutions that need access to packet data. The result is a complete, accurate record of activity across the network – right down to the payload – to see precisely what is happening now and what has happened in the past.

With industry-leading benchmarks for speed, density, and storage capacity, the EndaceProbe product line overcomes the obstacles of deploying always-on, network-wide packet capture. SecOps and NetOps teams can accurately record and store weeks to months of network traffic at full line rate in any environment, allowing them to go further back in time to accurately reconstruct, investigate and resolve security threats, breaches or performance problems. Analysts have definitive evidence at their fingertips within seconds for faster, more efficient incident investigation and response.

The EndaceProbe’s powerful API enables SIEM and SOAR tools to automate searching and retrieving packet data relating to specific events so analysts have it at their fingertips when investigating threats. Endace provides pre-built integration with a wide range of commercial and open-source tools including network performance monitoring, intrusion detection, next generation firewalls, threat detection and AI/ML-based security.

With more recent EndaceProbe models including EndaceProbe Cloud and an industry-first sustained 100 Gpbs packet capture appliance, security teams now have unified visibility across the entire hybrid cloud. This deeper visibility and ability to share packet-level data means that testing configurations, detecting threats, responding to, and resolving incidents becomes much faster and more accurate.

Key Capabilities / Features

EndaceProbes combine highly scalable, ultra-reliable, lightning-fast network recording with the ability to integrate with third-party network performance and security applications including customer-built tools, open-source tools, and tools from Endace’s world-leading Fusion Partners -- including Cisco, Darktrace, Gigamon, Fortinet, IBM Security, Palo Alto Networks, Splunk, and many other leading vendors (see endace.com/fusion-partners for a full list).


For on-prem environments, EndaceProbe hardware appliances can also host many of these third-party commercial and open-source monitoring and analytics applications. Applications hosted on EndaceProbes can access network traffic in real-time or use Playback to analyze recorded traffic for powerful, back-in-time analysis to quickly test network performance and security. This ability to host tools saves cost by enabling hardware consolidation and reducing the need for function-specific hardware appliances on the network.


Endace’s modular architecture and decentralized data storage gives customers the scalability needed to cost-effectively deploy packet capture across large, complex hybrid cloud environments. Multiple EndaceProbes can be stacked and grouped to provide almost unlimited storage capacity and the ability to scale to network speeds of 100 Gbps and beyond. On-prem EndaceProbe appliances, EndaceProbe Cloud and EndaceProbe vProbe (for private cloud) combine seamlessly together to deliver complete visibility across every part of the hybrid-cloud network.


Endace’s free InvestigationManager search and datamining component provides fast, easy access to packet data across the entire network from a single pane of glass. EndaceCMS (also free) enables easy configuration and maintenance of an EndaceProbe estate from a central management console.


EndaceVision™, a browser-based traffic analysis solution, is included on every EndaceProbe. It provides a powerful way to visually analyze traffic recorded from the network using a wide range of visualizations and analysis tools. Analysts can quickly isolate and examine the packets relating to an incident, accelerating investigation and response and reach accurate conclusions based on definitive evidence – without guesswork.


How we are different

• The EndaceProbe product line gives customers a full range of always-on packet capture and recording solutions that deliver deeper visibility to defend on-premises, private cloud and public cloud networks from core to edge. Enterprises can quickly and cost-effectively capture, index and store a 100% accurate record of network activity – and collect the irrefutable evidence needed to hunt for and investigate cyberattacks and threats.


• As the industry’s only open packet capture platform, EndaceProbes can seamlessly integrate with best-of-breed security and performance monitoring tools, open source tools, and custom applications via a powerful API. Security solutions that can be integrated include IDS/IPS, SIEM, SOAR, performance monitoring, next generation firewalls, threat detection and AI/ML-based security, and open-source or custom analytics solutions. Endace partners with leading vendors including Cisco, Palo Alto Networks, Splunk, Fortinet, Elastic, IBM and many others, to provide pre-built integrations that customers can deploy quickly and easily to streamline, accelerate and automate workflows.


• Centralized management and rapid centralized search and datamining enable connected fabrics of thousands of EndaceProbes to provide always-on recording across even the largest, geographically distributed networks and support teams of hundreds of analysts. The EndaceProbe’s ability to scale and provide a common platform and single-pane-of-glass management dramatically accelerates incident investigation and resolution and allows analysts to quickly reach accurate conclusions based on definitive evidence.


  • Vote for this Nomination
    (click the thumbs-up icon to cast your vote)