EndaceProbe Analytics Platform

Additional Info

Company size (employees)100 to 499
Type of solutionHardware


Packet data is the most desirable form of evidence for investigating cybersecurity threats and breaches, because it is definitive. Unlike log data, packet data is tamper-resistant and attackers are typically unaware that network traffic is even being recorded. If an attack happens on the network the evidence is in the packets.

The EndaceProbe Analytics Platform provides affordable, fast, 100% accurate packet capture, recording the definitive evidence teams need to accelerate threat investigation and resolution. The platform can scale to speeds of 100 Gbps and beyond, with petabytes of distributed storage sufficient for weeks or months of full packet history.

Centralized, network-wide search and data-mining and integration with a wide variety of 3rd-party security and network monitoring tools give analysts rapid access to the evidence they need to see exactly what has taken place on the network. SecOps and NetOps analysts can go from an alert in any of their tools directly to the related packet history with a single click: dramatically accelerating investigation and resolution and allowing analysts to reach accurate conclusions based on definitive evidence.

Integration of packet history into security tools such as IDS/IPS, Firewalls, SIEM and SOAR tools and AI threat detection allows customers to streamline and standardize investigation workflows, dramatically increasing analyst productivity and efficiency. Analysts can follow a common investigative process from any of their tools, making it easy to access packet evidence

The division chief of a US Government agency that recently deployed an extensive EndaceProbe infrastructure to help defend against nation-state cyber attackers said: “Endace were experts in their field, understood our infrastructure and supporting technologies, and enabled the mission to be completed ahead of schedule. We’ve been able to speed investigations, create global access, and free up analysts that had been tasked with time-consuming maintenance and support of our legacy, in-house system.”

How we are different

• With industry-leading benchmarks for speed, density, and storage capacity, EndaceProbes have overcome the barriers to deploying always-on, network-wide packet capture. Enterprises can accurately record and store weeks or months of network traffic at full line rate, allowing teams to go further back in time to accurately reconstruct, investigate and resolve security threats or breaches. In addition, multiple monitoring tools can be hosted on the EndaceProbe platform itself, giving them line rate access to real-time packet data as well as the ability to replay recorded packet data for back-in-time analysis of historical events.

• EndaceProbes are the industry's only open packet capture platform, offering the ability to integrate with, and host, security and performance monitoring applications that need access to packet data. This integration gives analysts one-click access to relevant packet data from all their security tools (IDS, SIEM, AI, NGFW, SOAR, etc.), letting them get from alerts to packets with a single click. Hosting monitoring tools on EndaceProbes enables fast, easy deployment when and where monitoring is needed. Customers gain the agility to evolve security infrastructure to quickly meet changing security needs by deploying new or upgraded monitoring tools on-demand without rolling out new hardware or ripping-and-replacing existing infrastructure.

• EndaceProbes provide rapid, estate-wide search and data-mining, returning results in minutes rather than hours. This enables fast and accurate investigation of, and response to, threats. Analysts can access relevant packet data directly from within their existing security and network tools, enabling streamlined workflows and making it simple for even junior level analysts to extract valuable information from packet data. In addition, the ability to support and enhance existing workflows enables quicker user adoption and simplifies training for new analysts.