Key Capabilities / Features

EndaceProbe is the industry’s only truly open packet capture platform, offering ultra-reliable, always-on packet capture with zero packet loss at industry-leading speed, scale, and depth. Customers can capture, index and store all network traffic and activity with zero packet loss, ensuring total network visibility across all network infrastructure – on-prem and in the cloud.

EndaceProbes can cost-effectively record weeks or months of network traffic, enabling NetOps and SecOps teams to delve further back in time to investigate issues. Analysts can search across the entire hybrid cloud in seconds to find traffic relating to any event or issue that has happened, or is happening. Built-in Wireshark lets analysts drill-in to look at full packet data without downloading large pcap files – protecting the privacy and security of sensitive packet data and reducing the time it takes to get to packet evidence.

EndaceProbe Cloud and EndaceProbe vProbe instances (for private cloud) operate seamlessly alongside on-prem EndaceProbe appliances to deliver unified, deep packet-level visibility into activity across the hybrid cloud network.

InvestigationManager provides single pane-of-glass visibility across all EndaceProbes on the network – whether they are deployed in public cloud, private cloud or on-premises locations.

EndaceVision is a browser-based traffic analysis tool that provides a wide range of visualizations (including accurate microburst detection, traffic over time, and top talkers). Analysts can use EndaceVision to quickly locate and examine the packets relating to specific incidents and accelerate investigation and response to network security and performance issues and immediately drill down to examine those packets in Wireshark without needing to download any further data.

Giving SecOps and NetOps teams access to full packet data enables them to quickly and accurately identify the root cause of threats and issues so they can respond quickly and accurately with definitive evidence at the fingertips.

How we are different

• Recording an accurate record of network activity means SecOps and NetOps teams are no longer restricted to analyzing traffic in real-time and relying on historical metadata for past activity. Now they can reconstruct any historical network activity with precision, enabling them to go back-in-time to examine security threats or performance problems to see precisely what happened. With the ability to cost-effectively record weeks or months of traffic, customers can give their NetOps and SecOps teams the definitive forensic evidence they need to investigate and respond quickly and accurately to every threat and issue – without guesswork.

• EndaceProbe provides a powerful API that integrates with a wide variety of commercial and open-source security and network performance as well as custom solutions. Endace partners with leading vendors such as Cisco, Palo Alto Networks, Fortinet, IBM, Darktrace and many others (see https://www.endace.com/fusion-partners) to integrate packet capture into their products. This integration lets analysts go from an alert in their monitoring tools directly to the related packets with a single click-- reducing investigation time from hours or days to just minutes. In on-prem environments, customers can also deploy third-party security solutions (such as IDS or AI-based monitoring tools) or network and application performance monitoring solutions on EndaceProbe appliances where these tools can be used to analyze real-time traffic or replay recorded traffic for historical analysis.

• The industry-leading speed of EndaceProbes provides SoC teams with the ability to capture network traffic in any environment and rapidly search through weeks or months of traffic for packets of interest in just seconds. Its unlimited scalability means that customers seamlessly expand the throughput and/or storage capability of their monitoring infrastructure easily as their needs evolve, simply by adding additional EndaceProbes wherever they need them – whether on-prem or in public or private cloud environments.