An Integrated Approach to Cyber Security Monitoring
Endace's Cyber Security Monitoring solution integrates Threat Detection and Alerting, Network Analytics and Network Forensics to create a powerful, highly accurate and predictable system that guarantees to capture every packet at speeds up to and including 10Gb/s.
Threat Detection and Alerting (IDS)
Endace's next generation IDS provides organisations with the highest level of threat detection and alerting. It comes fully integrated with Endace Analytics in order to deliver a highly accurate threat detection platform with full context and drill-down to packet-level. It incorporates
- A rich interface dashboard for viewing and managing alerts
- Full rule and policy management via Endace Security Manager (ESM)
- A choice of SNORT™ or Suricata as open-source DPI engine
- The ability to deploy and manage commercial third-party (including Endace), community-developed and custom rulesets
- Powerful integrated Network Analytics engine for rapid identification and resolution of threats
Integrated Analytics
Endace Analytics is powered by CACE Pilot and provides security teams with powerful network visualisation for layer 3 and 4 traffic. With the "capture all" capability of our Probes, your entire captured network traffic is available to be analysed. This enables you to easily move backwards and forwards through your traffic to analyse specific moments in time (with full context - before, during and after the period of the alert).
- Filter and view traffic data in ways that suit you
- Set and monitor specific KPIs and get alerted when KPIs are breached
- Construct in-depth custom views and reports for your network
- Go back in time (timeshift) and analyse events / alerts / issues in complete context after the event
- Quickly drill right down to packet level using fully integrated Wireshark - even on multi-gigabyte trace files
- Take feeds from third party systems such as Endace Security Manager
Learn more about the features and functions of Endace Analytics.
Network Forensics
Forensic investigation of packets can be performed directly on the Probe, providing security professionals with the ability to quarantine packets (capture to disk) and gain easy access to raw packets at the point of capture for data mining and full packet traffic export.
The Probe's onboard forensic tools facilitate accurate and comprehensive post-event investigation right down to individual packet level.
Using Endace Security Manager, you can quickly create rules to identify and store network events with a specific profile: fraud, malicious activity, human resource violations, inappropriate and illegal activity, productivity, network reconnaissance and user behaviour.
Lawful Intercept
The multi-application capability of the Probe allows Lawful Intercept (LI) applications to leverage the Probe's resources without necessitating dedicated LI appliances. Endace Probes support Lawful Intercept functionality using a SOAP interface. This can be used to integrate with a range of commercial systems.
The LI functionality on the Probe is effectively hidden (using RBAC) to ensure that only nominated individuals can gain access to the functionality and associated data.
Netflow
Netflow Endace Probes include the ability to generate network (v5) records for every communication (sampled or 1:1) and can automatically forward them to 3rd Party NBAD / Security Applications.