Cyber Security Monitoring

Individuals with the responsibility for protecting critical infrastructure from cyber attack undoubtedly have one of the toughest jobs in networking. Not only must they deal with increasing traffic volumes traveling at higher speeds, more threats and the need to comply with a variety of regulations, they must operate in increasingly resource constrained environments.

These challenges are compounded by the fact that the commercially available tools available today are proving to be wholly inadequate in today’s 10Gb/s, high-volume, digital world.

The Changing Threat Landscape

Over the last two years the global cyber threat landscape has changed significantly. Cyber attacks are increasingly more targeted, financially motivated and organised. There's little doubt that our Cyber defences are being outmanoeuvred by attackers.

Attackers continue to exploit a growing range of ways to gain access to machines, systems, data and information. DOS/DDOS, brute force, cross site scripting, trojans, worms, SQL-injection, application malware and many more techniques are used in the attacker's arsenal. Cyber attacks are no longer purely 'outside-in' intrusions - the margins of the network have eroded to the point where attacks can come from anywhere on the network.

To deal with this barrage of threats security professionals need purpose-built next generation tools that genuinely give them the power to see all.

A 'Next-Gen' Architecture

To be effective, security professionals must have the right tools to work out whether traffic traversing the network is benign or malicious. They must have absolute confidence in the data they are working with and have well-integrated tools that:

• Enable them to get to the root of issues quickly and access detailed packet data for contextual purposes
• Are able to work on any LAN/WAN network segment at any speed without dropping a single packet
• Are built on a flexible and open system architecture that can scale and support a range of different security applications
• Are capable of being deployed and managed on a globally distributed network as a fully integrated 'fabric'
• Are able to seamlessly integrate with existing SIM/SIEM architectures and other custom or third-party applications
• Are able to correlate information and make decisions based on information gathered from all over the network not just from a single point
• Are able to operate in passive and active modes - blocking and alerting as required based on the level of threat presented by the stream.

Delivering against this list requires a fundamental rethink of the security architecture. Which is exactly what Endace has done.

Our Cyber Security Philosophy

Endace passionately believes the foundation of any security system MUST rest on being able to capture and analyse every single packet. The only way to guarantee that is with a solution built from the hardware up. Software-only solutions cannot guarantee accurate packet capture at high-speeds and are therefore prone to Network Security's Inconvenient Truth.

With guaranteed packet capture at the hardware level, the next step is to enable organisations to deploy a 'fabric' of purpose-built Probes across their entire network. To achieve this, Endace has developed its Probe family, and the management tools and software infrastructure to allow a fabric of Probes to be deployed and managed from a single central location.

Endace's 100% packet capture fabric forms a foundation for customers to deploy and manage the best-of-breed security applications of their choosing, confident in the knowledge that these applications leverage the most accurate source of network traffic data possible. As a principle, we work with many open-source communities as in our experience community-based security offers the most robust levels of protection. For instance, our IDS solution allows customers to choose from either (or both) SNORT™ and Suricata - the leading open-source DPI engines.