The Endace Platform

Hardware

All Endace hardware incorporates DAG® I/O technology, our proprietary packet capture technology that delivers 100% of packets into host memory. It uses FPGA technology and DMA techniques to move packets from the network while consuming almost zero CPU resources. The product of a decade of experience, DAG delivers the highest possible bandwidth between the network and the system.

Endace Systems are based on commodity multi-core Intel hardware and only, leveraging custom hardware where specifically required. Our hardware platforms are designed for consistent performance regardless of load, giving you truly predictable results every time.

Recognising that one size does not fit all, we’ve designed Endace Systems in a range of different sizes and configurations to meet the needs of different deployment scenarios.

The flexible architecture of our EndaceProbes™ and EndaceSensors™ – two key products from our Endace System family – lets you configure them to monitor the full range of network types.

Operating system

The Endace Operating System (OSm) is part of all Endace Systems. Built on a Linux kernel, OSm does much of the heavy lifting work required to ensure that Endace Systems deliver the maximum value to the user in the shortest possible timeframe.

The function of OSm can be broken down into three areas: platform integration, fabric management and packet management. To learn more, see our OSm page.

Application layer

The application layer is made up of a number of highly optimised virtual containers into which any compatible applications can be deployed. The virtual environment, known as the Endace Application Dock, is ideal for custom, open-source or commercial applications. Any Unix-based application that talks to a Libpcap interface or vDAG should be compatible with the Application Dock.

To deliver immediate value, a core suite of applications - the Endace Application Suite - is delivered as standard with every EndaceProbe and EndaceSensor System. These best-of-breed applications are pre-deployed into the Dock environment to meet the basic monitoring and security needs of every network.

Integrating Endace Systems

Endace Systems support a broad range of standard data exchange interfaces, which makes them easy to integrate with existing systems and an essential source of data for a wide array of security, network monitoring and management applications. Additionally, integrating our Endace intrusion detection system with existing third-party applications is easy using any of these standards.

Some of the standard data interchange formats provided by Endace Systems include:

• SNORT® alerts in syslog format - for event log file integration with SIM vendors such as NetForensics
• NetFlow - EndaceProbes provide a highly configurable NetFlow export module that supports multiple concurrent real-time flow collection and analysis systems. Supports 1:1 or sampled NetFlow at 10Gb/s
• Packet download - selected full-packet data can be downloaded via SOAP/XML in standard PCAP or ERF format for analysis in Wireshark or other applications
• Event syslog - support for third-party security information management (SIM) systems with alert export in standard syslog format
• SNMP - support for SNMP traps and alerts allows you to integrate with a broad range of system and network management tools.

Read our technical overview on how to integrate a Monitoring and Recording Fabric into your network.