Fabric-wide Network History Investigation
EndaceFabric: Network-wide Recording & Analytics Hosting
EndaceFabric enables multiple EndaceProbe™ Analytics Platforms to be connected into a network-wide fabric that is centrally searchable and provides visibility into, and accurate recording of, network traffic across an entire network– including visibility into high-speed 40Gbps and 100Gbps links. The distributed fabric is centrally managed using the EndaceCMS Central Management Server™ which reduces OPEX and CAPEX.
EndaceProbes can also be synchronized with a common, accurate time source - such as a GPS time source - to ensure packet time-stamping retains its nanosecond-level accuracy even across complex, highly distributed networks. This precision makes it possible to reconstruct network events accurately even on distributed networks.
Fabric-wide Network History Investigation
Fabric-wide investigations are enabled using a range of built-in and optional third-party tools. Network Security and Network Operations teams (NetOps and SecOps) can use InvestigationManager's intuitive web-interface to quickly locate, retrieve and analyze packets of interest from petabytes of recorded Network History distributed across the EndaceProbes in the fabric.
EndaceVision™ and EndacePackets™ provide built-in browser-based investigation tools. EndaceVision offers a range of visualizations for investigating network history including the MicroVision™ feature which enables users to visualize events on a 10-microsecond scale – small enough to investigate the cause of disruptive microburst activity. EndacePackets is a protocol decode tool based on Wireshark. Using these tools history can be examined directly on a single EndaceProbe or across multiple EndaceProbes in the fabric.
API integration provides tight integration of EndaceVision and EndacePackets with tools from Endace partners such as Cisco, Dynatrace, Splunk and Plixer. Analysts can click on alerts in these tools and jump straight to the related packet-level history to see exactly what’s happened.
EndaceCMS Central Management Server
The EndaceCMS™ Central Management Server provides powerful, centralized command and control for a connected fabric of Endace appliances, reducing management overhead and lowering operational costs.
Powered by OSm, the security-hardened OS, which powers all Endace appliances, EndaceCMS lets you manage all Endace elements – physical or virtual – that are part of the EndaceFabric. EndaceCMS provides health and performance monitoring, configuration management and upgrade management (groups, profiles, scheduled updates).
EndaceProbe Analytics Platform
EndaceFabric is built on multiple EndaceProbe™ Analytics Platforms seamlessly connected into a recording fabric. EndaceProbes are scalable, high-speed, Analytics Platforms and are designed for high-performance, 100% accurate packet capture. They offer maximum storage depth at minimum rack space with a range of deployment options suited from the core to the edge of the network, from 10Mbps to 100Gbps.
InvestigationManager™ is a virtual machine application that lets analysts conduct network-wide investigations and searches across an entire EndaceFabric, or a group of EndaceProbes, to quickly find the packets they need from anywhere on the network.
At the heart of InvestigationManager is EndaceVisionTM, a browser-based investigation tool that lets analysts select data sources from multiple EndaceProbes and analyze recorded traffic from all these sources simultaneously.
Due to the distributed, parallel nature of the EndaceFabric architecture, searches can be conducted across a hundred EndaceProbes and petabytes of data in under a minute, dramatically improving analyst performance.
Customers can deploy as many instances of InvestigationManager as they need to support simultaneous data mining and facilitate investigations for multiple concurrent users.
Endace's open platform approach to security and network analytics gives NetOps and SecOps teams the flexibility to deploy third party analytics and security software when and where it's needed. We call this Endace Fusion.
The Fusion Partner Program brings together solutions from leading security and performance analytics vendors who leverage the EndaceProbe's Application Dock hosting and workflow API to integrate Network History into their applications.