The Anatomy of an Analytics Platform
What is an Analytics Platform? And What Does it Do?
Analytics solutions typically need access to network traffic in order to analyze it for evidence of security threats or performance problems. Unlike metadata, full packet capture and recording provides definitive evidence that lets analysts reconstruct events - such as data exfiltration - to see precisely what took place.
The first function of an Analytics Platform is accurately recording network packets off the wire. This requires purpose-designed, packet-capture hardware. Without it, you can't guarantee lossless capture, or timestamp captured packets with the nanosecond accuracy needed to accurately reconstruct network events from the captured packets.
It also requires optimized hardware capable of streaming captured packets to disk at very high-speeds and storage capacity of hundreds of Terabytes to Petabytes. Typically, organizations want to keep a month or more of recorded Network History but are often forced to settle for a week's worth because of the lack of storage on many full packet capture solutions.
It's Not Just About Recording Packets
As packets are recorded, they also need to be indexed so they can be easily mined and analyzed later. Typically, five-tuple indexes are kept (source IP address/port number, destination IP address/port number and protocol).
The EndaceProbe Analytics Platform uses deep packet inspection (DPI) to examine the Layer 7 data to identify which application the packets belong to so that detail can be indexed too.
It also records more than 160 fields of additional contextual metadata about the environment at the time the packets were captured and embeds this Provenance data alongside the packets themselves so it can always be referenced.
It's About Making Network History Useful
Once the packets have been captured and recorded, the next function of an analytics platform is to make that packet history available to the analytics tools and teams that need access to it.
This is not an insignificant challenge given the volumes of data involved. It's simply not feasible to centralize this data for analysis - copying the data to a central location would be too slow and require significant network resources.
So, the platform must be able to take the analytics functions to the data - rather than the other way around - and host analytics functions directly on the platform where the packet data is recorded.
Integrate Network History into your Tools
The Fusion Partner Program brings together solutions from leading security and performance analytics vendors who leverage the EndaceProbe's Application Dock hosting and workflow API to integrate Network History into their applications.
Yes I'd Like a Demo
How about a Demo?
Hosting our Fusion Partner analytics solutions on EndaceProbe Analytics Platforms puts performance monitoring and definitive evidence at your fingertips.
Find out just how fast and accurate your investigations could be.