Endace Announces Fusion Connector for Splunk

Deploying EndaceProbe Network Analytics Platform and Splunk Software Provides Fail-safe Security and Network Event Analysis

October 16, 2013 – Endace, a world-leader in network visibility infrastructure, today announced the Endace Fusion Connector for Splunk, an open workflow solution for detecting and resolving network security issues. The Endace Fusion Connector for Splunk optimizes data analysis workflows between its family of EndaceProbe™ Network Analytics Platform and Splunk’s industry-leading third-party monitoring and security tools that detect anomalous network behavior. Integrated with EndaceProbes, the combined solution provides organizations with the ability to detect and investigate issues at the network packet-level in order to lower time-to-resolution (TTR).

“By integrating Splunk and Endace technologies at the ‘event’ level, organizations can complete the detection and investigation cycle quickly and completely by determining the root cause of network security and operational issues,” said Endace’s Mike Riley. “As a result, customers are able to contain real network security and operations issues more effectively while reducing the impact on end users, detect false positives more quickly and better ‘tune’ detection systems.”

Splunk is a leading software platform for collecting and correlating machine data generated from a variety of different IT systems and infrastructure. Splunk helps customers detect network problems, monitor infrastructure elements and gain real-time visibility into customer experience, transactions and behavior. Because Endace captures 100 percent of the network traffic transiting a link, whether it is a 10Gb Ethernet (10GbE), 40GbE or 100GbE link, the EndaceProbe offers a historical view with the highest level of detail and accuracy available in the industry today. By deploying the EndaceProbe’s RESTful API, users can click on a Splunk event and pivot straight to the packets of interest for deep analysis in a protocol analyzer, such as Wireshark.

“The Endace Fusion Connector for Splunk provides a more comprehensive view of the network with added search and drill-down capabilities,” said Bill Gaylord, senior vice president of business development, Splunk. “Visibility to network activity gives both Security Operations (SecOps) and Network Operations (NetOps) teams the ability to quickly identify anomalous activity and conduct forensic investigations. They can not only understand the scope of a potential threat but also identify the source by simply zooming in on an event and quickly obtaining the relevant packet information.”

The Endace Fusion Connector for Splunk is available through Splunk Apps. The plugin is easy to install and adds minimal overhead to the performance of the application. The Endace Fusion Connector for Splunk is the first connector to be announced as part of the Endace Fusion Ecosystem™ program. The Endace Fusion Ecosystem program is focused on applications and partners who provide complementary capabilities to network recording that are required to detect, investigate and resolve common networking and security incidents.

“We have been working closely with Endace to test the new Endace Fusion Connector for Splunk and we found the integration delivered a 55 percent time saving on each event-to-packet search operation. The ability to instantly drill down from a Splunk event alert directly to the associated network packets is invaluable, saving time and resources and most importantly, accelerating root cause identification and resolution," said Alistair Meakin, director, Marquest. “We see a big opportunity to help our Splunk users dramatically enhance their network and security event management with this new capability from Endace and Splunk.”