EndaceProbe Analytics Platform
Definitive, packet-level evidence at your fingertips.
Packet Capture and Analytics Hosting
in One Platform
Faced with the need to diagnose and fix security and performance issues on large-scale, high-speed networks, organizations need data sources that go beyond log files and metadata.
The EndaceProbe™ Analytics Platform provides full packet capture and recording, with zero packet loss, on network links from 10Mbps to 100Gbps, allowing organizations to capture, index and store a 100% accurate record of network activity.
EndaceProbes are the industry's only, truly, open packet capture platform, allowing both hosting of, and integration with, commercial, open-source and custom analytics applications.
Accelerate response times and reduce costs by hosting and integrating with analytics solutions from Cisco, Palo Alto Networks, Dynatrace, Splunk and Plixer, and custom or open-source tools such as SNORT, Bro IDS, Suricata, Argus or Nagios. Hosted applications can access live network traffic at line rate, or use Playback™ to analyze recorded Network History.
Find out more about the benefits of our Open Platform approach.
NEW!
Meet the New One Petabyte
EndaceProbe 9200 Series
We are pleased to announce the launch of our new, ultra-high-density 9200 Series EndaceProbes.
Delivering up to a Petabyte of effective packet storage, the new EndaceProbe™ 9200 Series uses built-in Compression and patent-pending Smart Truncation™ on top of 432Tb of fully RAID-protected raw storage. All in a single, 4RU appliance that can record at a sustained 40Gbps.
Stacking EndaceProbes for Unparalleled Capacity and Throughput
Stacking multiple EndaceProbes together allows you to create logical units with single pane-of-glass management and centralized searching. By creating stacks of our new EndaceProbe 9200 Series you can create ultra high-capacity, high-throughput clusters that can:
- Record at speeds in excess of 200Gbps
- Handle burst rates of 400Gbps+
- Scales to multiple petabytes of packet-level Network History.
Find out how stacking works in this 9200 Stacking Solution Brief.
Find Out How our Customers Commonly Deploy Endace Probes
The EndaceProbe Analytics Platform can solve a range of visibility problems and be deployed in a number of scenarios. See how you can deploy the EndaceProbe to redefine network visibility.
Recording Network History in Virtual Environments
The EndaceProbe vProbe is a virtual machine implementation of the EndaceProbe Analytics Platform designed to record crucial network history in virtual and cloud environments and provide visibility into virtual network traffic, including East-West traffic.
It integrates seamlessly into an EndaceFabric and provides the same centralized search and management as physical EndaceProbes.
Endace Fusion
Endace's open platform approach to security and network analytics gives NetOps and SecOps teams the flexibility to deploy third party analytics and security software when and where it's needed. We call this Endace Fusion.
The Fusion Partner Program brings together solutions from leading security and performance analytics vendors who leverage the EndaceProbe's Application Dock hosting and workflow API to integrate Network History into their applications.
EndaceProbe Key Features
Continuous, 100% accurate, line-rate recording of network traffic, any speed, any network.
Dedicated packet capture hardware ensures lossless capture with nanosecond accurate timestamping.
Playback Network History on-demand to hosted or external analytics tools for back-in-time analysis.
Built-in EndaceVision™ and EndacePackets™ investigation tools for fast, accurate issue investigation.
Provenance™ augments recorded Network History with rich contextual data.
APIs provide integration with commercial, open source and custom analytics applications for streamlined issue investigation.
Host third-party analytics applications and give them access to both real-time and recorded traffic for analysis.
Host and integrate with market-leading, cybersecurity and performance analytics tools from
Fusion Partners.
The EndaceProbe Family
EndaceProbes are available in a range of models to suit every deployment requirement.
Download the brochure
| Models | EP-9200 Series | EP-9000 Series | EP-8200 Series | EP-4100 Series | EP-4000 Series | EP-124 | EP-114 | vProbe | |
|---|---|---|---|---|---|---|---|---|---|
| Downloads | Datasheet | Datasheet | Datasheet | Datasheet | Datasheet | Datasheet | Datasheet | Datasheet | |
| Dimensions | 4 RU | 4 RU | 2 RU | 1 RU | 1 RU | 1 RU, short-depth | 1 RU, short-depth | Virtual | |
| Local storage | 432TB | 192TB | 144TB | 7.68TB SSD | 32TB | 3.8TB SSD | 3.8TB SSD | 1 TB virtual | |
| Packet Storage with Compression and Smart Truncation™ | 1 >1PB | 1 >500TB | 1 >360TB | - | - | 2 >7TB |
2 >7TB | - | |
| 3 Max sustained write-to-disk performance | 40Gbps | 20Gbps | 15Gbps | 15Gbps | 3Gbps | 1Gbps | 0.5Gbps | 0.5Gbps | |
| Max concurrent flows | 1 million | 1 million | 1 million | 1 million | 500K | 200K | 200K | 200k | |
| Max flows/sec | 100K | 100K | 100K | 100K | 50K | 20K | 20K | 20k | |
| Max Application Dock instances | 12 | 4 | 4 or 12 | 4 | 4 | 2 | 2 | n/a (virtual) | |
| Port Count | Up to 8x 1/10GbE or 2x 40GbE |
Up to 8x 1/10GbE or 2x 40GbE |
Up to 8 x 1GbE/10GbE or up to 2 x 40GbE |
Up to 8x 1/10GbE or 2x 40GbE |
Up to 8x 1/10GbE | 4x 1/10GbE or 1x 40GbE |
4x10/100/ 1000BASE-T or 1GE |
1x virt NIC or 1x 1GbE NIC |
|
| Typical Deployment | Core network, data centers | Core network, data centers | Core network, data centers | Core network, data centers | Branch offices, WAN gateways | Remote locations, branch offices | Remote locations, branch offices | Virtual environments | |
| Compact | 
|
|
|
|
|||||
| High-performance |
|
|
|
|
|
||||
| Deep storage |
|
|
|
1 Effective packet storage accounting for RAID and metadata overheads and assuming a 4.5:1 ratio for compression and Smart Truncation of packet data
2 Effective packet storage accounting for RAID and metadata overheads and assuming a 2:1 ratio for compression and Smart Truncation of packet data
3 Write-to-disk performance is influenced by the number of flows-per-second. Actual performance could be as much as 30% higher than the stated figure.