The Endace Fusion Program

Leverage the power of Fusion to maximize the return on your monitoring and recording infrastructure

Endace Fusion Quicklinks

Learn about EndaceVision

Learn about Application Dock

Meet our Fusion Partners

Interested in becoming
an Endace Fusion partner?

Contact us

The Endace Fusion Program

Network and security operations teams use a variety of detection, response and root cause tools, each of them playing an important part in the lifecycle of incident analysis. As an investigation progresses the workflow naturally requires transitioning between tools as the specific functionality of each is required. Often this transition is a multi-window, cut-and-paste effort which is slow, cumbersome and inefficient for analysts who can spend a large amount of time copying data between tools.

These tools often each require their own copy of network packet data to be captured and delivered to the tool. This requires multiple packet broker ports and can involve different capture technologies - from hardware to software. The net result is that the packet history record is different in each tool; packets can get misordered, arrive at different times or be dropped anywhere in this complex data path.

Endace Fusion Technologies are designed to streamline the workflow between tools, whether commercial, open source or custom-developed in-house tools, and provide a single, accurate source of packet history.


Endace Fusion Technologies

Pivot to Packets

Network and security monitoring and detection tools are usually the first to indicate that an anomalous event has occurred. Using Endace's simple REST API, these alerts can be used to build a query to instruct an EndaceProbeā„¢ (either individually or estate-wide) to search for and retrieve the packets associated with an event. With a single click, analysts can retrieve packets of interest from EndaceProbes, instantly making them available for analysis in their tool of choice.

Pivot to Vision

Using a similar workflow, and the same REST API as Pivot to Packets, Pivot to Vision takes the analyst directly from the monitoring and detection tool to EndaceVisionā„¢. Based on the IP address and time range information in the trigger event, Pivot to Vision focuses the analyst directly on visualizations that are pre-filtered using the event data. This pre-filtering allows rapid investigation of the event period in EndaceVision. EndaceVision offers deeper packet drill down as well as the ability to zoom out to look for precursor or post-event packets.

Learn about EndaceVision

Application Dock

With multiple tools often requiring access to the same packet data feed, Application Dock provides a virtual machine environment that enables guest tools and applications to receive an exact copy of the high-fidelity packet stream EndaceProbes capture to disk. Through Endace's vDAG technology, any libPCAP enabled application can run in Application Dock. This allows all tools to leverage the same, high-fidelity source of recorded network packets. Not only does this ensure packet history coherence, it also provides the significant consolidation and Size, Weight and Power (SWaP) benefits of virtualization in the data center.

Learn about Application Dock