Build or Buy?

A 5-Year total cost of ownership analysis of off-the-shelf versus home-grown packet capture solutions

In this guide, author Tim Dales (VP of Labs and analyst at IT Brand Pulse) leads readers through his build versus buy analysis of two personas and their associated approaches to Full Packet Capture

Two Different Approaches to Implementing a Packet Capture Solution

Tim looks at two different approaches organizations might take to implementing a packet capture solution:

Approach One: building your own solution using open-source tools

This enterprise IT organization believes that packet capture is necessary, but may or may not be business critical. They have a successful track record of “do it yourself” (DIY) and will approach Network Packet Capture the same way. There must be a good reason NOT to do it yourself. 

Approach Two: deploying a packet capture solution that is business critical 

This enterprise IT organization believes Full Packet Capture is business critical. Not only for the security and network teams, but also for the DevOps team that is developing new applications to fulfil the organization's digital transformation strategies. 

Access to packet data helps to quickly stop the finger-pointing between apps and NetOps teams when there’s an issue. Security Engineers need Full Packet Capture to quickly remediate threats before they become breaches. They all believe 100%, real-time packet capture is critical for their success and the organization has elected to go to expert vendors to get a best-in-class solution.

What to Evaluate?

The intent of this guide is to determine whether organizations should build or buy a Full Packet Capture solution. 

In both the build and buy options, we consider the following use case: 

Configure disks and servers required to build a packet capture system with 14 days retention, 10Gbit average sustained rate, and 40Gbit per second maximum capture rate. 

Key takeaways: 

  • Costs Comparison: An analysis of the hardware, software, installation, and maintenance of both build and buy approaches to Full Packet Capture. This includes front-end development and integration considerations, time to market, and an in-depth look at the benefits of a partner ecosystem to support integration with other tools such as SIEM, Security, SOAR, AAA, Logging, etc. 
  • Total Cost of Ownership in both the build and buy approaches to Full Packet Capture: Understanding all costs, including hardware, software, installation, maintenance, development personnel, and ongoing support personnel to get the complete picture. 
  • Risk Assessment: Understanding the key elements of risk in both the build and buy approaches to Full Packet Capture, including risks in the developmental stage, project timelines, expertise of personnel, ongoing support, technical assistance, software updates, bug fixes, and scalability.

Download the Report

Download a free copy of this report.

Who is Endace?

Endace specializes in scalable, high-speed, high-performance packet capture. Our solutions are used by some of world’s biggest organizations on some of the fastest networks on the planet.

If you are looking for a packet capture solution, we’d love to show you why Endace is the best choice. Contact us to book a demo or ask a question.

Contact us