Security Monitoring

High-performance network recording, monitoring and
NetFlow generation for effective network security

Powering more effective security solutions

There are many devices and software tools designed to prevent or detect security violations, including sophisticated intrusion detection system (IDS), intrusion prevention system (IPS), Firewalls and security information and event management (SIEM) security monitoring systems. These tools watch over network activity, identify what is normal and what is suspect, and raise alerts when needed to initiate further investigation.

By integrating these tools with the 100% packet capture of EndaceProbe™ Network Recorders and the full resolution NetFlow from EndaceFlow™ NetFlow Generators, SecOps teams have a seamless way to perform real time security analysis of any event down to the packet level. With EndaceProbes, SecOps teams can capture normal traffic and create a baseline for normal network behavior. Using the integrated EndaceVision™ Network Visualization, alerts and thresholds can be set to detect traffic anomalies.

With Endace’s open API, simple click-through integration between security tools and packet-level information provides an immediate drill down to packets of interest from an identified incident, and the ability to quickly review activity before and after the event. This is particularly important where an attack’s initial objective is to compromise a system from which further internal attacks are mounted.

Endace Application Dock™ is another integrated feature of EndaceProbes and provides a highly optimized virtual hosting environment for third-party applications such as software-based IDS and firewalls. By hosting the security application on the same machine as the stored data, these applications can access a 100% accurate feed of captured traffic in real-time. Valuable time and network resources are also saved by eliminating the need to transfer large amounts of data across the network to be used by the application. EndaceProbe Network Recorders can capture data from multiple 1, 10, 40, and 100Gbps networks.

Network operations (NetOps) teams often have to make a decision as to which features and functions to enable on switches and routers and sometimes choose performance at the expense of network and security monitoring. For instance, NetFlow generation often incurs a high overhead for the switches and routers that generate NetFlow records. During a DDOS attack, the network team may turn off NetFlow in order to keep up with the attacks. When this happens, the security team often loses visibility as to what happening on the network that created the vulnerability in the first place.

By adding dedicated Endace NetFlow generators to a network, the security and network teams have an independent source of highly accurate NetFlow information when an incident occurs. NetFlow generation can be disabled on the switches and routers allowing them to conserve available resources for managing network traffic. EndaceFlow NetFlow Generators can generate pure (unsampled) NetFlow at up to 40Gbps on a single appliance.

The Endace Fusion Ecosystem provides a wide range of commercial and open-source security tools from leading partners that are tightly integrated with Endace products. Application Dock also provides the ability to host custom in-house security applications on EndaceProbes.

Give your SecOps team the power to see what's really happing on the network with these Endace Products

EndaceProbe Network Recorders EndaceVision EndaceFlow Application Dock Endace Fusion Partners