A Platform for Packet Capture and Security Analytics
Organizations face an increasing flood of security alerts every day. Without access to packet capture data, analysts are forced to reconstruct events by correlating multiple data sources such as log files and metadata. The process is slow and often inconclusive.
Our Analytics Platform provides:
- 100% accurate, network-wide packet capture, indexing and recording
- Hosting of third-party security analytics tools in Application Dock, so you can deploy your chosen tools when and where you want, easily and inexpensively.
- Powerful API integration with your existing network security tools to streamline investigations: delivering one-click access to definitive evidence.
Find out how our unique security analytics platform can help reduce cost and increase speed and agility.
Our Fusion Parters
The Fusion Partner Program brings together solutions from leading security and performance analytics vendors who leverage the EndaceProbe's Application Dock hosting and workflow API to integrate Network History into their applications.
Visibility for Security Teams
With access to a packet-level history of network activity, Security Operations (SecOps) analysts can examine the actual packets relating to a security alert and determine, conclusively, what happened. The result is a faster, more accurate response to security threats.
If you get breached, Network History provides the definitive evidence you need to understand how that breach occurred and what the damage was.
Find out how Network History can help with:
For most organizations, the sheer volume of alerts makes investigating every alert impossible. As a result, a significant number of alerts are unexamined - representing an unknown risk.
Detailed network packet data lets security analysts triage alerts more quickly and conclusively, allowing analysts to stop initial threats before they become a security breach.
Security Breach Investigation
Following a security breach, the challenge is to understand exactly how it occurred and what exposure it created. Fast, accurate, investigation is critical to complying with breach notification regulations and minimizing the cost and impact of a breach.
Full packet capture provides definitive evidence for forensic investigations.
Zero Day Threats
Zero Day threats represent one of the greatest challenges to security, because they represent unknown vulnerabilities that security tools are not yet equipped to block or detect. How can you tell if you've been breached before a patch, a new firewall or IDS rule was implemented?
With Network History, security teams can go back in time and quickly analyze captured traffic from the vulnerable time frame.
Advanced Persistent Threats
Sophisticated attackers often combine multiple attack vectors, first to gain access into the network, and then to spread laterally through the network until they achieve their objective.
Network History provides the evidence that links together the phases of a sophisticated attack, giving visibility into the complete attack.
SIM / SIEM Tools
Integrating Network History with SIM / SIEM tools combines an holistic view of security threats with the detailed, packet-level, evidence analysts need to investigate security alerts quickly and conclusively.
Network History helps analysts triage events more quickly so they can focus on the threats that need investigation. Access to packet-level detail makes it possible to identify false-positives and tune detection rules to make IDS tools more effective.
Find out more about our Enterprise Network Recording products
EndaceFabric™ connects multiple EndaceProbe Analytics Platforms to form a network-wide packet recording and analytics hosting fabric that can scale to thousands of monitoring points.
EndaceProbe Analytics Platform
The EndaceProbe™ Analytics Platform is the industry's only fully open packet capture and analytics platform. Deploy and host your chosen analytics tools on-demand without a truck-roll.
InvestigationManager™ provides ultra-fast, network-wide packet search and data-mining across multiple EndaceProbes simultaneously.
EndaceCMS™ Central Management Servers provide centralized administration for the connected appliances in the EndaceFabric. Available as a VM or a physical appliance.
EndaceVision and EndacePackets
EndaceVision™ allows analysts to search for packet history, visualize traffic patterns, zoom in and out, apply filters and examine packets-of-interest in EndacePackets™.
Both EndaceVision and EndacePackets come standard on every EndaceProbe
OEM and System Builder Products
DAG Packet Capture Cards
Endace DAG™ Data Acquisition and Generation Cards are the gold standard in packet-capture cards. Designed for reliability and performance DAG Cards are available for Ethernet, from 10Mbps to 40Gbps, and for SONET/SDH