EndaceProbes are the industry leading solution for high-speed, scalable and accurate recording of network traffic. Designed to record, store and make network packet data available to security and network analysts, EndaceProbes integrate with many best of breed security products to streamline the workflow that an analyst uses to investigate and understand a security incident, providing concrete evidence of what happened, how it happened and what the impact was. This means that organisations can reduce their window of risk, accurately mitigate future attacks and know for certain if customer data has been affected. With the upcoming introduction of GDPR and the need to notify authorities and customers that a breach has occurred, this capability will be essential for any organisation that wishes to protect itself from fines, whilst also protecting its brand.
EndaceProbes are uniquely scalable. Not only can systems be joined together to meet any speed or storage requirement, large numbers of Probes can be searched simultaneously for data that pertains to an incident. This again improves the workflow for analysts, as they no longer have to know where an attack occurred, or even to understand the network topology. Our largest deployment in Europe is over 1200 Probes, all working together to secure a vast and complex network, and all searchable from a single Web UI or API connection.
Another unique feature of the EndaceProbe is that every system has a hypervisor on-board, allowing the Probe to provide a high fidelity stream of packets, either filtered or unfiltered, to any software that is installed in a VM on that Probe. This means that new analytic capabilities can be rolled out very quickly in response to a threat. An example of this is one of our global customers, who were able, in response to threat intelligence, to roll out new IDS capability to 6 datacentres around the world in less than 24 hours and to mitigate threat when it arrived. That same customer was able to roll out a DDoS detection tool to the same 6 datacentres in under 8 hours, a process that would have taken weeks if they did not have EndaceProbes in place.
EndaceProbes also have the ability to Playback traffic that they have recorded. This has huge value in that it allows organisations to apply real-time tools and detection techniques to historic data. For example, if a new zero-day threat emerges, traffic for the past month can be replayed to a detection tool, such as IDS, either in a VM on the Probe or on a separate system to make sure that the organisation has not already been attacked by this vector.