Cisco Security and Endace

Endace specializes in high-speed, scalable packet capture for cybersecurity, network, and application performance.

The open, EndaceProbe™ Analytics Platform lets customers record a 100% accurate history of activity on their network and integrates with a range of security and performance tools for fast, accurate incident investigation and resolution. Endace’s Fusion Partners – including Cisco – offer pre-built integrations with the EndaceProbe platform to accelerate and streamline incident investigation and resolution.

EndaceProbes can also host a wide range of network security and performance monitoring tools that need to analyze real-time or historical traffic. This hosting capability enables agile deployment and reduces cost by enabling analytics tools to be deployed quickly and consolidated onto a common hardware platform.

Endace’s global customers include banks, healthcare, telcos, broadcasters, retailers, web giants, governments, and military.

Product Integrations

• Secure Firewall:
  
  Together, Cisco Secure Firewall Threat Defense and EndaceProbes provide joint customers with streamlined, integrated investigation workflows that reduce the time needed to investigate and resolve security threats and events. Analysts can drill down from events they are working on in the Firewall Management Center directly to EndaceVision to view and analyze related packet data from any impacted hosts. This lets them investigate and resolve complex threats quickly and accurately using definitive packet level evidence.
  
  The reliable, scalable, always-on network recording provided by the EndaceProbe platform ensures security teams have access to a complete and accurate record of network activity. With this network history integrated into their security tools, and the ability to search the data to locate packets-of-interest in seconds, analysts can conduct forensic threat investigation, and advanced threat hunting activity quickly and easily.
  
  Additionally, the EndaceProbe can host Cisco Firewall Threat Defense virtual instance on the Endace platform to analyze network traffic in real-time as the EndaceProbe records full packet data. This gives customers the ability to extend security surveillance across more of the network - ensuring rich evidence is available for accurate, back-in-time forensic analysis of threats such as zero-day attacks, lateral movement, and data exfiltration.
• Secure network Analytics:
  
  Cisco Stealthwatch and Endace provide customers with deep packet inspection and analysis in addition to always-on network recording to deliver a comprehensive view of your network’s performance and security. Integrating Cisco Stealthwatch with EndaceProbes lets analysts quickly drill down from issues and events to relevant network traffic from impacted hosts captured before, during, and after the event.
  
  Analysts drill into related full packet data directly from Stealthwatch alerts with a single click, allowing them to supplement the meta-data and NetFlow evidence they have from Stealthwatch with access to full packet payloads. This lets them quickly and accurately determine the full scope of any threat and identify precisely what data may have been exfiltrated or modified which systems were affected and how they were compromised.
  
  Additionally, the EndaceProbe platform can host the Cisco Stealthwatch Flow Agent to generate NetFlow data for Stealthwatch at the point of traffic capture. This can expand monitoring coverage of network traffic, providing richer insight into potential security issues.
  
  Together Cisco Stealthwatch and Endace’s always-on, network-wide packet capture can accelerate incident response and elevate security teams’ threat hunting capabilities.