Endace showcase recorders for Securing the Network Edge at Black Hat
Endace demonstrates how network-wide monitoring and recording delivers greater visibility to security tools and speeds breach investigation
Endace, a world leader in high-speed network monitoring and recording technology, announced at Black Hat the release of new EndaceProbe™ 114 Network Recorders designed specifically for deployment in branch offices as part of a network-wide monitoring and recording fabric.
Remote offices are attractive targets for attackers looking to gain access to the enterprise network by exploiting less secure remote locations and gaining access to sensitive PCI information. Traditionally, the lack of visibility into branch office traffic has made it challenging for security operations (SOC) teams to monitor and investigate security threats across distributed networks. Without this capability, quantitative breach analysis is often impossible.
As part of a network wide Endace fabric, the EndaceProbe 114 allows network traffic recorded on a remote office network to be centrally mined and analyzed using EndaceVision™, the browser-based application bundled with every EndaceProbe, alongside traffic recorded on high-performance EndaceProbes in core network locations.
Endace CEO, Stuart Wilson says:
“Recorded network traffic provides authoritative evidence for fast and conclusive investigation of security alerts and breaches. The ability to record branch office traffic and enable head office analysts to seamlessly search and mine that traffic gives SOC teams, and the tools they use, complete network-wide visibility, eradicating blind spots and speeding the investigation of security breaches.”
The EndaceProbe 114 is fully SSD-based, ensuring ultra-high reliability and performance, and its compact, short-depth form factor makes it easy and cost-effective to deploy in remote office locations. Leveraging Endace’s proven, 100% accurate DAG™ data capture card technology, the EndaceProbe 114 offers four 10/100/1000BASE-T or optical 1GbE monitoring ports and 3.8TB of onboard RAID storage supporting a sustained 500Mbps write-to-disk rate.
Like all EndaceProbes, the 114 model also supports Application Dock™, allowing it to host a wide range of network security and performance tools, including IDS tools such as SNORT®, Bro™ or Suricata™, and provide them with real-time access to recorded traffic as well as traffic replay for historic analysis. Powerful monitoring, configuration and management through EndaceCMS™ Central Management Server allows EndaceProbes to be centrally managed from head office, reducing the cost and management overhead of deploying a network-wide recording and monitoring fabric.
The new EndaceProbe 114 is on show at Black Hat 2016, booth 1572, where Endace will also be demonstrating how EndaceProbe Network Recorders can be tightly integrated with security tools such as Cisco® FireSIGHT™ Management Center and Splunk™.