The US’ Defense Information Systems Agency (DISA) has awarded Auckland-based Endace a packet capture technology contract to support its analysts in defending national and international security.
Endace will deliver "always-on" packet capture and full history search across all internet access points (IAPs).
DISA said the contract was awarded to Endace based on the company’s demonstrated ability to provide scalability, integration with existing tools and global support.
DISA depends on continuous packet capture to defend critical networks and infrastructure, with hundreds of analysts working to neutralise threats around the clock and across the globe.
Endace was originally born out of research conducted at Waikato University.
Given it develops technology that can be used for surveillance it is not uncontroversial. The company has been linked to the surveillance revelations of US National Security Agency whistleblower Edward Snowden, WikiLeaks' "Spy Files" and leaks reported in The Intercept.
"For the DISA contract, Endace worked hard to ensure DISA had the best possible solution for investigating cyber security and network issues in their systems using 100 per cent network recall," Endace CEO Stuart Wilson said.
"Endace values our Five Eyes partnerships and is honoured that DISA has selected us to provide this critical component of its security infrastructure.”
Endace's network probe technology will modernise DISA’s legacy packet capture system to provide: always-on packet capture; scalability to support hundreds of concurrent analysts around the globe; rapid, estate-wide search for real-time and back-in-time forensic data; and the ability to seamlessly add increased bandwidth capacity and storage to meet DISA’s future growth requirements.
“The Endace team are experts in their field, understood our infrastructure and supporting technologies, and enabled the mission to be completed ahead of schedule," said Tinisha McMillan, DISA division chief.
"We’ve been able to speed investigations, create global access and free up analysts that had been tasked with time-consuming maintenance and support of our legacy, in-house system.”
EndaceProbes return results in minutes rather than hours, enabling DISA analysts to work with team members worldwide to quickly investigate and resolve security incidents.
Analysts can access packet data from within their existing security and network tools, enabling seamless workflow integrations with access to full network history.
The ability to support and enhance DISA’s existing workflows enabled quicker user adoption and simplified training for new analysts.
DISA also now has greater storage capacity, greater reliability, and faster search capability in a much smaller footprint.