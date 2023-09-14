Endace's probes can record weeks or months of full packet capture across hybrid cloud networks

Cary Wright (Endace) Credit: Supplied

Auckland-based data packet capture specialist Endace has inked a technical partnership with security incident and event management (SIEM) and observability platform provider Elastic.

The partnership brings Endace's scalable hybrid cloud packet capture probe technology together with New York-listed Elastic's Elastic Stack and Elastic Security to deliver packet-level network visibility and network metadata for security and IT teams to respond to security threats and network or application performance issues.

EndaceProbes can record weeks or months of full packet capture across hybrid cloud networks to provide a record of all network activity and complement the logs and metadata captured by Elastic Stack.

In addition, EndaceProbe appliances can host EndaceFlow to generate high-fidelity NetFlow data that can be ingested by Elastic Stack to provide detailed metadata for monitoring the security and performance of networks and interrogating network activity.

Pre-built integration between EndaceProbes and Elastic Stack also delivers streamlined investigation workflows.

Analysts can click on alerts in the Elastic user interface to go directly to the related full packet data recorded by EndaceProbe and quickly view traffic down to individual packet level to see precisely what occurred before, during and after any event.



“The combination of the Elastic Stack and EndaceProbe gives cybersecurity and IT teams the ability to see exactly what’s happening on their network in real-time," said Cary Wright, Endace VP of product.

"When they need to go back in time to investigate any incident, they have a complete record of that activity at their fingertips.”

The ability to pivot from anomalies or security alerts directly to forensic examination of packet-level data enabled quick response to incidents and threat mitigation, Wright said.

Endace's Fusion partner program provides pre-built integrations between industry-leading solutions and EndaceProbe’s API.

Other partners include Cisco, IBM, DarkTrace, Fortinet, Pal Alto, Fortinet and Splunk.

Privately-owned Endace, which was originally born out of research conducted at Waikato University, is known to have supplied technology to the US Defence Information Systems Agency and the UK Government Communications Headquarter (GCHQ).

The company has been linked to the surveillance revelations of US National Security Agency whistleblower Edward Snowden, WikiLeaks' "Spy Files" and leaks reported in The Intercept.





