Endace has announced at Black Hat conference the release of new EndaceProbe 114 Network Recorders designed specifically for deployment in branch offices as part of a network-wide monitoring and recording fabric.
Remote offices are attractive targets for attackers looking to gain access to the enterprise network by exploiting less secure remote locations and gaining access to sensitive PCI information. Traditionally, the lack of visibility into branch office traffic has made it challenging for security operations (SOC) teams to monitor and investigate security threats across distributed networks. Without this capability, quantitative breach analysis is often impossible.
As part of a network wide Endace fabric, the EndaceProbe 114 allows network traffic recorded on a remote office network to be centrally mined and analyzed using EndaceVision, the browser-based application bundled with every EndaceProbe, alongside traffic recorded on high-performance EndaceProbes in core network locations.
“Recorded network traffic provides authoritative evidence for fast and conclusive investigation of security alerts and breaches,” says Endace CEO, Stuart Wilson. “The ability to record branch office traffic and enable head office analysts to seamlessly search and mine that traffic gives SOC teams, and the tools they use, complete network-wide visibility, eradicating blind spots and speeding the investigation of security breaches.”
The EndaceProbe 114 is fully SSD-based, ensuring ultra-high reliability and performance, and its compact, short-depth form factor makes it easy and cost-effective to deploy in remote office locations. Leveraging Endace’s proven, 100% accurate DAG data capture card technology, the EndaceProbe 114 offers four 10/100/1000BASE-T or optical 1GbE monitoring ports and 3.8TB of onboard RAID storage supporting a sustained 500Mbps write-to-disk rate.
Like all EndaceProbes, the 114 model also supports Application Dock, allowing it to host a wide range of network security and performance tools, including IDS tools such as SNORT, Bro or Suricata, and provide them with real-time access to recorded traffic as well as traffic replay for historic analysis. Powerful monitoring, configuration and management through EndaceCMS Central Management Server allows EndaceProbes to be centrally managed from head office, reducing the cost and management overhead of deploying a network-wide recording and monitoring fabric.