Endace, which makes packet capture appliances for network forensics, troubleshooting, security, and performance monitoring, has released a new box for branch offices.
The EP-124 Network Analytics Platform is a 1RU appliance with four 1/10GbE links or one 40GbE link. It has 3.8Tbytes of available storage and can write packets to disk at up to 1 Gbps.
The appliance includes software for centralized management of multiple devices, as well as EndaceVision, a browser-based application for analyzing packets on the device itself. Captured packets can also be offloaded or archived for long-term storage or to analyze information across multiple devices.
Besides storing raw packets, the appliance creates flow records to help IT investigation transactions. In addition, Endace uses DPI to identify application types, allowing investigators to filter based on specific applications.
Endace offers a feature it calls Application Dock. This feature lets customers run third-party applications on the appliance, such as a firewall or IPS, performance monitoring software, or open-source tools such as Snort. These third-party applications have to be licensed separately.
The number of applications you can run on the box depends on the appliance type. Endace’s EP-124 can run a maximum of two. These applications are separate from the management and analysis software that’s already included with the product.
Endace builds in CPU, RAM, and disk space that’s separate from the packet capture capability so that third-party applications won’t degrade the device’s recording performance.
The company has partnerships with companies such as Palo Alto Networks, Dynatrace, and Cisco, which have certified specific applications to run on the Endace platform.
Endace says Application Dock is intended to help customers reduce the number of hardware devices they have to deploy at branch and remote offices.
The company has also developed APIs to integrate with third-party security and performance monitoring tools. For instance, Endace APIs can enable a “pivot to packet” feature in which you can jump from an alert in a security or performance monitoring UI into the Endance UI to launch an investigation.
More and more enterprise traffic is being encrypted, including Web apps using SSL/TLS. While that’s good for privacy, it can reduce the utility of captured packets for analysis and forensics.
That’s a problem that every network forensics and security company grapples with, including Endace.
To that end, it has partnered with companies that offer man-in-the-middle products that can intercept and decrypt network traffic. Of course, that means organizations have to purchase these products in addition to the packet capture devices, which adds to the overall cost.
Note that this isn’t an issue just for Endace. Organizations deploying packet capture infrastructure will have to address the monitoring conundrum of encrypted traffic.
Availability And Cost
Endace’s EP-124 is available now. The company declined to quote a price.