SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Endace targets DDOS-backed security breaches
Thu, 2nd Jun 2016
FYI, this story is more than a year old

​​Network monitoring firm Endace is targeting DDOS security breaches, launching its EndaceProbe 8100 Series Network Protectors.

DDOS attacks are often used to camouflage simultaneous attack activity, such as malware installation or data exfiltration. According to the company, these attacks can overwhelm monitoring systems, flooding them with so much traffic that they fail completely under the load, or generate so many alerts it becomes impossible to see what other concurrent activity may be taking place.

The new 8100 Series can capture and store network traffic at a sustained rate of 40 gigabits per second and is designed to provide ultra-high-speed monitoring and recording for the forensic investigation of network security breaches and performance issues.

The high-performance 8100 Series EndaceProbes not only support sustained 40Gbps recording, but also allow multiple users to data mine and analyse that traffic at the same time, Endace says.

This ensures security teams can continue to access and investigate recorded traffic- even during events such as DDOS attacks when their other monitoring systems may be overwhelmed.

“It's essential to ensure your network monitoring and recording infrastructure can record without loss, even under the heavy of loads you would experience during a DDOS attack,” explains Stuart Wilson, CEO of Endace.

“Being able to reconstruct even the smallest aspect of an attack vector, exactly when you most need it – under heavy DDOS attack - is critical for effective breach analysis and legal audit trail creation,” he says.

Wilson says the new 8100 Series is the first product on the market advanced enough to record traffic from high-speed 40/100GbE networks without loss.

“It can capture traffic at high speed without losing packets, and can write captured data to disk at speeds sufficient to cope with high traffic loads,” he says.

Wilson says multiple EndaceProbes can be connected to form a centrally managed, network-wide monitoring and recording fabric with distributed storage.

“EndaceVision, a browser-based application bundled with every EndaceProbe, provides centralised data mining and visualisation for investigating security and network performance events across an entire network,” he says.