Security / September 19, 2022

Partner Spotlight: Gigamon and Endace Team Up to Streamline Network and Security Investigations

Endace, headquartered in New Zealand, provides 100 percent accurate network recording while simultaneously hosting your choice of security and performance analytics applications.

We chatted with Endace’s director of technology alliances and global business development, Michael Morris, to learn more about how the company works with Gigamon to provide the critical evidence that network and security teams need for in-depth, back-in-time investigations.

Gigamon: Who is Endace and what is the company history?

Michael: Founded more than 20 years ago, Endace is the world leader in scaled, always-on network recording for cybersecurity, network, and application performance.

Our products protect some of the world’s largest and most critical networks across industries including government, defense, finance, and enterprise for both national and global organizations.

Headquartered in New Zealand, with offices worldwide, the Endace team is laser-focused on high-speed, scalable, always-on network recording that captures every packet that crosses the network. Endace solutions are known for their dependability, recording continuously for years to ensure the evidence is there when security, network, or IT teams need it.

The EndaceProbe’s industry-leading, scalable packet capture and high-speed search capability allows customers to accurately record and search weeks or months of packet capture data for security threat investigation and network or application performance troubleshooting.

The open EndaceProbe platform supports simple workflow integrations with industry-leading security and performance monitoring tools, allowing analysts to quickly access relevant network evidence and significantly accelerate incident response times.

In today’s high-stakes battle for network security, evidence is critical to accurately determine the extent of a security threat or breach. Nothing provides greater insight than a continuous, packet-level record of everything on the network. Put simply, packets don’t lie.

Gigamon: Describe your company culture. What makes you tick? 

Michael: In 1998, the perfect set for the Lord of the Rings and Hobbit movies was discovered in the stunning Waikato District of New Zealand by Sir Peter Jackson. As filming commenced, another creative endeavor was also coming to life nearby, where Endace was developing its first high-speed, hardware-based packet capture technology.

Today, that same creative and innovative streak is at the core of Endace culture. Innovation is treasured, as is a dedication to ensuring customers have an amazing experience with Endace products. Our team is a diverse group of individuals with a common focus on innovation and customer success. What makes us tick is a passion for building the best network recording platform on the planet and helping customers solve the most challenging problems with smart, Endace technology!

Gigamon: If you had to describe Gigamon with just one word, what would it be?

Michael: Collaborative. Gigamon is one of the most collaborative technology partners Endace has. Together, Endace and Gigamon have worked closely to solve many very important customer problems. Our collaboration gives customers the visibility they need to solve cybersecurity incidents and performance issues quickly and easily.

The Endace approach is to work closely with best-in-class technology partners to provide an ecosystem of interoperable technology choices for customers. This strong community of industry-leading partners allows customers to build a robust and cohesive network security and performance monitoring stack. Our collaboration with Gigamon helps us simplify customers’ network management and solve security and performance challenges.

Michael Morris, Endace’s Director of Technology Alliances and Global Business Development

Gigamon: How do you see Endace fitting together with Gigamon to solve your customers’ problems?  

Michael: Gigamon and Endace are extremely complementary. We both provide foundational elements for powerful network security and visibility. The scalable and flexible Gigamon platform provides visibility into all the traffic on the network — getting the right data to the right tools and applications and enabling them to perform their analytical or inspection functions efficiently and effectively.

Endace’s equally scalable network recording platform accurately and continuously records all that traffic. It provides the critical evidence network and security teams need for in-depth, back-in-time investigations, giving them the time and the evidence they need to trace the footsteps of potential threat actors and resolve critical performance issues.

Gigamon: What are some of your market’s specifics, advantages, and challenges when it comes to network security and visibility? 

Michael: Today’s networks are at risk from a huge range of threats. The rapidly evolving threat landscape, exacerbated by rapidly growing traffic volumes and increasing network complexity, necessitates tools that are flexible and scalable and that can provide the definitive evidence IT, NetOps, and SecOps teams need to respond to incidents quickly and confidently.

Teams can’t afford to wait for threats or problems to happen again, so it’s critical they can see exactly what is entering, traversing, and leaving their network when it happens the first time. The combination of a great visibility platform like Gigamon and a scalable network recording platform like Endace ensures the evidence analysts need for comprehensive issue investigation and resolution is accurately captured, preserved, and at their fingertips.

Gigamon: Which Gigamon features stand out the most and make the product outstrip its competitors? 

Michael: Gigamon offers customers the whole package in terms of scalability, performance, port-density, advanced application filtering, de-duplication, decryption, and network detection and response (NDR) capabilities. These capabilities extend the observability of threats and issues across the network via an efficient and easily-managed visibility fabric.

The Gigamon visibility fabric perfectly complements Endace’s recording fabric, which can record all network traffic — including traffic decrypted by GigaSMART® or threats flagged by Gigamon ThreatINSIGHT™ — and provide deep storage capacity for extended lookback.

Gigamon: What’s an anecdote that customers share when they talk about our joint solution? 

Michael: An airline flight data recorder is a great analogy. If an aircraft doesn’t have one, you would have a tough time trying to figure out what caused a crash. Gigamon and Endace are like the sensors and flight data recorders for your network. Together, our solution lets you record everything happening on the network and then look back before, during, and after any incident to see what really happened. With the right data in your hands the root cause of any incident is obvious. 

Gigamon: What is the most memorable moment associated with Gigamon as a partner? 

Michael: I have had the privilege of presenting alongside Gigamon at a number of shows like RSA and Cisco Live over the past several years. In those presentations — which are typically short demonstrations of how Gigamon and Endace work together — I don’t know how many customers have come up to me afterward to say, “I see how Gigamon and Endace can really help me definitively see what is happening on my network, and I didn’t know this was possible.” 

It’s a great feeling seeing a customer realize that by combining our two solutions, they can dramatically simplify their tool stack and ensure they have a full record of everything that happens on their network.

Gigamon: What are the wow moments associated with Gigamon? 

Michael: Some of the wow moments with Gigamon have been when I set off to build customer success stories with our joint solutions, and I found multiple large financial institutions leveraging Gigamon and Endace together to give them visibility and forensics to manage their highly sensitive networks.

I then found multiple healthcare providers, multiple universities, and multiple government agencies all leveraging us both in similar ways. And in each case, our combined solutions gave them greater tool efficiency, longer historical network lookback, and better price-for-performance than other solutions they either had installed or were evaluating.

These repeated customer successes are the wow of how our joint solutions can really make a difference for our mutual customers.

Gigamon: What are some of the new challenges you see in the market that the partnership with Gigamon can solve?

Michael: One of the biggest new challenges for customers is selecting and deploying the right NDR solution to elevate threat prevention. There are a lot of players in this space, and the choices are never straightforward. Gigamon has invested heavily in this space with its new Gigamon ThreatINSIGHT NDR solution, which can be hosted on the open Endace platform as a VM right on the EndaceProbe hardware. This means Endace customers can quickly and easily deploy ThreatINSIGHT on their existing EndaceProbes to see how well it protects their network without requiring major hardware deployment. This flexibility reduces the stress involved in selecting the right NDR tool for your network. 

Gigamon: What are the positive business outcomes as a Gigamon alliance partner? 

Michael: Customers need solutions, not point products. Working with Gigamon allows both of us together to offer our customers a more holistic solution that addresses their security and network monitoring needs better. This is a positive for our resellers, who can add value with joint solutions from both companies.

I am very proud to see the fantastic business outcomes we are achieving for so many of our mutual customers in cost-effectively building flexible cybersecurity stacks that are reliable, scalable, and provide the ultimate in network forensics.

Gigamon: What unique capabilities does this partnership bring to our joint business? 

Michael: Endace is an industry leader in providing scalable, robust, continuous packet capture, and Gigamon is an industry leader in providing scalable, high-performance network visibility solutions.

Together we help some of the largest, most complex, and important networks in the world — protecting critical infrastructure across industries including utilities, government, military, retail, finance, and healthcare.

If our joint solutions can help in those complex, critical environments, then they should be considered as table stakes for other organizations striving for security resiliency too. Together Gigamon and Endace can provide the foundational building blocks that all organizations need to ensure the security and reliability of their networks.

Gigamon: Who is the target audience (such as SecOps, NetOps, or DevOps) for our joint solution, and how do they benefit? 

Michael: Our joint solutions are used by SecOps, NetOps, and DevOps — recorded network evidence is critical for all these teams. 

Once deployed, our joint solution can be shared by all these teams with no additional cost. Endace has built one-click integrations with a variety of industry-leading solutions used by all of these operations teams, allowing analysts to quickly retrieve and review the network traffic related to any incident to establish the root cause and remediate the issue quickly and confidently. 

Gigamon: Which verticals/segments are the best target companies, or where we have seen success, and why? 

Michael: Endace is really strong in industries like government, military, banking and finance, utilities, and healthcare, as these organizations are very sensitive to everything happening on their networks and operate critical infrastructure. 

But with the continued spread and severity of cyberattacks, we are seeing strong growth in other industries too, such as retail, telecommunications, and manufacturing — in fact, any Fortune 2000 enterprise that wants to eradicate uncertainty and be able to definitively identify how far a network threat may have spread or what data might have been taken so they can be sure how to remediate the problem. 

Put simply, if you have analysts in your operations teams that use Wireshark, you can get tremendous value out of deploying EndaceProbes with your Gigamon visibility solutions.

Gigamon: Thank you, Michael, for making time for us and for being such a wonderful partner.


People are talking about this in the Gigamon Community’s Security group.

Share your thoughts today

Back to top