Endace OSm 7.3 Transforms Network Forensics with 50x Speed Boost

AUCKLAND, New Zealand & AUSTIN, Texas – January 20, 2026 – Endace, a specialist in network packet capture, has released a significant software update that dramatically accelerates security investigations and deepens integration with automated defense systems. The new OSm 7.3 software promises to slash network data search times by up to 50 times, transforming a process that once took minutes into a near-instantaneous task.

The release comes as organizations face mounting pressure from two fronts: an increasingly sophisticated threat landscape and a complex web of regulatory requirements demanding robust forensic capabilities. By making packet-level data—widely considered the ultimate source of truth in network events—faster and more accessible, Endace aims to shift packet capture from a niche, reactive tool to an essential, everyday component of modern security operations.

"We are at a critical moment where teams are realising the value of packet capture as a tool they use every day," said Stuart Wilson, CEO of Endace, in the announcement. "The regulatory environment demands it, the threat landscape requires it, and now the technology makes it practical for every organization."

From Minutes to Seconds: A Revolution in Search Performance

The headline feature of OSm 7.3 is its completely re-architected search capability. Endace claims that queries across vast stores of packet data that previously took 45 to 60 seconds can now be completed in just one to two seconds. This leap in performance effectively eliminates the frustrating wait times that have long plagued security analysts during high-stakes incident response.

For a Security Operations Center (SOC) analyst under pressure to identify the scope of a breach, this time saving is more than a convenience; it's a strategic advantage. The ability to rapidly pivot and query petabytes of historical network data allows for faster threat validation, more accurate impact assessment, and quicker containment. The EndaceVision interface, which provides visualization of the data, now presents results and metadata almost instantaneously, doing away with progress bars and allowing for a more fluid, uninterrupted investigative workflow.

This performance boost places Endace in a formidable position within the competitive network visibility market. While some alternative solutions can take tens of minutes to search large datasets, OSm 7.3's sub-second performance for common queries sets a new industry benchmark. This speed is critical in making deep packet intelligence practical for continuous, proactive threat hunting, rather than just post-mortem analysis of major incidents.

Automating the Evidence Trail with the Vault REST API

Beyond raw speed, OSm 7.3 introduces a fundamental change in how packet data integrates with the broader security ecosystem. The new Vault REST API allows other security platforms—such as Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), and Extended Detection and Response (xDR) systems—to programmatically access and archive packet evidence.

This capability was developed based on real-world experience from operating SOC events with leading vendors like Cisco, Splunk, and Palo Alto Networks. It enables an automated workflow where an alert from a firewall or intrusion detection system can trigger an API call to EndaceProbes. The system then automatically mines the relevant packets, extracts critical forensic data—such as raw packet captures (pcap), reassembled files, and Zeek logs—and attaches it directly to the incident ticket.

"Building on what we learned, the Vault REST API makes packet intelligence a native component of automated security workflows rather than a manual fallback option," explained Cary Wright, VP of Products at Endace. "When access is fast and flexible, packet evidence becomes an invaluable part of everyday security operations, dramatically accelerating incident investigation and response and improving detection.”

This intelligent archiving ensures that crucial evidence is preserved in a secondary "vault" storage, safe from being overwritten and available for long-term analysis. For analysts, this means the definitive evidence they need is already waiting for them within their primary investigation platform, eliminating the need to manually switch tools and hunt for data.

A Shield Against Regulatory Scrutiny

The enhanced capabilities of OSm 7.3 arrive at a time of heightened regulatory oversight. Mandates like Europe's Digital Operational Resilience Act (DORA) and General Data Protection Regulation (GDPR), along with industry-specific rules like HIPAA for healthcare and PCI-DSS for finance, impose strict requirements for data protection, incident reporting, and forensic evidence retention.

Failure to demonstrate control and provide detailed evidence during a post-breach audit can result in severe financial penalties and reputational damage. The ability to instantly access and present irrefutable, packet-level evidence of what transpired on the network is becoming a cornerstone of modern compliance strategy. The speed and automation delivered by OSm 7.3 directly address this need, allowing organizations to quickly reconstruct event timelines and prove due diligence to auditors.

Endace's commitment to this space is further underscored by its broader security credentials. Its products have recently achieved NIST FIPS 140-3 validation for cryptographic security and Common Criteria certification (NDcPP v2.2e), and are listed on the U.S. Department of Defense Information Network Approved Products List (DoDIN APL). This combination of performance and certified security provides organizations with a powerful tool for both defending their networks and satisfying the exacting demands of regulators.

Making Advanced Forensics More Accessible

With this release, Endace is actively working to democratize access to advanced network forensics. The company's vision, as articulated by its leadership, is to make packet capture "universal" and "affordable," lowering the barrier to entry for organizations that may have previously found such technology too complex or costly.

The improved user experience and API-driven automation reduce the need for specialized expertise, allowing a broader range of IT and security professionals to leverage the power of packet data. This accessibility is crucial for medium-sized businesses and organizations with smaller security teams who face the same threats as large enterprises but often with fewer resources.

Furthermore, the solution is designed for the reality of modern hybrid infrastructures. EndaceProbes can be deployed across on-premise data centers, private clouds, and public cloud environments like AWS and Azure, providing a unified, single-pane-of-glass view for network traffic analysis. This comprehensive visibility is essential for securing distributed workloads and ensuring that no segment of the network becomes a blind spot. By offering scalable solutions that can grow from a single probe to over a hundred, the platform can adapt to the needs of organizations of any size, reinforcing the goal of making this critical visibility practical for all.

The OSm 7.3 update is now available for all existing EndaceProbe models, ensuring that the company's current customer base can immediately benefit from these significant advancements in speed and automation.