Detect Anomalous Traffic and Behaviors
Lancope’s StealthWatch® provides industry-leading network visibility and security intelligence for faster, more precise threat detection, incident response and forensics. By leveraging NetFlow and other flow data from existing infrastructure, the system cost-effectively turns the entire network into a sensor grid for detecting anomalous traffic and behaviors – including zero-day malware, DDoS attempts, insider threats and APTs.
- StealthWatch Management Console – available as a physical or virtual appliance – manages, coordinates and configures all StealthWatch appliances to correlate security and network intelligence across the enterprise. This ability to deliver real-time insight into current network behavior increases network and security team efficiency and decreases operating costs, while simultaneously improving operational awareness and overall security.
- StealthWatch FlowCollector leverages Cisco NetFlow traffic accounting technology or traffic information from sFlow (inherently available in routers and switches from Brocade, HP ProCurve and Extreme) to cost-effectively extend network protection and traffic analysis across geographically dispersed or multi-gig enterprise networks. The FlowCollector is also available as a virtual appliance, and also supports IPFIX.
- StealthWatch FlowSensor delivers flow-based Response Time Management (RTM) that provides comprehensive visibility of network and server performance metrics. By providing flow-by-flow visibility, the FlowSensor delivers connection information such as Round Trip Time (RTT), Server Response Time (SRT) and Retransmission Ratio (RT%). The FlowSensor also provides advanced URL data to further expedite network and security troubleshooting.
- StealthWatch IDentity automates user identification, streamlines remediation efforts and delivers powerful auditing capabilities for regulatory compliance. Its agent-less approach enables scalable, cost-effective user tracking and reporting for network optimization and security. Identity data is also available through integration with the Cisco Identity Services Engine (ISE).
- StealthWatch FlowReplicator improves enterprise network performance by aggregating flow data, syslog and SNMP information in a single, high-speed appliance. This high-speed UDP packet replicator gathers essential network optimization and security information from multiple locations in the FlowReplicator, and then forwards this information in a single data stream to one or more StealthWatch FlowCollector appliances. The FlowReplicator is available as a physical or virtual appliance.
The SLIC Threat Feed draws upon global threat intelligence to provide an additional layer of protection from botnets and other sophisticated attacks. By correlating suspicious network activity with data on thousands of known C&C servers, the threat feed provides a more complete picture for early threat detection and fast, effective incident response.