Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

OPSEC Partners

Lancope, Inc.

Product Version Certified: Stealth Watch 4.0 & Xe

Certified for use with: NG with Application Intelligence

Product Description: Lancope's StealthWatch technology is an award-winning Network Behavior Anomaly Detection (NBAD) solution that provides instant access to real-time network intelligence. The StealthWatch line of appliances, including StealthWatch NC, StealthWatch Xe, and StealthWatch Management Console, enable customers to cost-effectively identify, prioritize and control network threats. StealthWatch appliances dramatically improve network health and security postures.
 
Key Features and Benefits
OPSEC Integration
Additional Information 		Clear Lancope
 

Company Description: Lancope's Network Behavior Anomaly Detection (NBAD) solutions defeat zero-day worms, internal network misuse and other anomalies that compromise network integrity. Integrating security and network management, Lancope's award-winning StealthWatch line of appliances reduces network risks and maximizes network availability by rapidly identifying, prioritizing, and mitigating critical network threats. Defending the networks of Global 2000 organizations, academic institutions and government entities, Lancope's StealthWatch appliances protect over 150 enterprise customers and 15 million hosts worldwide. Lancope is a privately held, venture-backed company headquartered in Atlanta, Georgia. For more information, call 888-419-1462 or visit www.lancope.com.
 
Key Features and Benefits
Following are 5 innovative ways that StealthWatch technology improves network security:
  1. Rapid Attack Detection
    StealthWatch appliances dynamically detect deviations from typical and allowable behavior, as defined by network protocols, automatically tuned baselines and/or administrator-defined policies. This enables detection of zero-day, mutating and encrypted attacks while eliminating the time and inconvenience of continuously updating signature databases.

  2. Prioritize and Mitigate Network Threats
    StealthWatch appliances enhance security teams' efficiency by prioritizing and mitigating malicious network and host behavior. By continuously correlating signs of nefarious behavior and prioritizing threats through a proprietary Concern Index, the appliances improve effectiveness by enabling the network security team to focus on the real threats, not the flood of false positives. StealthWatch appliances also provide enhanced threat mitigation by leveraging organizations' existing network infrastructures.

  3. Reduce Risks and Improve Network Performance
    By pinpointing unauthorized applications, nonessential network services and misconfigured network devices, StealthWatch appliances provide more effective security and network operations while minimizing legal and financial risks. Regardless of obfuscation techniques, StealthWatch identifies popular peer-to-peer file sharing applications that introduce new vulnerabilities, consume significant bandwidth and create substantial liabilities.

  4. Streamline Network Management and Planning
    Network and security teams can analyze network behavior captured by StealthWatch appliances to understand network usage, identify malfunctioning devices and detect trends. StealthWatch appliances helps minimize the impact of network changes, avoid quality of service issues and accelerate the time to migrate or expand network infrastructure.

  5. Complete Network Visibility, Leveraging Network Flow Data
    By combining the industry's leading behavior anomaly detection engine with NetFlow and sFlow data, StealthWatch Xe is the first to realize the true security potential of flow-based monitoring solutions. Compared to competitive solutions, StealthWatch Xe is significantly more flexible and scalable to install and deploy on distributed and multi-gig networks. By leveraging organizations' investments in the existing network infrastructure, StealthWatch Xe delivers the broadest, deepest and most cost-effective coverage for internal network security, providing an early warning of network anomalies, facilitating rapid remediation and tightening perimeter security defenses.

OPSEC Integration
Lancope's StealthWatch appliances apply Network Behavioral Anomaly Detection (NBAD) and employ "surgical mitigation" to contain threats. By leveraging the existing network infrastructure, StealthWatch is able to provide "infrastructure IPS" capabilities without the need for additional inline devices on your internal segments. Check Point's SAM API allows Lancope to leverage this approach by instructing the firewalls to "drop & inhibit" attacks. This mitigation strategy can be applied in a very granular fashion based on the type of attack or area of the network. The blocking period for each alarm type can be set via the StealthWatch appliance interface. An example of this would be StealthWatch detecting an attack for which a signature has not been released. In this case, StealthWatch could instruct the firewall to block this host based on the IP address and port. This action would block the threat while allowing the host to continue legitimate business activity. In addition, each network "zone" can adopt one of three mitigation responses (None, Authorize, or Automatic) at alarm time. This means that StealthWatch appliances can be configured to automatically block attacks in certain areas of the network, but still allow administrators to apply user discretion for those areas that contain critical assets.
 

Additional Information

Lancope Success Story
White Papers, Briefs, and Webinars