ArcSight Adds Support for Lancope’s FlowSensor Appliance
 |
POSTED BY Adam Powers on 09.21.2010 0 comments |
Good news for ArcSight users! ArcSight has added support for NetFlow v9 and more importantly Lancope's FlowSensor appliance. ArcSight users can now gain visibility into network flows without the need to configure routers or involve the network team.
The FlowSensor is a low-cost, appliance-based network device that connects to an Ethernet SPAN port or TAP to generate enhanced NetFlow v9 events suitable for direct integration with ArcSight's Express product line.
NetFlow Without the Hassle
One of the issues holding back the use of NetFlow by security teams is the fact that the network team had to be "on board" with the idea of enabling NetFlow in routers and switches throughout the network. If the network guys weren't already using it, they had to turn it on for the security guys. Unfortunately even though NetFlow is now proven safe, some network teams would still refuse to enter the CLI commands needed to get NetFlow exports going.
Lancope's FlowSensor technology removes this barrier. Simply connect the FlowSensor appliance to an available network SPAN/mirror/tap port and your ArcSight system will have access to richly detailed NetFlow v9 IP connection data that can be used to generate reports, events, or as a forensics tool for contextual analysis of incidents.
The FlowSensor appliance acts as a 24x7 flow-based "network flight recorder". Every IP connection that occurs on the network is captured, translated into a NetFlow v9 event, and forwarded on to the ArcSight system for analysis and storage.
Here's What You Can Expect...
Superior Network Context: NetFlow data merges very well with traditional security events providing a more complete picture of a given incident.
Easy to Deploy: The FlowSensor can be installed and running within minutes without the network teams assistance.
Excellent Forensics Value: Monitor and record 100% of network connections. Even if your traditional IDS missed something, you'll still have flow data to fall back on when investigations begin.
Contact us here for additional information on how you can get a FlowSensor appliance of your own.
Tweet
Post a Comment
Join the conversation. Post a comment using the form below.