According to a Forrester Consulting Technology Adoption Profile commissioned by Lancope and Cisco, “Enlightened organizations have adopted network flow analysis capabilities to augment their preventative controls, but fail to include the additional context necessary to truly identify malicious activity within their networks.”
The report goes on to say: “To be successful in this advanced threat environment, organizations must adopt new robust detection and analysis capabilities.” While there are many solutions on the market that simply collect and store flow data, or even provide basic analysis, Lancope’s StealthWatch System provides the “additional context” and “robust detection and analysis capabilities” called for by Forrester.
Sophisticated, Behavioral Analysis
By applying sophisticated, behavioral algorithms to NetFlow, IPFIX and other types of flow data, StealthWatch turns it into actionable intelligence for fast, effective troubleshooting. Instead of relying on signature updates to detect attacks, or focusing only on specific types of issues or areas of the network, StealthWatch monitors network and host behaviors as a whole to establish baselines and quickly alarm on a wide range of anomalies across the entire infrastructure. The system also goes a step further to feed these alarms into its proprietary Concern Index™ (CI), which automatically prioritizes the most concerning hosts on the network so they can be dealt with first.
In addition to providing high-level overviews of concerning behaviors, StealthWatch also allows users to drill down into specific alarms, hosts and traffic patterns to obtain more in-depth insight. StealthWatch Host Snapshots, for example, provide a multitude of details on specific hosts, delivering the additional context needed to swiftly mitigate potential security threats. This in-depth network visibility enables organizations to uncover and combat evolving risks including APTs and insider attacks.
Advanced Security Context
The Forrester report also states that, “Security monitoring without contextual information does not provide the insight necessary to detect advanced modern threats. A comprehensive strategy leveraging flow analysis with contextual data is imperative in today’s enterprise.” Forrester cites IP reputation, device data, identity awareness and application recognition as key capabilities for providing this contextual data. StealthWatch delivers all of these capabilities both inherently and in conjunction with industry-leading technology partners.
Internal Host & External IP Reputation
StealthWatch uniquely provides internal host reputation data through the Concern Index, as well as external IP reputation intelligence through the StealthWatch Labs research team and through its partnership with Team Cymru.
Identity & Device Data
Lancope customers can obtain identity data from the StealthWatch IDentity appliance or through Lancope’s integration with the Cisco Identity Services Engine (ISE). Cisco ISE also provides in-depth device data, which is key for addressing BYOD challenges.
Lancope combines deep packet inspection and behavioral analysis to provide application awareness for enhanced network and security troubleshooting. Advanced URL data provides further context for more effective threat mitigation.
Forrester ends its report by saying, “Solutions that offer enhanced visibility and the context necessary to quickly identify and respond to incidents will become strategic investments for enterprises.” The full paper can be accessed here. For more information on StealthWatch for advanced security monitoring, go to: http://www.lancope.com/solutions/security-operations/.
TAGS netflow, network security, stealthwatch, lancope, network visibility, advanced threats, behavioral analysis, cisco systems, identity awareness, concern index, forrester, application awareness, security context, ip reputation, host reputation