Products & Services from Lancope

With the StealthWatch Management Console (SMC), administrators can easily view, understand and act upon a plethora of network and security data all through a single interface. Snapshot views and sophisticated drill-down capabilities provide the exact level of information you need exactly when you...

The StealthWatch FlowCollector collects and analyzes vast amounts of valuable data from existing network infrastructure to provide a complete, cost-effective picture of everything happening in an enterprise environment. Sophisticated behavioral analytics and advanced security context enable early...

The StealthWatch FlowSensor uses a combination of deep packet inspection (DPI) and behavioral analysis to identify applications and protocols in use across the network -- no matter if they are plain text or use advanced encryption and obfuscation techniques. It also gathers packet-level performance...

The UDP Director™ ( formerly known as the StealthWatch FlowReplicator ) is a high-speed, high-performance appliance that receives essential network and security information from multiple locations, and then forwards it in a single data stream to one or more destinations, such as the StealthWatch...

The StealthWatch Labs Intelligence Center (SLIC) Threat Feed collects data on real-world attacks and correlates it with suspicious network behavior to deliver additional protection against the top threats lurking online.

The StealthWatch IDentity allows administrators to quickly reveal who is causing specific security or performance issues on the network for faster remediation. With the IDentity appliance, users can be held accountable for negligent or malicious actions that contribute to damaging insider threats,...
The Lancope Learning and Development team delivers all there is to know about designing, deploying, operating and maintaining the StealthWatch System for maximum results and ROI. Our team has developed a series of learning paths to support different roles (Network Operations, Security Operations...
With broad customer and industry experience, the Lancope Professional Services team helps organizations optimize StealthWatch deployments to meet specific business requirements, increase productivity and reduce risk. A unique combination of network and security skills enables the team to quickly...
Enterprise Premium The Lancope Enterprise Premium Support Offering is designed to provide an enterprise customer proactive and reactive support along with the ongoing customer management they will need to make their implementation and continued use of the StealthWatch System a success. This type of...
  • Monitor
    Obtain comprehensive, scalable enterprise visibility and security context.
    Gain real-time situational awareness of all users, devices and traffic on the network.
    Monitor lateral movement using the network as a sensor.
  • Detect
    Leverage network behavior anomaly detection and analytics.
    Easily detect behaviors linked to APTs, insider threats, DDoS and malware.
    Benefit from StealthWatch Labs’ advanced security algorithms.
  • Analyze
    Collect and analyze holistic network audit trails.
    Achieve faster root cause analysis.
    Conduct thorough forensic investigations.
  • Respond
    Accelerate network troubleshooting and threat mitigation.
    Quickly and effectively respond to threats before, during and after a security incident.
    Continuously improve enterprise security posture.

Bandwidth Calculator

Leverage the calculator to get an idea of bandwidth consumed when enabling flow on your network.

The most popular follow format in production today, NetFlow v5 is available on a wide range of network equipment. Vendor support includes Cisco, Juniper (who refers to NetFlow v5 as “cflow”), and a variety of open source projects. NetFlow v5’s format is fixed but does provide a useful set of network conversation metadata that is useful in bandwidth bill-back, malware and DoS detection, and network troubleshooting of all types.

Average flow records per 1500 UDP packet: 30

NetFlow v7 is seen when using Cisco equipment such as the Catalyst 6500. NetFlow v7 is similar to NetFlow v5 but includes additional information required for processing flows from network equipment with multiple switching/routing engines (such as the MSFC/Sup2 combination found int eh Cat6k). Unfortunately, NetFlow v7 exports do not include TCP flag combinations and are often less useful for security analysis.

Average flow records per 1500 UDP packet: 28

NetFlow v9 is a flexible and extensible flow format that allows new fields and record types to be added to flow data as the network infrastructure matures. NetFlow v9 can be extended to include powerful information unavailable in NetFlow v1, v5, or v7. NetFlow v9 will eventually replace v5 altogether as the standard flow format used within the network. This calculator option assumes the user is using the default “traditional” NetFlow v9 format found in most IOS-based Cisco devices.

Average flow records per 1500 UDP packet: 34

Packeteer-2 flows originate from Packeteer WAN optimization and traffic policing network appliances. Packeteer-2 includes the same basic information found in NetFlow v5 with the addition of extra application identifier fields that describe the network traffic based on payload rather than the layer-4 port number.

Average flow records per 1500 UDP packet: 22

Lv9 IPv4 is Lancope’s own NetFlow V9 export format used within the StealthWatch FlowSensor technology for IPv4 flows. Lv9 includes all the information found in traditional NetFlow v9 plus additional Lancope vendor specific non-key fields such as separate counters for TCP fields and the “socket initiator” field used for security-focused analysis of network.

Average flow records per 1500 byte UDP: 30

Lv9-IPv6 is Lancope’s own NetFlow v9 export format used within the StealthWatch FlowSensor technology for IPv6 flows. Lv9 includes all the information found in traditional NetFlow v9 plus additional Lancope vendor specific non-key fields such as separate counters for TCP fields and the “socket initiator” field used for security-focused analysis of network flows.

Average flow records per 1500 byte UDP: 30

+Open Description

Use the slider to change the number of records exported per second:

6
9,000
61.52Kbps

Cisco & Lancope Partnership

Cisco leverages Lancope’s StealthWatch System to protect its vast global network and power the Cisco Cyber Threat Defense Solution.