Greatly simplify the integration and distribution of multiple types of network and security data by aggregating and providing a single, standardized destination for disparate information.
The Lancope Learning and Development team delivers all there is to know about designing, deploying, operating and maintaining the StealthWatch System for maximum results and ROI. Our team has developed a series of learning paths to support different roles (Network Operations, Security Operations and a general, StealthWatch administration).
With broad customer and industry experience, the Lancope Professional Services team helps organizations optimize their StealthWatch deployment to meet specific business requirements, increase productivity and reduce risk. A unique combination of network and security skills enables the team to quickly and effectively implement StealthWatch to meet the intense demands of today's advanced cyber threat environment.
The Lancope 24/7 Customer Support team provides assistance in planning, installation, training, troubleshooting, maintenance, upgrading and implementation of the StealthWatch System. By providing this additional level of support, Lancope is helping to ensure that our customers are getting optimal usage from their StealthWatch technology.
- Obtain comprehensive, scalable enterprise visibility and security context
- Gain real-time situational awareness of all users, devices and traffic on the network
- Monitor lateral movement using the network as a sensor
- Leverage network behavior anomaly detection and analytics
- Easily detect behaviors linked to APTs, insider threats, DDoS and malware
- Benefit from StealthWatch Labs’ advanced security algorithms
- Collect and analyze holistic network audit trails
- Achieve faster root cause analysis
- Conduct thorough forensic investigations
- Accelerate network troubleshooting and threat mitigation
- Quickly and effectively respond to threats before, during and after a security incident
- Continuously improve enterprise security posture
Leverage the calculator to get an idea of bandwidth consumed when enabling flow on your network.
The most popular follow format in production today, NetFlow v5 is available on a wide range of network equipment. Vendor support includes Cisco, Juniper (who refers to NetFlow v5 as “cflow”), and a variety of open source projects. NetFlow v5’s format is fixed but does provide a useful set of network conversation metadata that is useful in bandwidth bill-back, malware and DoS detection, and network troubleshooting of all types.
Average flow records per 1500 UDP packet: 30
NetFlow v7 is seen when using Cisco equipment such as the Catalyst 6500. NetFlow v7 is similar to NetFlow v5 but includes additional information required for processing flows from network equipment with multiple switching/routing engines (such as the MSFC/Sup2 combination found int eh Cat6k). Unfortunately, NetFlow v7 exports do not include TCP flag combinations and are often less useful for security analysis.
Average flow records per 1500 UDP packet: 28
NetFlow v9 is a flexible and extensible flow format that allows new fields and record types to be added to flow data as the network infrastructure matures. NetFlow v9 can be extended to include powerful information unavailable in NetFlow v1, v5, or v7. NetFlow v9 will eventually replace v5 altogether as the standard flow format used within the network. This calculator option assumes the user is using the default “traditional” NetFlow v9 format found in most IOS-based Cisco devices.
Average flow records per 1500 UDP packet: 34
Packeteer-2 flows originate from Packeteer WAN optimization and traffic policing network appliances. Packeteer-2 includes the same basic information found in NetFlow v5 with the addition of extra application identifier fields that describe the network traffic based on payload rather than the layer-4 port number.
Average flow records per 1500 UDP packet: 22
Lv9 IPv4 is Lancope’s own NetFlow V9 export format used within the StealthWatch FlowSensor technology for IPv4 flows. Lv9 includes all the information found in traditional NetFlow v9 plus additional Lancope vendor specific non-key fields such as separate counters for TCP fields and the “socket initiator” field used for security-focused analysis of network.
Average flow records per 1500 byte UDP: 30
Lv9-IPv6 is Lancope’s own NetFlow v9 export format used within the StealthWatch FlowSensor technology for IPv6 flows. Lv9 includes all the information found in traditional NetFlow v9 plus additional Lancope vendor specific non-key fields such as separate counters for TCP fields and the “socket initiator” field used for security-focused analysis of network flows.
Average flow records per 1500 byte UDP: 30
Use the slider to change the number of records exported per second: