The Lancope StealthWatch System

StealthWatch Architecture - High Level View of Context Aware Security Analytics

a virtual appliance, provides anomaly detection and network performance monitoring for virtual environments. It extends Lancope's physical network visibility by analyzing virtual network traffic to detect and address configuration problems, inefficiencies in resource allocation, security violations and policy violations before any failure or degraded performance occurs. Advanced URL data, previously unavailable from most flow sources, further expedites network and security troubleshooting. delivers flow-based Response Time Management (RTM) that provides comprehensive visibility of network and server performance metrics. By providing flow-by-flow visibility, the FlowSensor delivers connection information such as Round Trip Time (RTT), Server Response Time (SRT), and Retransmission Ratio (RT%). Advanced URL data, previously unavailable from most flow sources, further expedites network and security troubleshooting. automates user identification, streamlines remediation efforts and delivers powerful auditing capabilities for regulatory compliance. Its agent-less approach enables scalable, cost-effective user tracking and reporting for network optimization and security. Cisco’s Identity Services Engine (ISE) is a next-generation network admission control system that provides customized access to corporate resources based on user/endpoint identity. Integration with the ISE adds to the identity data available for analysis through StealthWatch, including valuable information on the types of devices being used, and where the device is physically located. Through integration with StealthWatch, Cisco ISE users can expand their security and compliance strategies by continuously monitoring user behavior on the network. leverages Cisco NetFlow™ traffic accounting technology or traffic information from sFlow (inherently available in routers and switches from Brocade, HP ProCurve and Extreme) to cost-effectively extend network protection and traffic analysis across geographically dispersed or multi-gig enterprise networks. The FlowCollector can also extend flow-based, behavioral analytics to the perimeter by analyzing data from external technologies such as firewalls. Integrating internal and external monitoring provides greater contextual awareness for improved network and security operations. The FlowCollector is available as a physical or virtual appliance. manages, coordinates and configures all StealthWatch appliances to correlate security and network intelligence across the enterprise. This ability to deliver real-time insight into current network behavior increases network and security team efficiency and decreases operating costs, while simultaneously improving operational awareness and overall security. Available as a physical or virtual appliance.

The StealthWatch System meets the needs of security, network and datacenter administrators with a single platform that provides integrated network intelligence for all parties.

StealthWatch Management Console

  • Centralized reporting and alerting
  • Reduce MTTK
  • Manage multiple devices
  • Up to 3M FPS

StealthWatch FlowCollector

  • Collect NetFlow with NBAR, cFlow, J-Flow,
    Packeteer-2, NetStream, IPFIX and sFlow
  • Flow deduplication

SLIC Threat Feed

  • Leverages global threat intelligence
  • Monitors for known C&C servers
  • Additional layer of protection from advanced malware

StealthWatch FlowSensor

  • Application awareness
  • Packet-level metrics
  • Generate NetFlow v9 & IPFIX

StealthWatch IDentity

  • Advanced user identity tracking
  • Map IP to ID
  • Support for AD and other identity stores
  • DHCP monitoring


Leveraging NetFlow, sFlow, IPFIX and packet capture, the StealthWatch System combines flow-based anomaly detection and network performance monitoring into a single, integrated enterprise platform for security and network operations. By delivering unified visibility across physical and virtual networks, StealthWatch eliminates network blind spots and reduces total network and security management costs.