StealthWatch Deployment

Deploy Lancope StealthWatch for Complete Network Visibility

Lancope's StealthWatch® System should be strategically deployed to provide optimal coverage of key network segments throughout the network, whether in the internal network, at the perimeter or in the DMZ.

Outside the Firewall

Deploy StealthWatch FlowSensor appliances at the perimeter to monitor traffic flow directed at both internal and DMZ systems, analyze attempted network entry or complement traditional IDS applications.

Inside the Firewall

Deploy the StealthWatch FlowSensor appliances in the data center to monitor traffic and track all access to mission-critical devices.

At Key Network Segments

StealthWatch FlowSensor appliances can be deployed at key network access points such as WAN uplinks and data centers to gain highly granular packet -level metrics.

At Remote Offices

StealthWatch FlowCollector appliances leverage NetFlow, IPFIX and sFlow to extend visibility to remote offices without requiring additional deployments of physical appliances or host agents. Cisco NetFlow, IPFIX or sFlow messages from Brocade, Juniper, HP and Extreme are sent across the network from the remote office locations back to a central StealthWatch FlowCollector appliance.

Hover over the diagram below for more information.

a virtual appliance, provides anomaly detection and network performance monitoring for virtual environments. It extends Lancope's physical network visibility by analyzing virtual network traffic to detect and address configuration problems, inefficiencies in resource allocation, security violations and policy violations before any failure or degraded performance occurs. Advanced URL data, previously unavailable from most flow sources, further expedites network and security troubleshooting. delivers flow-based Response Time Management (RTM) that provides comprehensive visibility of network and server performance metrics. By providing flow-by-flow visibility, the FlowSensor delivers connection information such as Round Trip Time (RTT), Server Response Time (SRT), and Retransmission Ratio (RT%). Advanced URL data, previously unavailable from most flow sources, further expedites network and security troubleshooting. automates user identification, streamlines remediation efforts and delivers powerful auditing capabilities for regulatory compliance. Its agent-less approach enables scalable, cost-effective user tracking and reporting for network optimization and security. Cisco’s Identity Services Engine (ISE) is a next-generation network admission control system that provides customized access to corporate resources based on user/endpoint identity. Integration with the ISE adds to the identity data available for analysis through StealthWatch, including valuable information on the types of devices being used, and where the device is physically located. Through integration with StealthWatch, Cisco ISE users can expand their security and compliance strategies by continuously monitoring user behavior on the network. leverages Cisco NetFlow™ traffic accounting technology or traffic information from sFlow (inherently available in routers and switches from Brocade, HP ProCurve and Extreme) to cost-effectively extend network protection and traffic analysis across geographically dispersed or multi-gig enterprise networks. The FlowCollector can also extend flow-based, behavioral analytics to the perimeter by analyzing data from external technologies such as firewalls. Integrating internal and external monitoring provides greater contextual awareness for improved network and security operations. The FlowCollector is available as a physical or virtual appliance. improves enterprise network performance by aggregating NetFlow, sFlow, syslog and SNMP information in a single, high-speed appliance. This high-speed UDP packet replicator gathers essential network optimization and security information from multiple locations in the FlowReplicator, and then forwards this information in a single data stream to one or more StealthWatch FlowCollector appliances. manages, coordinates and configures all StealthWatch appliances to correlate security and network intelligence across the enterprise. This ability to deliver real-time insight into current network behavior increases network and security team efficiency and decreases operating costs, while simultaneously improving operational awareness and overall security. Available as a physical or virtual appliance.