StealthWatch Management Console

Manage Your StealthWatch Appliances from a Single Console

Armed with graphical representations of network traffic,                                                                         customizeStealthWatch SMCd summary reports, and integrated security and network intelligence for drill-down analysis, administrators can easily identify internal and external attacks, network exposures and policy violations. The StealthWatch Management Console also enhances network management through trend analysis, firewall and capacity planning, interdepartmental billing and performance monitoring.

StealthWatch Management Console Benefits:

  • Centralized management, configuration and reporting for multiple StealthWatch sensors and collectors
  • Real-time data correlation, traffic visualization and consolidated reporting
  • Easily understood graphics with rapid drill-down to essential network behavior details
  • Flexible deployment options, including virtual

Read the StealthWatch Management Console datasheet.

The StealthWatch Management Console (SMC) manages, coordinates and configures StealthWatch appliances and flow collectors (NetFlow, IPFIX, sFlow) to correlate security and network intelligence from StealthWatch components deployed at critical segments throughout the enterprise. This ability to deliver real-time insight into current network behavior increases network and security team efficiency and decreases operating costs, while simultaneously improving overall security posture and operational awareness.

Featuring Java-based platform independence, the SMC enables instant data correlation, traffic visualization and consolidated reporting. Administrators can detect and prioritize security threats, pinpoint network misuse and suboptimal performance, and manage incident response across the enterprise — all from a single control center.

Available as a physical or virtual appliance, the StealthWatch Management Console provides the following features to cost-effectively optimize security and network operations across the enterprise:

Insightful real-time reporting

The StealthWatch Management Console provides valuable insight into network usage via pre-defined, customizable XML-based reports that include source/destination IP address, services, time period, traffic protocol and bandwidth levels. Administrators use this information to perform essential security and network management tasks, such as creating and assessing security policies; ensuring proper configuration of firewalls, servers and other network devices; and identifying trends in order to anticipate and remedy potential problems.

Efficient centralized administration across distributed enterprise deployments

The SMC simplifies remote administration for multiple StealthWatch sensors and collectors regardless of physical location. Administrators centrally define and implement hierarchical security zones, security and network usage policies and various appliance configuration parameters. Low bandwidth transmissions between StealthWatch appliances and the SMC maximize performance with minimal impact on normal network operations. In addition, the SMC provides streamlined integration between the StealthWatch System and standard network management applications.

Customizable and flexible graphical visualization of security and network events and behavior

Advanced graphics and customizable preferred views of network activity deliver unique insight into the security and usage of the network. Graphical displays of network traffic relationships and security intelligence help network and security teams understand traffic patterns and identify deviations from normal network behavior. This visualization aids the detection of Denial of Service (DoS) and Distributed Denial of Service attacks, worms, pre-attack reconnaissance and network misuse. The StealthWatch Management Console also helps administrators identify network bottlenecks, spot malfunctioning network devices and perform capacity planning to optimize network performance.

Drill-down analysis of security and network events

The StealthWatch Management Console correlates data across the enterprise for in-depth, root-cause analysis and rapid recognition of network and security trends. Drill-down analysis into alarms, host-level activity and suspicious network behavior enables administrators to quickly prioritize and respond to contain attacks and mitigate network damage. The console's user-friendly UI intuitively guides administrators through the various layers of information provided by StealthWatch appliances across the network.

Point-of-View™ technology

StealthWatch proves equally valuable for network and security engineers. Point-of-View technology within the StealthWatch Management Console provides a unique, customized view of the network for each IT role. Network engineers see router interface statistics, top talkersand trending reports. Security analysts receive reports detailing policy violations, worm outbreaks and other malware traversing the network. StealthWatch Point-of-View technology brings flow-based analysis benefits to the entire IT organization.

Integrated internal and external monitoring

The StealthWatch Management Console employs a high-speed customizable syslog parser to facilitate integration with other network and security technologies such as firewallsIDS/IPS appliances and any other technology capable of exporting syslog messages. As events are received from external systems, they are decoded, correlated with StealthWatch events and stored for later analysis in the StealthWatch Management Console database.

Lancope also offers advanced capabilities for extending behavioral analytics to perimeter technologies such as firewalls. Integrating flow analysis from the internal network with key data from perimeter devices provides greater contextual awareness for improved network and security operations.

Features Network Security
User identity tracking X X
Quick root-cause analysis, troubleshooting X X
Relational flow maps X X
Custom dashboards X X
Custom reports X X
Automated blocking, remediation or rate limiting X X
Top N reports for applications, services, ports, protocols, hosts, peers and conversations X X
Traffic composition breakdown X X
Customizable user interface based on Point-of-View X X
Support for multi-gigabit and large-scale MPLS network environments X X
Advanced flow visualization X X
Massive scalability X X
Combined internal and external monitoring X X
Capacity planning and historical traffic trending X  
WAN optimization reporting* X  
DSCP bandwidth utilization X  
Worm propogration visualization   X
Internal security for high-speed networks   X

* Limited functionality with sFlow

 

SMC 500 and 1000

SMC 2000

Network

Management Port — 10/100/1000 Copper

Database Capacity

1 TB (RAID-5 Redundant)

2 TB (RAID-5 Redundant)

Rack Units (Mountable)

1U

2U

Power

Redundant 500W
Auto Ranging
(100V to ~240V)

Redundant 870W
Auto Ranging
(100V to ~240V)

Heat Dissipation

1,706 BTU per hour maximum

2,969 BTU per hour
maximum

Dimensions

Height:
1.69 in. (4.3 cm)

Width:
17.09 in. (43.4 cm)

Depth:
24.69 in. (62.7 cm)

Height:
3.4 in. (8.64 cm)

Width:
18.99 in. (48.24 cm)

Depth:
28.4 in. (72.06 cm)

Weight

35.02 lb (15.9 kg)

57.54 lb (26.1 kg)

Rails

Sliding Ready Rails with Cable Management Arm

Temperature

Operating: 50°F to 95°F (10°C to 35°C) with a
maximum gradation of 50°F (10°C) per hour

Note: For altitudes above 2,950 feet,
the maximum operating temperature
is derated 1°F per 550 feet.

Storage: -40°F to 149°F (-40°C to 65°C) with a
maximum gradation of 68°F (20°C) per hour

Humidity

Operating Relative: 20% to 80% non-condensing with a
maximum gradation of 10% per hour

Storage Relative: 5% to 95% non-condensing

Vibration

Operating Maximum:
0.26 Grms at 5-500 Hz for 15 minutes

Storage Maximum:
1.54 Grms at 10-250 Hz for 15 minutes

Operating Maximum:
0.26 Gms at 5-350 Hz for 5 minutes

Storage Maximum:
1.54 Gms at 10-250 Hz for 10 minutes

Shock

Operating Maximum:
One shock pulse in the positive Z axis (one pulse on each side of the system) of 31G for 2.6 ms in the operational orientation

Storage Maximum:
Six consecutively executed shock pulses in the positive and negative X, Y and Z axes (one pulse on each side of the system) of 71G for up to 2 ms

Operating Maximum:
Half sine shock in all operational orientations of 31G plus or minus 5% with a pulse duration of 2.6 ms plus or minus 10%

Storage Maximum:
Half sine shock on all six sides of 71G plus or minus 5% with a pulse duration of 2 ms plus or minus 10%; square wave shock on all six sides of 27G with a velocity change at
235 inches per second or greater

Altitude

Operating: -50 feet to 10,000 feet (-16 m to 3,048 m)

Storage: -50 feet to 35,000 feet (-16 m to 10,600 m)

Regulatory
  • FCC (U.S. only) Class A
  • DOC (Canada) Class A
  • CE Mark (EN55022 Class A, EN55024, EN61000-3-2, EN 61000-3-3, EN60950)
  • VCCI Class A
  • UL 1950
  • CSA 950
  • EN 60950

Please call for a complete list.
The SMC Virtual Edition (VE) is designed to perform the same function as the appliance editions, but in a VMware environment. The following table shows the minimum resource requirements for the SMC VE to operate based on the number of FlowCollectors sending it data. However, the SMC VE scales dynamically based on the resources allocated to it. Therefore, for the SMC VE to operate effectively, be sure to allocate resources so that they are reserved for the SMC VE and not shared with any other virtual machines.

 FlowCollectors Concurrent Users Reserved Memory Reserved CPUs
1 Up to 2 4 GB 2
Up to 3 Up to 5 8 GB 3
Up to 5 Up to 10 16 GB 4

Note: More details can be found in the StealthWatch System Capacities & Sizing Guidelines. Contact Sales or a Lancope partner for the document.