StealthWatch™ NC Features
StealthWatch™ NC provides the following features to cost-effectively optimize security and network operations across the enterprise:
Provides L7 visibility
StealthWatch NC performs analysis on packet payload to validate the contents of a given flow match the layer 4 port information. Example: TCP port 80 flows are inspected to verify HTTP traffic is present and not another tunneled protocol such as Kazaa or AOL IM.
Allows for full packet capture and analysis
StealthWatch NC stores a portion of the payload for each flow analyzed and allows for full packet capture of suspicious network traffic. This capability proves especially useful at strategic network locations such as datacenters, Internet connection points, and untrusted network entry points.
OS Fingerprinting
StealthWatch NC provides fingerprinting technology for operating systems running on each host within the network. Operating system analysis alerts on unknown operating systems and multiple operating systems while providing "context" for the operator of the StealthWatch system.
Per-packet, real-time flow-analysis
Flows are assembled on a packet by packet basis within the StealthWatch NC appliance. Per-packet analysis provides near real-time detection of network threats not available with sFlow or NetFlow analysis.
