The StealthWatch System

Lancope StealthWatch System Product Family

StealthWatch Architecture - High Level View

a virtual appliance, provides anomaly detection and network performance monitoring for virtual environments. It extends Lancope's physical network visibility by analyzing virtual network traffic to detect and address configuration problems, inefficiencies in resource allocation, security violations and policy violations before any failure or degraded performance occurs. Advanced URL data, previously unavailable from most flow sources, further expedites network and security troubleshooting. delivers flow-based Response Time Management (RTM) that provides comprehensive visibility of network and server performance metrics. By providing flow-by-flow visibility, the FlowSensor delivers connection information such as Round Trip Time (RTT), Server Response Time (SRT), and Retransmission Ratio (RT%). Advanced URL data, previously unavailable from most flow sources, further expedites network and security troubleshooting. automates user identification, streamlines remediation efforts and delivers powerful auditing capabilities for regulatory compliance. Its agent-less approach enables scalable, cost-effective user tracking and reporting for network optimization and security. Cisco’s Identity Services Engine (ISE) is a next-generation network admission control system that provides customized access to corporate resources based on user/endpoint identity. Integration with the ISE adds to the identity data available for analysis through StealthWatch, including valuable information on the types of devices being used, and where the device is physically located. Through integration with StealthWatch, Cisco ISE users can expand their security and compliance strategies by continuously monitoring user behavior on the network. leverages Cisco NetFlow™ traffic accounting technology or traffic information from sFlow (inherently available in routers and switches from Brocade, HP ProCurve and Extreme) to cost-effectively extend network protection and traffic analysis across geographically dispersed or multi-gig enterprise networks. The FlowCollector can also extend flow-based, behavioral analytics to the perimeter by analyzing data from external technologies such as firewalls. Integrating internal and external monitoring provides greater contextual awareness for improved network and security operations. The FlowCollector is available as a physical or virtual appliance. manages, coordinates and configures all StealthWatch appliances to correlate security and network intelligence across the enterprise. This ability to deliver real-time insight into current network behavior increases network and security team efficiency and decreases operating costs, while simultaneously improving operational awareness and overall security. Available as a physical or virtual appliance.

The StealthWatch System:

StealthWatch Management Console - available as a physical or virtual appliance - manages, coordinates and configures all StealthWatch appliances to correlate security and network intelligence across the enterprise. This ability to deliver real-time insight into current network behavior increases network and security team efficiency and decreases operating costs, while simultaneously improving operational awareness and overall security.
More Details

StealthWatch FlowCollector™ leverages Cisco NetFlow traffic accounting technology or traffic information from sFlow (inherently available in routers and switches from Brocade, HP ProCurve and Extreme) to cost-effectively extend network protection and traffic analysis across geographically dispersed or multi-gig enterprise networks. The FlowCollector is also available as a virtual appliance, and also supports IPFIX.
More Details

StealthWatch FlowSensor™ delivers flow-based Response Time Management (RTM) that provides comprehensive visibility of network and server performance metrics. By providing flow-by-flow visibility, the FlowSensor delivers connection information such as Round Trip Time (RTT), Server Response Time (SRT) and Retransmission Ratio (RT%). The FlowSensor also provides advanced URL data to further expedite network and security troubleshooting.
More Details

StealthWatch IDentity™ automates user identification, streamlines remediation efforts and delivers powerful auditing capabilities for regulatory compliance. Its agent-less approach enables scalable, cost-effective user tracking and reporting for network optimization and security. Identity data is also available through integration with the Cisco Identity Services Engine (ISE).
More Details

StealthWatch FlowReplicator™ improves enterprise network performance by aggregating flow data, syslog and SNMP information in a single, high-speed appliance. This high-speed UDP packet replicator gathers essential network optimization and security information from multiple locations in the FlowReplicator, and then forwards this information in a single data stream to one or more StealthWatch FlowCollector appliances. The FlowReplicator is available as a physical or virtual appliance.
More Details

The SLIC Threat Feed draws upon global threat intelligence to provide an additional layer of protection from botnets and other sophisticated attacks. By correlating suspicious network activity with data on thousands of known C&C servers, the threat feed provides a more complete picture for early threat detection and fast, effective incident response.
More Details