StealthWatch FlowSensor

Achieve Comprehensive Network Visibility with the StealthWatch FlowSensor

In today’s complex business environments, organizations demand continuous access to and fast performance from the business-critical applications they use. When these fail or slow down, network operations and security teams must be able to isolate the root cause and restore performance in both physical and virtual environments quickly and efficiently.

Complicating matters is the fact that with the advent of Web 2.0, as much as 85% of all network traffic now goes through port 80. As a result, distinguishing between individual applications has become increasingly difficult. To optimize performance and secure the network, both network operations and security teams need to know what, when and how applications are in use — and by whom — across the enterprise.

Read the StealthWatch FlowSensor datasheet and find out What's New in StealthWatch.

The StealthWatch FlowSensor from Lancope, the leader in flow collection and analysis, uses a combination of deep packet inspection (DPI) and behavior analysis to identify applications and protocols in use across the network — no matter if they are plain text or use advanced encryption and obfuscation techniques.

Through a combination of behavior analysis and deep packet inspection, the StealthWatch FlowSensor identifies applications and protocols in use across the network and gathers packet-level performance statistics at a fraction of the cost of traditional probe-based devices. Lancope also provides URL information in flow records to more easily identify which applications are causing performance or security problems. The FlowSensor can be installed easily in both physical and virtual environments, and plays a key role in troubleshooting application performance problems and security incidents.

The StealthWatch FlowSensor provides the following key features to cost-effectively optimize security, network operations and application performance across the enterprise:

Application Performance Monitoring

Providing true Layer 7 application visibility, the FlowSensor gathers application information, along with packet-level performance statistics. With unmatched scalability, the FlowSensor provides the all-encompassing visibility needed anywhere from branch offices to 10G data centers at a fraction of the cost of traditional probe-based devices.

The FlowSensor recognizes more than 900 application variants and their classifications, such as:

  • Peer-to-Peer (e.g., BitTorrent, eDonkey and Kazaa)
  • Business-critical (e.g., Exchange, LDAP and SAP)
  • Social media (e.g., Facebook, MySpace and LinkedIn)
  • Streaming audio and video (e.g., YouTube and Pandora)
  • Instant Messaging (e.g., Jabber and MSN)
  • Voice over IP (e.g., Skype, H.323 and SIP)
  • Mobile (e.g., Blackberry)
  • Tunneling (e.g., SSL, IPsec, L2TP and GRE)
  • Standard applications (e.g., HTTP and DNS)
  • Gaming (e.g., World of Warcraft and Xbox)

Diagnose Performance Issues: Application vs. Network vs. Security

Without knowing what is typical for application and network performance in physical and virtual environments, network and security teams cannot proactively determine when latency is a problem. The FlowSensor gathers packet-level performance statistics, which StealthWatch analyzes to build a baseline of application and network performance. If performance degradation occurs, StealthWatch automatically alerts operators and helps isolate the root cause within seconds to a specific application, network or security issue.

In addition, network attacks, viruses, worms and other malware can also impact application performance. StealthWatch zooms in on any unusual behavior and immediately sends an alarm with the contextual intelligence that allows security personnel to take quick, decisive action to mitigate any damage.

If the cause lies with a particular host, StealthWatch can even identify the user involved. Using StealthWatch’s unique drill-down features, operators can go from identifying the issue to isolating the root cause within seconds, thereby reducing Mean Time To Know (MTTK), enhancing operational efficiency and reducing costs.

Advanced URL Data

Lancope also provides URL information in flow records generated by the FlowSensor. Previously unavailable from most flow sources, URL data enables administrators to see exactly which web sites users are going to, as well as the file path, to more easily identify which applications are causing performance or security problems. Administrators can identify both the hostname of the server, as well as any error messages within the flow, for faster network troubleshooting.

Complete, Scalable Packet-Level Visibility from Branch Offices to 20G Data Centers

The FlowSensor is available either as a lightweight 1U appliance or as a virtual image. The available appliances include the compact form-factor FlowSensor 250, which offers a throughput of 100 Mbps for lower bandwidth areas of the network, and scale up to the FlowSensor 4000 for monitoring 20G networks.

For virtual environments with limited system resources, the FlowSensor VE (Virtual Edition) enables operators to see the same detailed traffic statistics for their virtual networks as they can see for their physical networks, effectively eliminating the blind spots often associated with virtualized environments.

 

FS 250*

FS 1000*

FS 2000*

FS 3000*

FS 4000*

Communications

Throughput
(512 byte)
100 Mbps 1.0 Gbps 2.5 Gbps 5.0 Gbps 20.0 Gbps

Throughput
(64 byte)

40 Mbps

400 Mbps

800 Mbps

1.2 Gbps

4.0 Gbps

Interfaces

Management Port

1 Cu; 10/100/1000

Monitor Port

2 Cu; 10/100/1000

3 Cu; 10/100/1000

5 Cu or 3 Cu and 2 optical fiber; 10/100/1000

2 optical fiber; 10 GB 4 optical fiber; 10 GB

Console Port

Serial

Serial, KVM *

Physical

Hardware Platform FW-7565B-LC1 R210II R620
Hardware Generation FW-7565D 11Gv2   12G

Form Factor

1U-Short Rack (Stackable)

1U Rack (Stackable)

Height

4.5 cm
(1.75 in.)

4.24 cm
(1.67 in.)

4.3 cm (1.68 in.)

Width

43 cm
(16.93 in.)

43.4 cm
(17.09 in.)

With rack latches:
48.24 cm (18.99 in)

Without rack latches:
43.4 cm (17.08 in)

Depth

27.5 cm (10.83 in.)

39.37 cm
(15.5 in.)

With power supplies and bezel:
74.3 cm (29.25 in)
Without power supplies
and bezel:

69.2 cm (27.25 in)

Weight

6 kg
(13.23 lbs)

8.058 kg
(17.77 lbs)

18.6 kg (41 lbs) maximum configuration

Rails

Mounting ears

Rack chassis with Versa rail; round holes for third-party racks

Sliding Ready Rails with
Cable Management Arm

Storage

160 GB non-redundant

146 GB RAID-1 Redundant

300 GB (RAID-1 Redundant)

Environmental

Power

Single;
100 W

Single; 250 W

Redundant; 750 W AC,
50/60 Hz
Auto Ranging (100V to 240V)

Heat Dissipation

341 BTUs per hour

1039 BTUs per hour

2891 BTUs per hour maximum

Temperature

Operating:
0° to 55° C 
(32° to 131° F)

Storage:
-20° to 70° C
(-4° to 158° F)

Operating:
10° to 35° C
(50° to 95° F)

Storage:
-40° to 65° C
(-40° to 149° F)

Operating: 10° to 35° C (50° to 95° F) at 10% to 80% relative humidity, with 78.8° F (26° C) maximum dew point

Note: For altitudes above 2,952 feet, the maximum allowable dry bulb temperature is derated 17° C (1° F) per 550 feet

Storage:
-40° to 65° C (-40° to 149° F) with a maximum gradation of 20° C (68° F) per hour

Relative Humidity Operating:
5% to 95%
(non-condensing)


Storage:
5% to 95%
(non-condensing)

Operating:
20% to 80%
(non-condensing)
with maximum gradation of 10% per hour

Storage:
5% to 95%
(non-condensing)
Operating: 20% to 80% (non-condensing) at a maximum wet bulb temperature of 84.2° F (29° C)


Storage: 5% to 95% (non-condensing) at a maximum wet bulb temperature of 100.4° F (38° C)

Regulatory Compliance

Please call for a complete list

• CE Emission
• FCC Class A
• RoHS

• FCC (U.S. only) Class A
• DOC (Canada) Class A
• CE Mark (EN55022 Class A, EN55024, EN61000-3-2, EN 61000-3-3, EN60950)
• VCCI Class A
• UL 1950
• CSA 950

*Specs for StealthWatch v6.5
**Supports direct keyboard and monitor for configuration.

To see a full list of the supported applications, click here.

The FlowSensor VE recognizes more than 900 application variants and their classifications, such as:

  • Peer-to-Peer (e.g., BitTorrent, eDonkey and Kazaa)
  • Business-critical (e.g., Exchange, LDAP and SAP)
  • Social media (e.g., Facebook, MySpace and LinkedIn)
  • Streaming audio and video (e.g., YouTube and Pandora)
  • Instant Messaging (e.g., Jabber and MSN)
  • Voice over IP (e.g., Skype, H.323 and SIP)
  • Mobile (e.g., Blackberry)
  • Tunneling (e.g., SSL, IPsec, L2TP and GRE)
  • Standard applications (e.g., HTTP and DNS)
  • Gaming (e.g., World of Warcraft and Xbox)
Deployed on a VMware ESX host, the StealthWatch FlowSensor VE captures vital traffic statistics to address multiple virtualization challenges, including gaining virtual network topological and location awareness, securing virtual networks, demonstrating compliance, controlling VM sprawl and tracking virtual machines when they are moved via VMware VMotion, to help maximize the benefits associated with server virtualization.

Read the StealthWatch FlowSensor datasheet and find out What's New in StealthWatch.


 Minimum Disk Space Requirements VMware ESXi Versions Supported Minimum Memory Requirements Minimum CPU Requirements
1.4 GB 4.0 and 5.0 512 MB 2GHz

The FlowSensor VE recognizes more than 900 application variants and their classifications, such as:

  • Peer-to-Peer (e.g., BitTorrent, eDonkey and Kazaa)
  • Business-critical (e.g., Exchange, LDAP and SAP)
  • Social media (e.g., Facebook, MySpace and LinkedIn)
  • Streaming audio and video (e.g., YouTube and Pandora)
  • Instant Messaging (e.g., Jabber and MSN)
  • Voice over IP (e.g., Skype, H.323 and SIP)
  • Mobile (e.g., Blackberry)
  • Tunneling (e.g., SSL, IPsec, L2TP and GRE)
  • Standard applications (e.g., HTTP and DNS)
  • Gaming (e.g., World of Warcraft and Xbox)

Note: More details can be found in the StealthWatch System Capacities & Sizing Guidelines. Contact Sales or a Lancope partner for the document.