StealthWatch IDentity

Discover Who Caused the Problem and Who Is Affected with StealthWatch Identity Awareness

Lancope's StealthWatch identity awareness provides a direct linkage between individual users and specific network events. By combining StealthWatch's flow-based security and network performance monitoring technology with advanced user identity tracking, organizations can automatically connect any network event within the enterprise with the user or users who caused the event. Administrators can simply search the user name or IP address associated with the event from the StealthWatch Management Console and the system returns the appropriate real-time information.

User-centric monitoring capabilities also allow network and security teams to run flow queries and reports based on user names. Administrators can also search on user names, as well as obtain a User Snapshot outlining a specific person’s network activity – including any anomalous behavior or alarms triggered. This data is invaluable for combating advanced attacks including APTs and insider threats, as well as for improving incident response, forensics and compliance.

Identity data can be obtained from the StealthWatch IDentity appliance (more details below) or through integration with the Cisco Identity Services Engine (ISE). Lancope also consumes user names within NetFlow records from Cisco ASA appliances to provide an additional identity data source.

StealthWatch IDentity is a powerful, real-time solution that requires no agent or service running on an identity or authentication server. Administrators simply click on any IP address within the StealthWatch Management Console and specify a date range or point in time. The IDentity can even connect a username with all the IP addresses into which it is currently logged on. Multiple administrators can access this data simultaneously, making the IDentity appliance an ideal tool for both network optimization and security across the enterprise.

Network and security administrators gain the ability to connect network transactions with individual users through the IDentity, which in turn means that users can be held accountable for their actions, and unexpected user needs can be better anticipated and met. This capability significantly improves audit controls for regulatory compliance, since administrators can immediately identify the party responsible for a hardware, software or security issue. The IDentity also simplifies identifying other users affected by an event, so that quarantine and corrective actions can be taken sooner.

This 24x7 monitoring of who is on the network, connected automatically with what each user is doing, overcomes the forensics challenges presented by dynamic enterprise environments. Since it is part of the StealthWatch System, the IDentity works both with StealthWatch native flow capture appliances and with traffic accounting information generated by NetFlow, IPFIX and sFlow-enabled routers and switches. In addition, the IDentity appliance supports a wide range of virtual private networks (VPNs), DHCP IP addressing within network segments and large pools of dial-up access devices.

The StealthWatch IDentity Advantage:

  • Integrates optimization of security and network operations with user identity tracking
  • Automatically identifies individual users and user sessions with specific IP addresses for greater user accountability and faster, more immediate insight into unexpected network events
  • Requires no agent or service, and includes built-in support for 10 market-leading identity store technologies
  • Integrates easily with traffic accounting information generated by NetFlow, IPFIX and sFlow-enabled routers and switches
  • Cost-effectively supports enterprise infrastructures with a limited number of IDentity appliances, each independently managed by the appropriate domain administrator
Network 4 x 1000 BaseT (Gigabit over Copper)                                    Only 1 Port Required for Management and Data                                                                                                1 x RS-232 Serial Console RJ-45 Port
Maximum Users 10,000
IP-to-ID Records
Second Unit HA Option Yes
Processor Single Quad Core
Cooling Fan Single
Power Supply

Single 250W                                                                            AC Input Voltage                                                                     100 to 240 VAC                                                                   Frequency 50-60 Hz

Dimensions Height: 1.75 in. (4.4 cm)                                                  Width: 17.3 in. (43.9 cm)                                                Depth: 16.7 in. (42.4 cm)
Rack Units (Mountable) 1U
Weight 16 lbs. (7.3 kg)
Temperature 32°F to 104°F (0°C to 40°C)
Humidity 5% to 95%
Heat Dissipation 450 BTUs per hour maximum
Regulatory Compliance
  • FCC Class A
  • CE
  • VCCI
  • UL
  • CB
  • TUV
Please call for a complete list.