Discover Who Caused the Problem and Who Is Affected with StealthWatch Identity Awareness
Lancope's StealthWatch identity awareness provides a direct linkage between individual users and specific network events. By combining StealthWatch's flow-based security, network and application performance monitoring technology with advanced user identity tracking, organizations can automatically connect any unexpected event within the enterprise with the user or users who caused the event. Administrators simply request the username(s) and IP address associated with an event from the StealthWatch Management Console and the system returns the appropriate real-time information.
Identity data can be obtained from the StealthWatch IDentity appliance (more details below) or through integration with the Cisco Identity Services Engine (ISE).
StealthWatch IDentity is a powerful, real-time solution that requires no agent or service running on an identity or authentication server. Administrators simply click on any IP address within the StealthWatch Management Console and specify a date range or point in time. The IDentity can even connect a username with all the IP addresses into which it is currently logged on. Multiple administrators can access this data simultaneously, making the IDentity an ideal tool for both network optimization and security across the enterprise.
Network and security administrators gain the ability to connect individual network transactions with individual users through the IDentity, which in turn means that users can be held accountable for their actions, and unexpected user needs can be better anticipated and met. This capability significantly improves audit controls for regulatory compliance, since administrators can immediately identify the party responsible for a hardware, software or security issue. The IDentity also simplifies identifying other users affected by an event, so that quarantine and corrective actions can be taken sooner.
This 24x7 monitoring of who is on the network, connected automatically with what each user is doing, overcomes the forensics challenges presented by dynamic enterprise environments. Since it is part of the StealthWatch System, the IDentity works both with StealthWatch native flow capture appliances and with traffic accounting information generated by NetFlow, IPFIX and sFlow-enabled routers and switches. In addition, the IDentity appliance supports a wide range virtual private networks (VPNs), DHCP IP addressing within network segments and large pools of dial-up access devices.
The StealthWatch IDentity Advantage:
- Integrates optimization of security and network operations with user identity tracking
- Automatically identifies individual users and user sessions with specific IP addresses for greater user accountability and faster, more immediate insight into unexpected network events
- Requires no agent or service, and includes built-in support for 8+ market-leading identity store technologies
- Integrates easily with traffic accounting information generated by NetFlow, IPFIX and sFlow-enabled routers and switches
- Cost-effectively supports enterprise infrastructures with a limited number of IDentity appliances, each independently managed by the appropriate domain administrator
| Network | 4 x 1000 BaseT (Gigabit over Copper) Only 1 Port Required for Management and Data 1 x RS-232 Serial Console RJ-45 Port |
| Maximum Users | 10,000 |
|
Maximum IP-to-ID Records |
10,000,000 |
| Second Unit HA Option | Yes |
| Processor | Single Quad Core |
| Cooling Fan | Single |
| Power Supply |
Single 250W AC Input Voltage 100 to 240 VAC Frequency 50-60 Hz |
| Dimensions | Height: 1.75 in. (4.4 cm) Width: 17.3 in. (43.9 cm) Depth: 16.7 in. (42.4 cm) |
| Rack Units (Mountable) | 1U |
| Weight | 16 lbs. (7.3 kg) |
| Temperature | 32°F to 104°F (0°C to 40°C) |
| Humidity | 5% to 95% |
| Heat Dissipation | 450 BTUs per hour maximum |
| Regulatory Compliance |
|
