StealthWatch Management Console

Manage Your StealthWatch Appliances from a Single Console

Armed with graphical representations of network traffic, customized summary reports, and integrated security and network intelligence for drill-down analysis, administrators can easily identify internal and external attacks, network exposures and policy violations. The StealthWatch Management Console also enhances network management through trend analysis, firewall and capacity planning, interdepartmental billing and performance monitoring.

StealthWatch Management Console Benefits:

  • Centralized management, configuration and reporting for multiple StealthWatch sensors and collectors
  • Real-time data correlation, traffic visualization and consolidated reporting
  • Easily understood graphics with rapid drill-down to essential network behavior details
  • Flexible deployment options, including virtual

Read the StealthWatch Management Console datasheet.

The StealthWatch Management Console (SMC) manages, coordinates and configures StealthWatch appliances and flow collectors (NetFlow, IPFIX, sFlow) to correlate security and network intelligence from StealthWatch components deployed at critical segments throughout the enterprise. This ability to deliver real-time insight into current network behavior increases network and security team efficiency and decreases operating costs, while simultaneously improving overall security posture and operational awareness.

Featuring Java-based platform independence, the SMC enables instant data correlation, traffic visualization and consolidated reporting. Administrators can detect and prioritize security threats, pinpoint network misuse and suboptimal performance, and manage incident response across the enterprise — all from a single control center.

Available as a physical or virtual appliance, the StealthWatch Management Console provides the following features to cost-effectively optimize security and network operations across the enterprise:

Insightful real-time reporting

The StealthWatch Management Console provides valuable insight into network usage via pre-defined, customizable XML-based reports that include source/destination IP address, services, time period, traffic protocol and bandwidth levels. Administrators use this information to perform essential security and network management tasks, such as creating and assessing security policies; ensuring proper configuration of firewalls, servers and other network devices; and identifying trends in order to anticipate and remedy potential problems.

Efficient centralized administration across distributed enterprise deployments

The SMC simplifies remote administration for multiple StealthWatch sensors and collectors regardless of physical location. Administrators centrally define and implement hierarchical security zones, security and network usage policies and various appliance configuration parameters. Low bandwidth transmissions between StealthWatch appliances and the SMC maximize performance with minimal impact on normal network operations. In addition, the SMC provides streamlined integration between the StealthWatch System and standard network management applications.

Customizable and flexible graphical visualization of security and network events and behavior

Advanced graphics and customizable preferred views of network activity deliver unique insight into the security and usage of the network. Graphical displays of network traffic relationships and security intelligence help network and security teams understand traffic patterns and identify deviations from normal network behavior. This visualization aids in the detection of Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, worms, viruses and other malware, targeted attacks, pre-attack reconnaissance and insider threats. The StealthWatch Management Console also helps administrators identify network bottlenecks and misuse, spot malfunctioning network devices and perform capacity planning to optimize network performance.

Drill-down analysis of security and network events

The StealthWatch Management Console correlates data across the enterprise for in-depth, root-cause analysis and rapid recognition of network and security trends. Drill-down analysis into alarms, host-level activity and suspicious network behavior enables administrators to quickly prioritize and respond to contain attacks and mitigate network damage. The console's user-friendly UI intuitively guides administrators through the various layers of information provided by StealthWatch appliances across the network.

Point-of-View™ technology

StealthWatch proves equally valuable for network and security engineers. Point-of-View technology within the StealthWatch Management Console provides a unique, customized view of the network for each IT role. Network engineers see router interface statistics, top talkersand trending reports. Security analysts receive reports detailing policy violations, worm outbreaks and other malware traversing the network. StealthWatch Point-of-View technology brings flow-based analysis benefits to the entire IT organization.

Integrated internal and external monitoring

The StealthWatch Management Console employs a high-speed customizable Syslog parser to facilitate integration with other network and security technologies such as firewalls, IDS/IPS appliances and any other technology capable of exporting Syslog messages. As events are received from external systems, they are decoded, correlated with StealthWatch events and stored for later analysis in the StealthWatch Management Console database. Lancope can also consume flow records from perimeter devices such as firewalls. Extending behavioral analytics to the perimeter provides greater contextual awareness for improved network and security operations.

SLIC Threat Feed

Through the SLIC Threat Feed, Lancope correlates real-time intelligence on global threats with suspicious network activity to alert on hosts infected with advanced malware, including botnets. Continuously monitoring customer networks for thousands of known command-and-control (C&C) servers, the threat feed further enhances Lancope’s early threat detection capabilities, preventing cyber-attacks from wreaking havoc on corporate and government networks.

Features Network Security
User identity tracking X X
Flexible deployment options, including virtual X X
Quick root-cause analysis, troubleshooting X X
Relational flow maps X X
NAT stitching X X
Custom dashboards X X
Custom reports X X
Automated blocking, remediation or rate limiting X X
Top N reports for applications, services, ports, protocols, hosts, peers and conversations X X
Traffic composition breakdown X X
Customizable user interface based on Point-of-View technology X X
Support for multi-gigabit and large-scale MPLS network environments X X
Advanced flow visualization X X
Massive scalability X X
Combined internal and external monitoring X X
Capacity planning and historical traffic trending X  
WAN optimization reporting* X  
DSCP bandwidth utilization X  
Worm propogration visualization   X
Internal security for high-speed networks   X

* Limited functionality with sFlow


SMC 1000

SMC 2000


Management Port — 1; 10/100/1000 Copper

Database Capacity

1 TB (RAID-6 Redundant)

2 TB (RAID-6 Redundant)

Hardware Platform


Hardware Generation


Rack Units (Mountable)



Redundant 750W AC, 50/60 Hz
Auto Ranging (100V to 240V)

Heat Dissipation

2,891 BTU per hour maximum


Height: 1.68 in. (4.3 cm)

Width: 18.99 in. (48.24 cm) with rack latches

17.08 in. (43.4 cm) without rack latches

Depth: 29.25 in. (74.3 cm) with power supplies and bezel
27.25 in. (69.2 cm) w/o power supplies and bezel



41 lb (18.6 kg)


Sliding Ready Rails with Cable Management Arm


  • FCC (U.S. only) Class A
  • DOC (Canada) Class A
  • CE Mark (EN55022 Class A, EN55024, EN61000-3-2, EN 61000-3-3, EN60950)
  • VCCI Class A
  • UL 1950
  • CSA 950

Please call for a complete list.

The SMC Virtual Edition (VE) is designed to perform the same function as the appliance editions, but in a VMware environment. The following table shows the minimum resource requirements for the SMC VE to operate based on the number of FlowCollectors sending it data. However, the SMC VE scales dynamically based on the resources allocated to it. Therefore, for the SMC VE to operate effectively, be sure to allocate resources so that they are reserved for the SMC VE and not shared with any other virtual machines.

 FlowCollectors Concurrent Users Reserved Memory Reserved CPUs
1 Up to 2 8 GB 2
Up to 3 Up to 5 8 GB 3
Up to 5 Up to 10 16 GB 4

Download the StealthWatch Management Console VE product data sheet (pdf)
Note: More details can be found in the StealthWatch System Capacities & Sizing Guidelines. Contact Sales or a Lancope partner for the document.