Visibility and Security in the Data Center
The data center is a crucial component of today’s government and enterprise infrastructure, housing the critical servers and systems required to conduct business on a 24/7 basis. In light of the constant wave of security breaches making headlines around the world, organizations are bolstering their network defenses with perimeter- and signature-based technologies, but unfortunately those tools provide little protection for the data center, where the majority of corporate assets and data are stored.
In order to protect the data center against dangerous attacks including advanced malware, APTs, insider threats and DDoS, organizations require in-depth visibility into the internal network to quickly detect and mitigate anomalies that could signify risks. Companies are commonly turning to a combination of access control, firewalls and antivirus to secure their data centers, but these technologies leave dangerous gaps in visibility and protection, especially when it comes to virtual environments.
Eliminate Dangerous Network Blind Spots
The comprehensive network visibility and security intelligence provided by Lancope’s StealthWatch® System covers all areas of the network from internal users surfing the Internet to virtual systems in the data center to eliminate blind spots and improve risk posture. With this advanced insight, organizations can detect a wide range of data center issues, from malicious insiders attempting to exfiltrate sensitive data, to malware spreading internally from host to host.
StealthWatch collects and analyzes NetFlow, IPFIX and other types of flow data to deliver advanced security context from network edge to access, including:
- Visibility at the edge to expose inbound attacks or internally compromised systems communicating out to the Internet
- Firewall auditing to detect when policies have been violated
- Server-side monitoring to view inter-device communication and identify attack activity such as network reconnaissance and internally spreading malware
- In-depth visibility at the network core to accurately track the full path of an attack
This comprehensive view of network activity greatly improves incident response, forensics and compliance, while helping to prevent devastating data loss. StealthWatch is highly scalable to meet the needs of even the largest IT environments, analyzing up to 120,000 flows per second (fps) per collector, or 3 million fps total.
With continuous, end-to-end monitoring and in-depth intelligence,StealthWatch helps organizations address many of the top challenges associated with data center security.
Fill in the Gaps with Virtual Visibility
Because virtual-machine-to-virtual-machine (VM2VM) communications inside a physical server cannot be monitored by traditional network and security devices, this lack of visibility complicates problem identification and resolution, potentially erasing any cost savings associated with virtual environments. Through the StealthWatch FlowSensor™ Virtual Edition (VE), Lancope provides the same level of visibility across virtual environments as it does for the physical network.
With StealthWatch, organizations can obtain comprehensive insight into both physical and virtual networks.
In addition to typical NetFlow data, the FlowSensor also uses deep packet inspection to provide application awareness, URL information, round trip time and server response time for additional insight into virtual communications. All of this data is sent to the StealthWatch FlowCollector for behavioral analysis to detect suspicious activities.
Since the majority of processing and analysis occurs at the collector rather than within the FlowSensor itself, virtual server resources are conserved, preserving data center performance and virtualization cost savings. A single StealthWatch FlowCollector supports up to 2,000 VMs simultaneously. In addition to protecting virtual networks, Lancope offers its products in both physical and virtual form factors to enable organizations to embrace next-generation data center technologies without sacrificing security.
Gain Advanced Security Context
In addition to virtual network and application monitoring, StealthWatch also includes identity and device awareness to further expedite and improve threat detection and resolution. StealthWatch offers identity awareness and user-centric monitoring capabilities to pinpoint the exact user(s) responsible for and affected by security breaches. Identity data provides greater context around suspicious behaviors to help curb the risky activities of negligent, malicious or compromised insiders, while also overcoming the forensics challenges presented by dynamic enterprise environments.
Alongside identifying specific users on the network, StealthWatch can also collect and analyze details such as device type, security posture and physical location on the network through integration with the Cisco Identity Services Engine (ISE). This insight is invaluable for securing bring-your-own-device (BYOD) networks.
Through advanced behavioral analysis, StealthWatch leverages key information from across the entire network --including the data center and mobile devices -- to deliver actionable intelligence for fast resolution of a wide variety of security issues. The StealthWatch Labs Intelligence Center (SLIC) provides continuously updated security data on known external botnets and any possible communication between those threats and the enterprise network to keep organizations a step ahead of the latest attack vectors.
StealthWatch collects and analyzes valuable data from across the entire network.
The Data Center -
A Launchpad for Denial-of-Service Attacks
In addition to housing valuable systems and data that can be attractive targets for attackers, data centers also possess large quantities of bandwidth that have been leveraged for attacks. Stealthy attackers have begun to use organizations’ data centers to launch denial-ofservice attacks on others. Because the traffic is often encrypted and coming from legitimate IP addresses, these types of attacks are difficult to detect.
The only recourse is to have an understanding of the behavior on the network and look not at the traffic itself, but at the volume. If a normal server load is x and the data received is x times 50, then regardless of the source or type, there is a problem. StealthWatch by Lancope, deployed on the local network, or at a private or outsourced data center, can profile the normal behavior of the network and alert administrators when it detects a significant change in traffic.