Market Brief

Identity-Aware NetFlow

Download Market Brief

In today’s environment of advanced persistent threats and increasingly complex networks, IT administrators require a more comprehensive means of uncovering the root cause of network and security issues. By collecting and analyzing NetFlow and other flow data from existing infrastructure, Lancope’s StealthWatch® System delivers end-to-end visibility and advanced troubleshooting capabilities for combating the full spectrum of risks facing enterprise networks. Through sophisticated behavioral analysis, the system identifies both zero-day and targeted attacks, as well as insider threats including network misuse, policy violations and data leakage.

Alongside in-depth behavioral analysis, StealthWatch offers valuable identity awareness capabilities to pinpoint the exact users responsible for and affected by performance problems or security breaches. According to the Cisco Connected World Technology Report, seven out of 10 young professionals frequently ignore company IT policies.1 Identity data provides greater context around suspicious host and network behaviors to help curb risky practices, overcoming the forensics challenge presented by dynamic enterprise environments. 

The StealthWatch platform combines advanced identity data with sophisticated security and network performance monitoring to protect the integrity of enterprise infrastructure.

The StealthWatch platform combines advanced identity data with sophisticated security and network performance monitoring to protect the integrity of enterprise infrastructure. 

Advanced Identity Monitoring

StealthWatch integrates user information with network traffic statistics to deliver detailed visibility into user activity anywhere across the network. Administrators leverage username(s) or IP address(es) associated with an event and the StealthWatch Management Console returns the appropriate flow forensics for event investigation. 

By identifying the user causing an event and other users affected, StealthWatch provides greater accountability and immediate insight into network events or user needs. The system also enables any necessary quarantine or other corrective actions to be taken sooner, and delivers powerful auditing capabilities for regulatory compliance. Knowing exactly who is on the network and what they are doing, IT administrators can maintain optimum levels of performance and security without inadvertently impacting the experience of high-level users. Identity data can also assist with other efforts including capacity planning, help desk and human resources. 

Device Data for Enhanced Awareness 

In addition to identifying specific users on the network, StealthWatch can also collect and analyze device details such as device type, security posture and physical location on the network through integration with the Cisco Identity Services Engine (ISE). This extra layer of identity information delivers unprecedented visibility into advanced threats across the entire network – from core and distribution to user access edge. Identity and device data enable organizations to more accurately assess the intent and potential danger of suspicious activity – whether it is malicious or just an inadvertent policy violation – to more effectively determine the best course of action for mitigation. 

Trends such as user mobility and bring-your-own-device (BYOD) environments have significantly lessened the efficacy of traditional, reactive security measures for addressing today’s threat landscape. What’s more, three out of five young professionals surveyed in the Cisco Connected World Technology Report don’t believe that they are responsible for protecting information and devices, believing instead that their IT department and/or service providers are accountable. By providing a direct path to the users involved in network and security incidents, Lancope’s StealthWatch delivers an advanced, proactive solution that offers better protection and performance both now and for the future.

1 – Cisco Connected World Technology Report 2011,

http://www.cisco.com/en/US/netsol/ns1120/index.html