Market Brief

StealthWatch for Service Providers

Download Market Brief

The service provider industry must be vigilant in protecting its networks from online attackers due to the key role it plays in critical infrastructure and the number of businesses and individuals that depend upon it every day. Service providers must diligently protect their customers from distributed denial-of-service (DDoS) attacks, performance issues and malware originating from external attackers or other customers’ networks.

Because they transmit large volumes of data to and from thousands of other organizations and users, service provider networks must remain open in order to conduct business – essentially, the network is their business. Due to this intricately connected architecture, conventional perimeter defenses such as firewalls are of little use. And due to the massive amount of traffic flowing through service provider networks, probe-based monitoring solutions cannot feasibly or cost-effectively scale to protect them. 

Instead, service providers require next-generation solutions that provide a faster, more holistic view of everything that is happening across the network to safeguard both the internal environment and customer networks. As service provider bandwidth needs continue to grow – from 10 Gbps to 40, 80 and even 120 Gbps – the only viable solution for obtaining comprehensive visibility across their networks is flow-based monitoring. 

While most service providers have adopted flow-based monitoring solutions, unfortunately many of them cannot scale to adequately support massive networks. Lancope’s StealthWatch® System, on the other hand, can scale to millions of flows per second (fps) – and up to 120,000 fps per collector – to deliver end-to-end monitoring for even the largest environments.

Service Providers Headlines

In recent years, service providers around the world have come under the attack of online criminals.

10 Ways Service Providers Use StealthWatch 

  1. Achieve comprehensive, end-to-end visibility and protection from core to edge 
  2. Protect customer networks from damaging DDoS attacks
  3. Detect anomalous behavior down to the exact customers and applications causing it
  4. Quickly prevent security problems such as botnets and advanced persistent threats (APTs) from infiltrating customer networks
  5. Generate and analyze flow data from areas of the network that do not inherently support it, eliminating dangerous network blind spots  
  6. Improve network availability and performance by identifying top bandwidth users 
  7. Accurately measure and bill back customers based on bandwidth usage
  8. Scale and extend monitoring to next-generation environments including high-speed, cloud and IPv6 
  9. Support other efforts including forensic investigations, capacity planning and regulatory compliance
  10. Differentiate offerings through managed services supported by industry-leading network monitoring 

The StealthWatch Difference  

Rather than relying on signature updates, StealthWatch uses flow-based behavioral analysis to detect both sophisticated, zero-day attacks that bypass perimeter defenses, as well as insider threats including unauthorized access, policy violations, network misuse and data leakage. Unlike some monitoring solutions that only provide summarized traffic reports, StealthWatch enables organizations to drill down into network traffic issues, dramatically improving troubleshooting efforts.

DDoS attacks cost companies more money per year than any other type of cyber-attack.1

StealthWatch also includes advanced application awareness to even further pinpoint the root cause of network issues and greatly reduce the time from problem onset to resolution. The StealthWatch platform is easy to deploy and manage – across both physical and cloud-based networks – and can be obtained at a fraction of the cost of conventional monitoring solutions. 

Service Providers are Under Pressure to Deliver Clean Pipes and Competitive Differentiators 

With the daily operation of so many mission-critical organizations relying upon them, service providers cannot afford to have their service disrupted, customer accounts infiltrated or be infected by malware via cyber attack. Recent ISP hacks around the world have demonstrated the harm that such an attack can cause. Service providers are also under immense pressure from government agencies, including the U.S. DoD, DHS and FCC, to keep their networks and customers safe. Governments in Australia, Germany and Japan, for example, are also playing a hands-on role in establishing ISP security standards. 

Additionally, with Internet access becoming such a commodity, service providers are diversifying to become more well-rounded, offering triple- and quad-play services that bundle voice, video, data and wireless, or even becoming managed service providers delivering value-added security or network monitoring packages. With more and more services being intertwined, ISP security becomes especially crucial, as one issue could potentially wipe out a multitude of services. 

In the end, if service providers fail to protect their customers, deliver a positive user experience and offer the value-added services users have come to expect, their reputation and business will suffer as customers switch to other providers. Through the behavioral analysis of NetFlow, IPFIX and other types of existing flow data, Lancope’s StealthWatch cost-effectively protects service providers’ businesses while enabling them to provide revenue-generating managed services.

StealthWatch in Action  

In a highly sensitive and competitive space like the service provider market, StealthWatch delivers the situational awareness and actionable intelligence needed to remain a step ahead of online attackers and industry competitors. Large organizations around the globe, including many service providers, rely on Lancope’s StealthWatch System to protect their networks and customers, and StealthWatch is also a key component of Cisco’s Cyber Threat Defense Solution. 

Real-time monitoring of NetFlow, IPFIX, and other flow data to answer:

  • Which networks are consuming the most bandwidth?
  • Are other customers impacted by abusive network usage?
  • Are any customers suffering from DDoS attacks?
  • Is malware or other malicious traffic originating from our network?
Service Provider Use Cases
Telenor Norway

Telenor Norway, the leading telecom provider in Norway, is using StealthWatch for flow-based security monitoring and incident response across hundreds of network segments and services. StealthWatch monitors traffic for all major data centers related to Telenor Norway’s mobile and ISP services, encompassing thousands of servers. With StealthWatch in place, the telecom provider’s security teams receive greater visibility into data center networks, which they leverage for incident prevention, response and root cause analysis.

”Our network sustains more than a million packets per second in traffic,” said Henrik Strom, head of IT security for Telenor Norway. “Any IDS solutions would be challenged to inspect all that traffic, much less alert us to potential risks. During our extensive evaluation of security monitoring products, StealthWatch was found to be the only solution that can scale to our needs in terms of network traffic and administration. StealthWatch enables us to proactively identify issues in our data centers that would otherwise have required tremendous effort to uncover.”

WildBlue Communications
(A ViaSat Company)

Satellite Internet provider WildBlue Communications selected Lancope’s StealthWatch System to enhance its network performance and security. By using StealthWatch to monitor its network, the ISP benefits from a complete view of network traffic, which is used to more efficiently isolate and resolve problems.

“Of all the solutions we evaluated, StealthWatch provided the most comprehensive view of our network traffic, along with the most flexible alerting and mitigation options. With its efficient, accessible reporting on all our network traffic, StealthWatch helps us tune our entire network for better performance and enhanced security. The easy access to raw traffic flows that StealthWatch provides makes general network troubleshooting much easier than expected.”

1 – Ponemon Institute, Second Annual Cost of Cyber Crime Study, August 2011,