Partner Integration Briefs

StealthWatch and Citrix NetScaler AppFlow

Download Integration Brief

Lancope has completed integration with Citrix AppFlow to provide enhanced application availability, performance and security monitoring across physical and virtual environments. Citrix AppFlow is an open standard for capturing application flow records. By seamlessly collecting and analyzing AppFlow records from Citrix NetScaler, which provides application acceleration, load balancing and web security, Lancope expands on the types of flow data and devices that can be monitored by the StealthWatch® System.

AppFlow is an extension of IPFIX (NetFlow) that cost-effectively delivers application layer visibility across public and private cloud environments without requiring network taps, span ports or agents. The technology leverages existing infrastructure to provide flow information and business intelligence for web-based transactions, leading to improved operations and performance for ecommerce and other critical business applications.  

Lancope’s StealthWatch System collects and analyzes AppFlow, NetFlow and other flow data from existing devices to deliver 24/7, end-to-end visibility into all hosts and traffic on the network. With StealthWatch, organizations can obtain the levels of contextual awareness and actionable intelligence needed to better respond to the full breadth of network and security issues facing today’s enterprises.

Incorporating this new flow source into StealthWatch provides customers with added value and additional data for obtaining a comprehensive view of everything going on within their network at any given time. The ability to analyze and correlate flow data from a multitude of devices enables enterprises to more effectively maintain high levels of network security and performance.  

How It Works

Through this integration, joint customers can easily pull AppFlow records from their Citrix NetScaler load balancers into StealthWatch for analysis and reporting. StealthWatch uses the AppFlow data to present session statistics from clients to the NetScaler load balancer virtual IP, as well as show the statistics for the load balancer to the devices serving as the termination point for the traffic. StealthWatch also correlates AppFlow data with key information from other devices to provide a clear, concise picture of overall network activity. In addition to providing high-level overviews, StealthWatch allows users to drill down into specific hosts and traffic patterns to obtain more in-depth insight. The combination of high-level and in-depth insight facilities faster, more informed decision-making for vastly improved network, security and application troubleshooting. 

The configuration of StealthWatch to receive AppFlow records from Citrix NetScaler is seamless. By default, StealthWatch will automatically add new flow feeds and begin processing data without any input from the IT administrator.

StealthWatch Unifies Security, Network and Application Visibility

StealthWatch monitors network and host behaviors as a whole to establish baselines and quickly alert on a wide range of anomalies. Through sophisticated behavioral analysis, the system detects both zero-day attacks that bypass perimeter defenses, as well as insider threats such as network misuse, unauthorized access, device misconfigurations and data leakage.

In addition to analyzing traffic at the network level, StealthWatch also incorporates both application and identity awareness to pinpoint exactly which technologies and users are causing network performance or security issues. Advanced features including automatic threat prioritization and mitigation further enhance operations and support other efforts such as forensic investigations and compliance initiatives.

Overall, StealthWatch fills in the gaps left by other solutions to eliminate network blind spots and dramatically reduce the time from problem onset to resolution, all at a fraction of the cost of traditional monitoring solutions. The system is scalable to meet the needs of even the largest networks, analyzing up to 3 million flows per second, and can also monitor and protect virtual environments.

“Citrix AppFlow provides the application visibility enterprises need to run secure, high-performance networks while embracing cloud computing, mobile and other innovations. Lancope’s StealthWatch is a valuable AppFlow solution that delivers end-to-end network intelligence across the enterprise to monitor and analyze network performance and security.”

– Steve Shah, Sr. Director Product Management, Citrix