With broad customer and industry experience, the Lancope Professional Services team helps organizations optimize StealthWatch deployments to meet specific business requirements, increase productivity and reduce risk. A unique combination of network and security skills enables the team to quickly and effectively implement StealthWatch to meet the intense demands of today's advanced cyber threat environment.
Lancope's Initial Install service allows network and security teams to closely align the StealthWatch System with their overall security strategy and business objectives. This service installs and integrates the StealthWatch system in the customer infrastructure. It configures the system and provides for initial tuning and report generation.
Customers will experience fast, error-free deployment, highly effective threat detection and maximum protection from a wide range of online attacks. They will also benefit from the unique opportunity to learn from Lancope's highly skilled technical staff.
Health Check and Tuning customers with the ability to have their StealthWatch system verified for proper operation and tuned to increase the fidelity of alarms for increased operational efficiency.
Lancope's Health Check and Tuning enables organizations to achieve increased operational efficiency and return on investment. Customers will benefit from high fidelity alarms, quicker response times and minimised corporate risk.
- Upgrade the StealthWatch System as needed
- Review network architecture and flow collection design for maximum performance
- Review Host Group structure and recommend changes if necessary
- Tune alarms to increase fidelity
- Help configure dashboards, reports and maps
- Implement desired alerting
- Provide on-the-job instruction for technical staff
“There are considerable security risks associated with even the smallest changes to the system. StealthWatch proved its value immediately by helping us determine the security and effectiveness of our SCADA changes in real time. StealthWatch provides measurable results in days.”
StealthWatch Host Group Automation gives customers a logical means of categorizing network assets for improved visibility and control. Through the Host Group Automation service, Lancope enables customers to automatically synchronize Host Groups with data from their authoritative IP address management system.
The Host Group Automation service enables customers to optimize StealthWatch System performance and reduce operational overhead, as well as decrease false positive alarms and reduce operator errors. Automatic Host Group updating helps keep the StealthWatch System operating at its maximum potential for increased efficiency and optimal protection from a wide range of online threats.
Through the Proxy Integration service, customers can integrate their web proxy with the StealthWatch FlowCollector to extend network visibility into stitched flows between internal clients and outside web servers. By achieving end-to-end network visibility that spans web proxies, customers can expand network protection and maximize return on investment for their StealthWatch System.
Obtaining insight into proxy sessions allows customers to improve threat detection and minimize corporate risk, while also enabling quick forensic investigations into command-and-control (C&C) communications across the proxy. It allows for immediate alerting of corporate use policy violations.
- Development of tailored integration strategy
- Installation of the proxy adapter on virtual of physical hosts
- Configuration of the adaptor and StealthWatch System components to enable ingest of NetFlow
- Assistance with configuration of the adapter for Syslog ingest
- Integration of up to four like proxies into the StealthWatch System
- By achieving end-to-end network visibility that spans web proxies, customers can expand network protection and maximize return on investment for their StealthWatch System
Security System Integration provides addtional context around potential threats by combining alarm notification with flow data, enabling customers to classify a threat and then take appropriate action. By aggregating alarm notification with StealthWatch flow data, the Security Integration service will enable a quick and complete description of network traffic realted to suspicious IP address. This service will enable teh acceptance of alarm notifications from any security system - IPS, PCAP, and SIEM and will automatically query StealthWatch to:
- Display peers of supicious IP adress
- What protocols and applications were used
- How much data was transmitted
- When the communication took place
- Enable summary "Top" reports such as top peers and top communications
As a result, customers will have all the data necessary to investigate and mitigate a suspicious host. This data can be displayed on the StealthWatch console or transmitted to another system as determined.
Customers will be able to see the full context of a potential threat, which will enable them to greatly reduce the Mean-Time-to-Know and Mean-Time-to-Respond to a security incident.
This service provides a high level of alarm fidelity and is flexiable in service implementation. Key features include:
- Aggregation of flow data with Alarm
- Alarm notification from any security system
- REST API for direct consumption of StealthWatch
With the Security Integration service, you can accelerate your incident response and forensic investigations.
To learn more, contact your Lancope Sales Representative, Lancope Certified Partner, or email@example.com for more information including pricing and minimum requirements.