With broad customer and industry experience, the Lancope Professional Services team helps organizations optimize StealthWatch deployments to meet specific business requirements, increase productivity and reduce risk. A unique combination of network and security skills enables the team to quickly and effectively implement StealthWatch to meet the intense demands of today's advanced cyber threat environment.
Lancope's Initial Installation service allows network and security teams to closely align the StealthWatch System with their overall security strategy and business objectives. This service installs and integrates the StealthWatch System in the customer infrastructure. It configures the system and provides for initial tuning and report generation.
Customers will experience fast, error-free deployment, highly effective threat detection and maximum protection from a wide range of online attacks. They will also benefit from the unique opportunity to learn from Lancope's highly skilled technical staff.
- Configuration of default Host Group structure
- Alarm tuning
- Dashboard, map and report configuration
- Implementation of desired alerting
- On-the-job instruction for technical staff
- A half-day knowledge transfer session on system operation and investigative workflows
Health Check and Tuning provides customers with the ability to have their StealthWatch System verified for proper operation and tuned to increase the fidelity of alarms for increased operational efficiency.
Lancope's Health Check and Tuning enables organizations to achieve increased operational efficiency and return on investment. Customers will benefit from high fidelity alarms, quicker response times and minimized corporate risk.
- Upgrade the StealthWatch System as needed
- Review network architecture and flow collection design for maximum performance
- Review Host Group structure and recommend changes if necessary
- Tune alarms to increase fidelity
- Help configure dashboards, reports and maps
- Implement desired alerting
- Provide on-the-job instruction for technical staff
StealthWatch Host Group Automation gives customers a logical means of categorizing network assets for improved visibility and control. Through the Host Group Automation service, Lancope enables customers to automatically synchronize Host Groups with data from their authoritative IP address management system.
The Host Group Automation service enables customers to optimize StealthWatch System performance and reduce operational overhead, as well as decrease false positive alarms and reduce operator errors. Automatic Host Group updating helps keep the StealthWatch System operating at its maximum potential for increased efficiency and optimal protection from a wide range of online threats.
Through the Proxy Integration service, customers can integrate their web proxy with the StealthWatch FlowCollector to extend network visibility into stitched flows between internal clients and outside web servers. By achieving end-to-end network visibility that spans web proxies, customers can expand network protection and maximize return on investment for their StealthWatch System.
Obtaining insight into proxy sessions allows customers to improve threat detection and minimize corporate risk, while also enabling quick forensic investigations into command-and-control (C&C) communications across the proxy. It allows for immediate alerting of corporate use policy violations.
- Development of tailored integration strategy
- Installation of the proxy adapter on virtual or physical hosts
- Configuration of the adaptor and StealthWatch System components to enable ingest of NetFlow
- Assistance with configuration of the adapter for Syslog ingest
- Integration of up to four like proxies into the StealthWatch System
Security System Integration provides addtional context around potential threats by combining alarm notification with flow data, enabling customers to classify a threat and then take appropriate action. By aggregating alarm notification with StealthWatch flow data, the Security Integration service will enable a quick and complete description of network traffic related to suspicious IP addresses. This service will enable the acceptance of alarm notifications from any security system - IPS, PCAP, and SIEM - and will automatically query StealthWatch to display:
- Peers of suspicious IP addresses
- What protocols and applications were used
- How much data was transmitted
- When the communication took place
- Summary "Top" reports such as top peers and top communications
As a result, customers will have all the data necessary to investigate and mitigate a suspicious host. This data can be displayed on the StealthWatch console or transmitted to another system as determined.
Customers will be able to see the full context of a potential threat, which will enable them to greatly reduce the Mean-Time-to-Know and Mean-Time-to-Respond to a security incident.
This service provides a high level of alarm fidelity. Key features include:
- Aggregation of flow data with alarm
- Alarm notification from any security system
- REST API for direct consumption of StealthWatch data
With the Security Integration service, you can accelerate your incident response and forensic investigations.
Contact your Lancope Sales Representative, Lancope Certified Partner, or email@example.com for more information including pricing and minimum requirements.
Our customers have access to the Lancope Customer Community, which provides access to training, along with the latest product documentation, knowledge base articles, forums and videos, plus the option to submit web-based support requests (cases). The Community also allows our customers to provide feedback to Lancope regarding ideas for product enhancements.
"We needed a robust system to monitor and protect our network investment and Lancope has come to our aid in a pinch, getting StealthWatch up and running quickly. We are able to watch more baseball than monitors because of [StealthWatch].