Service Providers

StealthWatch Monitors and Protects
Service Provider Networks

The service provider industry must be vigilant in protecting its networks from online attackers due to the key role it plays in critical infrastructure and the number of businesses and individuals that depend upon it every day. Service providers must diligently protect their customers from distributed denial-of-service (DDoS) attacks, performance issues and malware originating from external attackers or other customers’ networks.

Because they transmit large volumes of data to and from thousands of other organizations and users, service provider networks must remain open in order to conduct business – essentially, the network is their business. Due to this intricately connected architecture, conventional perimeter defenses such as firewalls are of little use. And due to the massive amount of traffic flowing through service provider networks, probe-based monitoring solutions cannot feasibly or cost-effectively scale to protect them.

Instead, service providers require next-generation solutions that provide a faster, more holistic view of everything that is happening across the network to safeguard both the internal environment and customer networks. As service provider bandwidth needs continue to grow – from 10 Gbps to 40, 80 and even 120 Gbps – the only viable solution for obtaining comprehensive visibility across their networks is flow-based monitoring.

Through massively scalable network visibility and security context, Lancope's StealthWatch System provides the in-depth network insight needed to protect and preserve the integrity and availabiliy of service provider networks. NAT support provides even more security and reliability by explicitly defining the source IP address responsible for network congestion or anomalous traffic. High-speed NAT logging is especially crucial now that service providers are considering using carrier-grade NAT (CGN), also known as large-scale NAT (LSN), which allows for literally thousands of users to share a single IP address and makes it easy for bad actors to hide behind NAT.

The StealthWatch System can also consume NAT information from the Cisco ASR 1000 separately from other flow records. This feature is especially beneficial for ISPs that need to capture just the NAT information from flow records in order to comply with the Communications Assistance for Law Enforcement Act (CALEA).

10 Ways Service Providers Use StealthWatch

  1. Achieve comprehensive, end-to-end visibility and protection from core to edge
  2. Protect customer networks from damaging DDoS attacks
  3. Detect anomalous behavior down to the exact customers and applications causing it
  4. Quickly prevent security problems such as botnets and advanced persistent threats (APTs) from infiltrating customer networks
  5. Generate and analyze flow data from areas of the network that do not inherently support it, eliminating dangerous network blind spots 
  6. Improve network availability and performance by identifying top bandwidth users
  7. Accurately measure and bill back customers based on bandwidth usage
  8. Scale and extend monitoring to next-generation environments including high-speed, cloud and IPv6
  9. Support other efforts including forensic investigations, capacity planning and regulatory compliance
  10. Differentiate offerings through managed services supported by industry-leading network monitoring
Service Provider Use Cases
Telenor Norway

Telenor Norway, the leading telecom provider in Norway, is using StealthWatch for flow-based security monitoring and incident response across hundreds of network segments and services. StealthWatch monitors traffic for all major data centers related to Telenor Norway’s mobile and ISP services, encompassing thousands of servers. With StealthWatch in place, the telecom provider’s security teams receive greater visibility into data center networks, which they leverage for incident prevention, response and root cause analysis.

”Our network sustains more than a million packets per second in traffic,” said Henrik Strom, head of IT security for Telenor Norway. “Any IDS solutions would be challenged to inspect all that traffic, much less alert us to potential risks. During our extensive evaluation of security monitoring products, StealthWatch was found to be the only solution that can scale to our needs in terms of network traffic and administration. StealthWatch enables us to proactively identify issues in our data centers that would otherwise have required tremendous effort to uncover.”

Click here for more information on Telenor Norway's use of StealthWatch.

WildBlue Communications
(A ViaSat Company)

Satellite Internet provider WildBlue Communications selected Lancope’s StealthWatch System to enhance its network performance and security. By using StealthWatch to monitor its network, the ISP benefits from a complete view of network traffic, which is used to more efficiently isolate and resolve problems.

“Of all the solutions we evaluated, StealthWatch provided the most comprehensive view of our network traffic, along with the most flexible alerting and mitigation options. With its efficient, accessible reporting on all our network traffic, StealthWatch helps us tune our entire network for better performance and enhanced security. The easy access to raw traffic flows that StealthWatch provides makes general network troubleshooting much easier than expected.”

Edge Web Hosting

As a managed hosting provider that monitors and manages IT systems for more than 500 customers around the globe, maintaining a secure and reliable infrastructure is critical to the success of Edge Web Hosting. With multiple 10 Gigabit Internet connections and 2,000 managed servers, the hosting provider struggled to find a network and security monitoring solution that could successfully collect and analyze the amount of flow data generated on its network.

“With StealthWatch, we can process massive amounts of data very quickly,” said Michael Jordan, director of network operations for Edge Web Hosting. “From there, we can easily obtain a comprehensive picture of what is going on within our network, and determine whether there are any issues that need immediate attention. StealthWatch was the only product that offered a holistic solution for monitoring our entire network.”

Click here for further details on Edge Web Hosting's use of StealthWatch.

Click here to view our market brief on the service provider industry.