Internal IDS/IPS

Signature-based Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) suffer the near fatal flaws of cost and complexity of deployment. Security administrators should consider augmenting IDS/IPS deployments with a “defense in depth” model that involves the use of flow-based Network Behavior Analysis (NBA) to harness the power of a flow-based security and network-monitoring technology.

Designed for internal and distributed security and network monitoring, Lancope’s StealthWatch® leverages NetFlow and sFlow from routers and switches as well as SPAN ports to deliver unified visibility across physical and virtual networks. With a flow-based approach to NBA, StealthWatch does not require signature updates to detect attacks and anomalies.

Classic IDS/IPS technology

NBA technology

Database signatures detect known attacks

Real-time monitoring of host behaviors and traffic analysis to identify threats

Per-packet, inline blocking of attacks

Mitigation via network infrastructure or integration with inline devices

Cost prohibitive at speeds above 1G

Unlimited monitoring of high speed networks at no extra cost

Minimal forensics value

Archived audit trail of network IP communications

Little to no network performance tools for identifying DoS, worm outbreaks

Extensive network performance reports including top talkers, interface utilization, exporter tracking, etc.

No identity integration

User-identity aware

Limited visibility per direct network connection

End-to-end network visibility

Commonly deployed technology

Innovative technology deployed by early adopters

Request a Demo