INTRUSION DETECTION SYSTEM

Signature-based Intrusion Detection Systems (IDS) suffer the near fatal flaws of cost and complexity of deployment. Security administrators should consider augmenting IDS deployments with Network Behavior Analysis (NBA) to harness the power of a flow-based security and network-monitoring technology.

IDS technologies are well-suited for filtering well-known, well-defined attacks at the perimeter yet very costly and challenging to deploy in high speed switched core or distributed WAN environments. Intrusion detection systems maintain a database of signatures to block known, recognized attacks New attacks for which no known signature have been developed easily bypass this line of defense. Furthermore, the inline deployment of IDS technologies limits the scope of their deployment to a relatively small subset of the network and increases the cost of network-wide deployment to astronomical heights.

Designed for internal and distributed security and network monitoring, Lancope’s StealthWatch leverages NetFlow and sFlow from routers and switches as well as SPAN ports. They are “behavior-based”, no signature updates are required to detect attacks and anomalies.

Classic IDS/IPS technology

NBA technology

Database signatures detect known attacks

Real-time monitoring of host behaviors and traffic analysis to identify threats

Per-packet, inline blocking of attacks

Mitigation via network infrastructure or integration with inline devices

Cost prohibitive at speeds above 1G

Unlimited monitoring of high speed networks at no extra cost

Minimal forensics value

Archived audit trail of network IP communications

Little to no network performance tools for identifying DoS, worm outbreaks

Extensive network performance reports including top talkers, interface utilization, exporter tracking, etc.

No identity integration

User-identity aware

Limited visibility per direct network connection

End-to-end network visibility

Commonly deployed technology

Innovative technology deployed by early adopters

To learn more about how network behavior analysis and intrusion detection system technologies detect zero-day attacks, visit Lancope’s Download Center to read the "White Paper: “Zotob: Zero-Hour Detection and Response” and learn how StealthWatch provides zero-hour detection of and response to network threats that bypass traditional security defenses.