StealthWatch for Network Visibility
& Security Intelligence
Insider threats are on the rise while sophisticated attacks continue to bypass perimeter defenses. Compounding these risk factors are internal misuse as well as unnecessary network exposures, such as:
- firewall misconfigurations
- unsecured site-to-site communications that bypass secured hubs
- peer-to-peer file sharing
- inappropriate server access
- unauthorized employee web server implementation over the network
StealthWatch combines flow-based monitoring with network behavior anomaly detection to provide enterprise-wide visibility into host and network behaviors, adding a broader context around point-in-time security events.
BYOD & Mobile Devices
StealthWatch monitors users and mobile devices on the network, including personal smartphones, tablets and laptops. Mobile awareness helps pinpoint the exact source – even USB drives – of issues such as zero-day attacks, insider threats, policy violations and data leakage.
StealthWatch provides a complete picture of everything happening on the network to deliver the situational awareness needed to maintain high levels of security and performance amidst a constantly-evolving network and mobile environment.
Forensics and Incident Response
By collecting, analyzing and storing large amounts of flow data for months or even years, Lancope’s StealthWatch System provides a full audit trail of all network transactions for detecting anomalous traffic and performing more effective forensic investigations.
Flow data analysis quickly unveils who was responsible, when and how the attack was launched, and who else was affected.
StealthWatch captures and exports all communication information from and within the virtual environment to spot security policy violations, demonstrate compliance and strengthen forensics capabilities.
Not limited to worms, StealthWatch also detects Denial of Service attacks, bots and threats for which no signature is currently available. It also monitors internal network activity for unauthorized host access, services and ports in use, applications in use, and misconfigured devices, all of which are critical for securing your virtual environment.