Forensics and Incident Response

StealthWatch for Network Forensics & Incident Response

Sophisticated, targeted attacks have become increasingly difficult to detect and analyze. Attackers are employing zero-day vulnerabilities and exploit obfuscation techniques to evade detection systems and fly under the radar for long periods of time.

By collecting, analyzing and storing large amounts of flow data for months or even years, Lancope’s StealthWatch System provides a full audit trail of all network transactions for detecting anomalous traffic and performing more effective forensic investigations.

Detailed flow records can be used to detect the various phases of sophisticated, targeted attacks, as well as determine the scope and timeline of successful breaches. Flow data analysis quickly unveils who was responsible, when and how the attack was launched, and who else was affected. Through the StealthWatch Operational Network & Security Intelligence (ONSI) dashboard, alarms are closely aligned with the various steps of an attacker's "kill chain" for optimal context surrounding various attacker behaviors.

Advanced levels of security insight including device, application and user identity awareness further expedite incident response and forensics efforts. Additionally, user-centric monitoring capabilities enable administrators to investigate network behaviors and anomalies based on user names versus just IP addresses.

By delivering comprehensive security intelligence, StealthWatch eliminates the need for time-consuming and resource-intensive manual investigation, enabling organizations to more quickly and thoroughly understand and prevent future attacks.