Identity Awareness

StealthWatch for Identity Awareness

StealthWatch can now run flow queries on specific user names. In today’s environment of advanced persistent threats, insider threats and increasingly complex networks, IT administrators require a more comprehensive means of uncovering the root cause of security issues. Alongside in-depth behavioral analysis, StealthWatch offers valuable identity awareness capabilities to pinpoint the exact users responsible for and affected by security breaches. Identity data provides greater context around suspicious host and network behaviors to help curb risky practices, overcoming the forensics challenge presented by dynamic enterprise environments.

By identifying the user causing an event and other users affected, StealthWatch provides greater accountability and immediate insight into network events. Additionally, user-centric monitoring capabilities allow network and security teams to run flow queries and reports based on actual user names versus just IP addresses. Administrators can also search on user names, as well as obtain a User Snapshot outlining a specific person’s network activity – including any anomalous
behavior or alarms triggered.

Alongside identifying specific users on the network, StealthWatch can also collect and analyze device details such as device type, security posture and physical location on the network through integration with the Cisco Identity Services Engine (ISE). This extra layer of identity information delivers unprecedented visibility into advanced threats across the entire network – from core and distribution to user access edge. Lancope also consumes user names within NetFlow records from Cisco ASA appliances to provide an additional identity data source.

Identity and device data enable organizations to more accurately assess the intent and potential danger of suspicious activity – whether it is malicious or just an inadvertent policy violation – to more effectively determine the best course of action for mitigation. This insight is invaluable for combating advanced attacks including APTs and insider threats, as well as for improving incident response, forensics and compliance initiatives.

For more information, see the Market Brief – Identity-Aware NetFlow.