Network Anomaly Detection

Flow-based Monitoring and Network Anomaly Detection

In today’s environment of increasingly sophisticated threats, traditional, pattern-based technologies are not sufficient for detecting anomalies that could harm your network. Leveraging NetFlow, IPFIX and other flow data from existing network devices, StealthWatch provides the end-to-end visibility and in-depth intelligence needed to mitigate the full spectrum of threats facing today's enterprises. Not relying on signature updates, StealthWatch detects both zero-day attacks that bypass perimeter defenses, as well as insider threats such as network misuse, policy violations, data leakage and device misconfigurations. Advanced features including application and identity awareness, as well as automatic threat prioritization and mitigation, further expedite troubleshooting and also make the system ideal for supporting forensic investigations and compliance initiatives.

 The StealthWatch Advantage

  • Concern Index™ feature automatically ranks unexpected network activity in terms of severity and risk, which in turn greatly accelerates administrators' ability to isolate and resolve any network performance or security incident
  • Grants network visibility that aids in the detection of anomalies, such as Denial of Service (DoS) and Distributed Denial of Service (DDos) attacks, worms, pre-attack reconnaissance and network misuse
  • Drill-down analysis into alarms, host-level activity and anomalous network behavior enables administrators to quickly prioritize and respond to contain attacks and mitigate network damage
  • Network engineers see router interface statistics, top talkers, and trending reports. Security analysts receive reports detailing policy violations, worm outbreaks and other malware traversing the network.
  • Provides a unique, integrated, real-time overview of network usage, network performance and host integrity — with information easily customized for each administrators' individual responsibilities
  • Dramatically reduces the time necessary to diagnose and separate security and network events from each other, and then to generate an appropriate response
  • Protects without requiring signatures— even against zero-day or unknown threats
  • Easily scales for large networks to quickly pinpoint anomalies, internal threats, unauthorized activity and unauthorized devices that evade traditional security — including the ability to connect events to individual devices and users
  • Combines in-depth intelligence from the internal network with behavioral analysis of data from perimeter devices to deliver advanced contextual awareness