SFLOW

By collecting, processing and analyzing sFlow data, exportable from existing routers and switches, organizations can easily extend the value of their network infrastructure. This additional intelligence is not available through classic IDS/IPS technology can only be obtained through sFlow-based technologies, which offer significant value for both security and network operations.

sFlow-enabled NBA vs. classic IDS/IPS technologies

Classic IDS/IPS technology

sFlow-enabled NBA technology

Database signatures detect known attacks

Real-time monitoring of host behaviors and traffic analysis to identify threats

Per-packet, inline blocking of attacks

Mitigation via network infrastructure or integration with inline devices

Cost prohibitive at speeds above 1G

Unlimited monitoring of high speed networks at no extra cost

Little to no network performance tools for identifying DoS, worm outbreaks

Extensive network performance reports including top talkers, interface utilization, exporter tracking, etc.

No identity integration

User-identity aware

Limited visibility per direct network connection

End-to-end network visibility

Commonly deployed technology

Innovative technology deployed by early adopters

Have you ever asked yourself any of the following questions?

  • What happens if my perimeter defenses fail to stop an external threat?

  • What happens when perimeter defenses are bypassed altogether (e.g. walk-in worms)?

  • How do I know that I haven’t already been compromised? An, what can I do about it?

These questions indicate a need for an internal security solution. Further compounding this concern are compelling events in the news that continually highlight the need for better internal security. NetFlow analysis by StealthWatch provides end-to-end visibility to secure network cores by detecting malicious, accidental and suspicious activities on the network, including:

  • misconfigured systems and devices

  • file servers ”re-deployed” as web servers

  • unauthorized apps (e.g. P2P file sharing)

  • troubleshooting network problems

SealthWatch™, the most widely used Network Behavior Analysis (NBA) and Response solution, leverages sFlow traffic samples from Foundry, Extreme, HP ProCurve, and other leading network infrastructure vendors to provide cost-effective, behavior-based network protection for distributed enterprise environments.

To learn more about sFlow analysis by StealthWatch in the enterprise, visit

Lancope’s Download Center to read the White Paper: “Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise”.