Customers

Lancope is now part of Cisco Learn MoreLancope Arrow About Cisco

Westinghouse Electric

ljordan's picture

Westinghouse Electric

Challenges

Solved the following operational challenges with Stealthwatch:

  • Reduced mean-time-to-know (MTTK) root cause of network or security incidents
  • Enhanced network security posture
  • Improved forensic analysis
  • Increased correlation of user identity and activity
  • Increased flow collection, monitoring and analysis
  • Enhanced compliance posture

Use Case

Primarily uses Stealthwatch in the following ways:

  • Incident response
  • Network forensics
  • Security forensics
  • NIST compliance
  • Network performance monitoring

Used Stealthwatch to detect or prevent the following security threats:

  • Advanced persistent threats
  • Network malware or virus
  • Compromised host
  • Data loss/ exfiltration
  • Command and control traffic/ botnets
  • Network reconnaissance

Is doing the following with Stealthwatch deployment:

  • Monitoring a large, globally distributed network
  • Monitoring traffic within a data center, physical and virtual

Results

Chose Stealthwatch for the following capabilities:

  • Behavior-based security monitoring
  • Real-time flow monitoring capabilities
  • Internal visibility
  • Forensics
  • Advanced persistent threat (APT) detection
  • Scalability
  • Identity awareness

Selected Stealthwatch over the following vendors:

  • Q1 Labs / IBM
  • Fluke / Visual Network systems

Meets enterprise requirements by utilizing the following Stealthwatch benefits:

  • Scalability and flexibility
  • Real-time threat detection and correlation with user identity data
  • Enterprise-wide visibility into network activity
  • Deployment and support simplicity
  • Forensic analysis

Reduced the time it took to mitigate a security incident by 25 percent to 49 percent by deploying Stealthwatch.

Rated the following Stealthwatch capabilities as compared to competing vendors:

  • Network Security: Much Better
  • Network Visibility: Much Better
  • Innovation: Better
  • Scalability: Better
Download PDF (57.84 KB)

Lancope’s solution has provided us with better visibility into network activity across our global enterprise. The near real-time data reporting and alerting capabilities enable our team to detect and respond quicker to security incidents as they occur.

Jeff DeLong, Information Security Architect

Miami Dade County

ljordan's picture

Miami Dade County

Challenges

Purchased Lancope because it is differentiated from competitive products in the following areas:

  • User centric monitoring
  • Flow analytics

Use Case

Is currently using Stealthwatch for:

  • Network analysis & visibility
  • Advanced threat detection
  • Network performance monitoring & diagnostics

Uses Stealthwatch with:

  • Firewalls
  • Full-packet capture system

Results

The following are the greatest benefits of the internal visibility provided by Lancope Stealthwatch:

  • Earliest detection of advanced threats (APTs, malware, etc.)
  • Faster Incident response
  • Monitors individual user activity & mobile devices

Agrees that Stealthwatch's user/host-level information is critical for the following:

  • Security
  • Performance monitoring
  • Network troubleshooting

Rated Stealthwatch's effectiveness in the following areas:

  • detecting DDoS: effective
  • accelerating incident response and forensics: effective
  • detecting advanced persistent threats: effective
  • detecting insider threats / Suspicious behavior: effective
  • detecting malware / zero-day attacks: effective

Saves hours per incident for determining Mean-Time-To-Identify threats and Mean-Time-To-Know root cause using Stealthwatch.

Rated how critical Lancope Stealthwatch is for the following:

  • Monitoring visibility: very critical
  • Improving security: very critical
  • Managing cyber security: critical
  • Responding to cyber threats : critical

Ranks Lancope's customer support as above average.

Download PDF (53.83 KB)

[My favorite aspect of Stealthwatch is it gives an] overview of the network.

Jesus Lira, IT Manager

Fitchburg State University

ljordan's picture

Fitchburg State University

Introduction

Fitchburg State University, located in central Massachusetts, is a public institution dedicated to integrating high-quality professional programs with strong liberal arts and sciences studies. Founded in 1894, the university now has more than 30 undergraduate programs and 22 master’s degree programs, with 500+ employees and 7,000 students. The university’s vast Enterasys network supports approximately 5,000 devices spread out over 30+ buildings and 31 acres, as well as three wirelessly-connected remote sites, including an athletic field, several miles from campus. 

“Over the past few years, we have seen an explosion in mobile devices and wireless connections on our network,” said Tony Chila, network manager for Fitchburg State University. “We soon realized that we required greater visibility into all of the devices and applications running on our systems than could be achieved with our current solutions. Stealthwatch provides us with the actionable insight we need to more quickly and confidently address the full spectrum of network and security issues we are faced with on a daily basis. Everyone from our network, security and server teams, all the way up to the Information Security Officer and CIO find value in the system.”

Stealthwatch provides us with the actionable insight we need to more quickly and confidently address the full spectrum of network and security issues we are faced with on a daily basis.”

Stealthwatch Provides Greater Network Visibility 

Prior to Stealthwatch, Fitchburg State’s IT team had no insight into the services, protocols, ports and applications being used on its network. While the school’s disparate technology tools provided pockets of visibility into certain areas or aspects of the network, there were huge gaps in the overall picture. The IT department feared that this lack of visibility could open the school up to performance, security and compliance issues, especially as the network and number of users and devices continued to grow. 

Fitchburg State therefore turned to Stealthwatch to deliver a complete, end-to-end picture of everything happening across its entire network, providing both at-a-glance, high-level views as well as sophisticated drill-down capabilities. By collecting, analyzing and correlating NetFlow data from across the network, Stealthwatch provides real-time and historical forensic insight into network and host behaviors as a whole. The system can quickly and very accurately baseline normal behavior, detect anomalies, prioritize the top issues for IT administrators, determine the exact application causing issues and even automatically mitigate threats using existing infrastructure. 

Intuitive graphs and dashboards showing traffic flow for various systems including Exchange servers and the school’s Blackboard learning management system allow Fitchburg State to easily detect concerning behaviors, such as unusually large amounts of traffic and communication with restricted segments of the network. The Stealthwatch Host Snapshot also provides valuable host-level details such as MAC address, interfaces the host is using, services running, recent alarm activity observed from the host, and more. 

With its FlowSensor appliance, Stealthwatch can also provide insight into areas of the network, such as virtualized environments, that do not inherently support flow data. And with the Stealthwatch IDentity appliance, Fitchburg State can trace the root cause of network and security issues all the way down to the exact user responsible. 

Stealthwatch makes it simple and cost-effective for us to find out just about anything we want to know about our network.”

“Between the intuitive graphs and maps, and the sophisticated drill-down capabilities, Stealthwatch makes it simple and cost-effective for us to find out just about anything we want to know about our network,” added Chila of Fitchburg State. “Bandwidth utilization, server response time, round trip time, where traffic is flowing to/from, who is generating the traffic and much more is all right at our fingertips. This easy access to key information has been invaluable for many efforts – from boosting network performance and pinpointing potential security issues to capacity planning, VoIP QoS and compliance with PCI and RIAA regulations.”  

Fitchburg Expedites Troubleshooting with Stealthwatch

The improved network visibility achieved through Stealthwatch eliminates the need for time-consuming, manual analysis and dramatically expedites the troubleshooting process – at a fraction of the cost of traditional monitoring solutions. Previously, when there was a network slowdown, Fitchburg State’s IT team would have to examine its network equipment unit by unit to identify unusually high utilization. The group would then have to physically go out into the field to run a packet capture to determine the root cause. 

With Stealthwatch, both the source – network or server – and cause of network security and performance problems can be quickly uncovered without the need for manual analysis. To further expedite troubleshooting, Stealthwatch seamlessly integrates with other network and security tools to collect as much information as possible on network behaviors. Fitchburg State has benefited greatly from this integration, with Stealthwatch correlating the logs from various systems including NAC, firewalls and IPS to provide a clear, consolidated picture of both network- and host-level activities.  

Stealthwatch significantly reduces the time from problem onset to resolution, while also cutting network and security management costs. The system has even enabled Fitchburg State to eliminate a previous IDS deployment that was too burdensome for the school’s small networking and security team to manage and fine tune to meet its needs. 

Stealthwatch Facilitates High-Level Reporting to Management

At Fitchburg State, it is important for the school’s Information Security Officer (ISO) and CIO to be kept informed about network and security issues. The network and security teams therefore send two daily reports to the ISO and CIO, as well as the school’s server team, to provide a high-level visualization of what is going on in the network. 

From there, users can easily drill down into the information to extract any other details they require. Details on the firewall, IPS, and many other technologies can be obtained right from Stealthwatch without having to go into any other systems. “Stealthwatch provides a one-stop shop for obtaining detailed information on any area of the network,” said Chila.  

When one of the school’s wirelessly-connected remote sites was having trouble with VoIP call quality, the network team used Stealthwatch to determine whether the bandwidth for that site needed to be increased. In the end, it was determined that thick trees were disrupting call quality, not a lack of bandwidth, saving the school the extra money it would have had to spend to increase the pipeline. 

 

Download PDF (287.98 KB)

Lancope has been great to work with in terms of customizing Stealthwatch to meet the specific needs of our entire IT organization, even under our tight budget constraints. As a result, we are now better equipped to manage the network efficiently, and effectively combat any threats that come our way. We expect Stealthwatch to result in significantly reduced downtime for the university system, and an improved user experience for our students, faculty and staff.

Tony Chila, Network Manager

MEMC Electronic Materials, Inc.

ljordan's picture

MEMC Electronic Materials, Inc.

Challenges

Stealthwatch has helped improve the following:

  • Network baselining
  • Real-time threat detection
  • Incident response
  • Forensic investigations
  • Network troubleshooting

Use Case

Stealthwatch has helped with:

  • Insider threats
  • APTs
  • Malware/zero-day attacks
  • DDoS attacks
  • Network performance

 

Is able to secure the following with Stealthwatch:

  • Virtual infrastructure/private clouds
  • IoT devices/systems
  • The data center
  • A BYOD environment
  • SDN infrastructure
  • Areas of my network I could not see previously
  • Remote locations

Results

Stealthwatch System has helped their organization achieve the following:

  • Greater network visibility
  • Heightened threat intelligence

Found the following Stealthwatch capabilities to be the most beneficial:

  • Sophisticated security analytics/behavioral analysis
  • Flow stitching and deduplication
  • Detection of lateral movement (East-West Traffic)
  • Long-term flow storage

Compared to other security vendors, Lancope is:

  • Effective at detecting attacks
  • Stealthwatch enables the company to:
    • Better manage security with limited staff/resources
    • Accelerate threat detection and mitigation
    • Speed up incident response
    • Clearly report on organizational security to upper management
Download PDF (228.16 KB)

Stealthwatch provides security and network information in one package.

Brian Barry, Security Manager

Saudi Post

ljordan's picture

Saudi Post Improves Service and Security for 600 Locations

Founded in 1961, Saudi Post Corporation is the official postal service operator of Saudi Arabia, covering all cities and villages in the country. Based in Riyadh, the capital of Saudi Arabia, Saudi Post offers services for personal and business shipping, as well as government services including driver’s license and vehicle registration renewals. The organization’s network serves approximately 600 locations and more than 10,000 users.

Saudi Post began using Lancope’s Stealthwatch® System in early 2012 to collect and analyze NetFlow from around 500 exporters for improved network and security operations. The system allows the organization to collect flow data locally across its distributed architecture, while viewing, analyzing and managing the data through a centralized console. In addition to collecting NetFlow, Saudi Post can also obtain visibility into areas of the network that do not inherently support flow data by using the Stealthwatch FlowSensor, which combines behavioral analysis with deep packet inspection.

Lancope worked with IT solutions provider, Alternatives Technology Company, to implement Stealthwatch at Saudi Post, marking the first ever implementation of Stealthwatch in Saudi Arabia.

Download PDF (226.85 KB)

StealthWatch enables us to know what is happening across our entire network 24/7 to facilitate faster decision making and streamlined troubleshooting

Anwar M. Bakhashwain, IT Operations Director

Hewlett-Packard

ljordan's picture

Hewlett-Packard

One of the challenges of securing an IT infrastructure is the sheer volume of the data generated by its subsystems.

Take HP’s global network, for example. The network comprises around 16,000 switches and 10,000 routers, and connects some 300,000 users working from 600 sites—plus uncountable remote connections—worldwide. And the network is constantly humming with activity, which means HP’s network is constantly generating data. In aggregate, the network generates some 600,000 data flows per second, each of which represents another discrete subset of data: records of IP packets and the time intervals associated with those packets.

The vast majority of that data, of course, represents benevolent network traffic. But not all of it is benign: a network security expert would certainly find, entwined within those flows, evidence of unwanted activity—malware, perhaps, or malicious behavior, or unsanctioned uses of network resources.

It’s a task that requires highly powerful analytics capabilities—which is why HP has implemented Stealthwatch, a network traffic analyzer that in turn leverages the HP Vertica Analytics Platform, a big data solution from HP’s own software portfolio.

Network anomaly detection essential to HP’s security approach

HP’s three-pronged approach to online security—prevention, detection, and response—relies on a range of tactics. To address prevention, the company continually reinforces its systems against security vulnerabilities. To support detection and response, it uses intrusion protection technology, including HP Tipping Point and HP ArcSight HP, the company’s Security Incident Event Management (SIEM) solution.

Lancope Stealthwatch complements these other elements of HP’s cyber security framework by providing network-based anomaly detection.

Lancope’s first task is to collect network data, including NetFlow, sFlow, JFlow, IPFix, and netStream flows. The tool uses already-installed network devices to perform data collection; this minimizes the cost of network monitoring because additional instruments don’t need to be added to the network. “With some of the other network monitoring tools we’ve tried, we had to deploy excessive amounts of specialized hardware,” O’Shea says. “With Lancope we don’t need extra hardware to get a comprehensive, scalable view of network activity.”

As the data is collected, it’s sent to the tool’s analytics engine, which is built on an embedded version of the HP Vertica Analytics Platform software. There, the flows are analyzed for indications of malicious or anomalous behavior, including attempted malware intrusions, misuse of network resources or distributed denial-of-service (DDoS) attacks.

HP Vertica’s powerful analytics capabilities are crucial to the tool’s effectiveness. Lancope’s monitoring of network flows is constant; the volume of data it gathers is enormous. The HP Vertica Analytics Platform software, however, is designed to manage large, fast-growing volumes of data. Lancope chose the HP Vertica Analytics Platform software because it can easily handle the data Lancope collects.

In addition, HP Vertica supports very fast query performance. HP’s network security team, therefore, doesn’t experience long lags when they use the Lancope dashboard to load and query data. “We can easily view the last 5 to 10 minutes of flow data, because it’s constantly being refreshed and because queries run so quickly,” O’Shea notes.

Data can be viewed in detailed or summarized form, or in graphical format.

The HP Vertica Analytics Platform also provides built-in capabilities such as automated deduplication. This is critical for monitoring network flows, because the same data often passes through multiple routers. Deduplication reduces the total amount of data stored, and thereby simplifies its management and—over time— associated data storage costs.

Integrated solutions support security framework

If the Lancope system detects events that appear anomalous or malicious, it sends alerts to the other technologies HP has deployed to help respond to computer threats, including HP ArcSight and HP Tipping Point. Within these solutions, data gathered by Lancope is correlated with other infrastructure data to provide additional insight into infrastructure events, and to provide HP’s Global Security Operations Center with the actionable information they need to respond to events.

“With an infrastructure as big and complex as ours, we need a broader approach than can be achieved with individual tools,” O’Shea notes. “Integrating Lancope with HP security solutions such as HP ArcSight and HP Tipping Point is consistent with the kind of comprehensive cyber coverage that modern global enterprises require. It helps ensure we have a complete picture of our infrastructure and reduces the risk that we’ll miss critical events.”

The combination of continual network flow monitoring and analytics—provided by Lancope and the HP Vertica Analytics Platform—and the monitoring and intrusion protection capabilities offered by HP ArcSight and HP Tipping Point, help ensure that the HP Cyber Security team can respond to events quickly and effectively. “The goal is to catch any potential threat early, so that we can respond appropriately,” says O’Shea. “Lancope provides functionality critical to meeting that goal.”

Forensics, history support continual improvement

While the main reason HP implemented Lancope was to provide detection of events as they occur, over time the solution will strengthen the company’s cyber security capabilities in other ways.

For example, the HP Vertica Analytics Platform’s capabilities can also be used to help HP tell if its IT resources are being used in ways that are not authorized or permitted. Unusual network activity or connections might indicate that corporate resources are being used to host unauthorized websites, for example.

HP can use the solution to help it with forensics. Because the tool’s data analytics engine both stores and analyzes enormous amounts of data, HP’s network security team can use it to parse historic network activity. Over time, this will help HP better understand what constitutes “normal” network behavior—which will in turn sharpen its ability to detect abnormal events. “The more history we have, the more we understand how our infrastructure components ‘naturally’ behave,” says O’Shea.

Analyzing historic data can also help HP gain new insight into malware and the techniques hackers use when they try to breach corporate defenses.

Another benefit of the technology is that it helps HP’s network security team better understand how application ecosystems and networks interact and communicate. In the past, it was sometimes challenging for the company’s network experts to collaborate with applications developers. “Developers might not understand the protocols of the network ecosystem, or how to share relevant information with the network team,” O’Shea explains.

But by using the data amassed by the HP Vertica Analytics Platform, plus the analytics capabilities the solution provides, the network team can gain direct insight into how its protocols affect applications. “It’s helping guide us as we design network protocols,” says O’Shea. “We’re more confident that we can build firewalls that won’t break the applications they’re supposed to protect.”

And finally, HP can potentially leverage the solution to help other HP IT professionals with tasks that aren’t necessarily security related. The data analytics provided by the HP Vertica Analytics Platform could, for example, be used to map how applications services are being consumed on an enterprise basis. This could help HP more effectively allocate resources, which could in turn improve application performance and reduce costs.

Download PDF (485.64 KB)

Integrating Lancope with HP security solutions such as HP ArcSight and HP Tipping Point is consistent with the kind of comprehensive cyber coverage that modern global enterprises require. It helps ensure we have a complete picture of our infrastructure and reduces the risk that we’ll miss critical events.

Jim O’Shea, Network Security Architect

Edge Web Hosting

ljordan's picture

Edge Web Hosting

Massive Scalability, Comprehensive Network Insight

Headquartered in Baltimore, Maryland, Edge Web Hosting provides highly available managed hosting services for hundreds of organizations around the world. The company guarantees 100 percent uptime at a predictable monthly cost by proactively maintaining and monitoring managed hosting solutions on a 24/7 basis. The company assumes responsibility for every aspect of its customers’ managed hosting environments, including hardware, software, databases and security, making optimal network protection and performance paramount to the success and vitality of the organization.

Challenges

The company sought a network and security monitoring solution that could provide:

  • Visibility into customer traffic patterns
  • Insight into network threats and anomalies
  • A better understanding of applications running on the network
  • Bandwidth usage reports and measurement
  • Capabilities for network capacity planning

Generating mass amounts of data, Edge Web Hosting was hard pressed to find a monitoring solution that could keep up with its large-scale network. Stealthwatch met and surpassed the hosting provider’s needs with the ability to collect and analyze three million flows per second (fps) of NetFlow data.

Results

Stealthwatch’s advanced levels of visibility provide both an overall view of what is happening across an entire network, as well as the ability to quickly drill down into problem areas. Some of the additional layers of Stealthwatch intelligence leveraged by Edge Web Hosting include:

  • Virtual/cloud visibility
    Having recently released a large-scale cloud environment based on VMware, virtual visibility was critical for Edge Web Hosting. Conventional security solutions do not provide any insight into virtual-machine-to-virtual-machine (VM2VM) communications, leaving a dangerous blind spot when it comes to network monitoring. With the Stealthwatch FlowSensor™ Virtual Edition (VE), Edge Web Hosting can obtain the same level of visibility into its cloud environment as it can for its physical layer — helping to ensure that no potential threats to network performance or security go unnoticed.
  • A view into the data center
    The data center is also a typical point of weakness when it comes to conventional security strategies. Many security tools do not provide any insight into the data center, but with Stealthwatch, Edge Web Hosting can view all communications happening both within its Maryland and Virginia data centers, as well as from its data centers out to the rest of the world.
  • Insight at the perimeter
    As a heavy user of Cisco technology, including ASA Firewalls, the ability to collect and analyze data from the network edge with Stealthwatch is a big win for Edge Web Hosting. When malicious users evade perimeter defenses, Stealthwatch immediately flags this activity to administrators as a potential concern. By combining internal and perimeter-based monitoring, Edge Web Hosting can obtain greater contextual awareness to make faster, more informed decisions.
  • Packet analysis and application awareness
    In addition to providing a complete audit trail of all network transactions, Lancope also offers packet capture capabilities through the Stealthwatch FlowSensor. Through a combination of deep packet inspection (DPI) and behavioral analysis, Stealthwatch identifies applications and protocols in use across the network and gathers packet-level performance statistics. This helps Edge Web Hosting enhance troubleshooting efforts for application performance problems and security incidents.
  • Integration with IPS
    Stealthwatch also integrates with Edge Web Hosting’s IPS system. “The ability to correlate IPS events with our NetFlow data is a very valuable capability for troubleshooting and incident response,” said Jordan. Edge Web Hosting is also able to leverage Lancope’s application awareness capabilities to make sure that its IPS is blocking the appropriate traffic.
  • Enhanced reporting
    All of this data is delivered to Edge Web Hosting through advanced dashboards and reports that eliminate the need for manual analysis. “As an Internet-facing organization, we have a lot of issues being thrown at our network from both internal and external sources,” said Jordan. “Stealthwatch allows us to quickly detect and drill down into abnormalities in network activity to get ahead of potential attacks and breaches.”

 

Download PDF (228.16 KB)

With Stealthwatch, we can process massive amounts of data very quickly, From there, we can easily obtain a comprehensive picture of what is going on within our network, and determine whether there are any issues that need immediate attention. Stealthwatch was the only product that offered a holistic solution for monitoring our entire network.

Michael Jordan, Director of Network Operations

Gannett

ljordan's picture

Gannett Company, Inc.

Challenges

Purchased Lancope because it is differentiated from competitive products in the following areas:

  • Scalability up to 3 million flows per second
  • User-centric monitoring

Use Case

Uses Stealthwatch with:

  • Firewalls
  • IDS / IPS

Doing the following with Stealthwatch deployment:

  • Monitoring a large, globally distributed network
  • Monitoring a centralized network with a large number of satellite or retail locations

 Results

The following are the greatest benefits of the internal visibility provided by Stealthwatch:

  • Earliest detection of advanced threats (APTs, malware, etc.)
  • Continuous internal monitoring

Agrees that Stealthwatch’s user/host-level information is critical for the following:

  • Security
  • Compliance

Rated Stealthwatch’s effectiveness in the following areas:

  • Detecting insider threats / Suspicious behavior: extremely effective
  • Detecting malware / zero-day attacks: extremely effective

Rated how critical Lancope Stealthwatch is for the following:

  • Monitoring visibility: very critical
  • Improving security: very critical
  • Managing cyber security: very critical
  • Responding to cyber threats : very critical

Selected Stealthwatch by Lancope over the following vendors:

  • NetScout
  • Plixer
Download PDF (51.26 KB)

Yale New Haven Hospital

ljordan's picture

Yale New Haven Hospital

Challenges

Purchased Lancope because it is differentiated from competitive products in the following areas:

  • Value for price
  • Customer support

Use Case

Is currently using Stealthwatch for:

  • Specialized threat analysis & protection
  • Network analysis & visibility
  • Advanced threat detection
  • Network performance monitoring & diagnostics

Uses Stealthwatch with:

  • SIEM

Results

The following are the greatest benefits of the internal visibility provided by Lancope Stealthwatch:

  • Forensics
  • Continuous internal monitoring

Agrees that Stealthwatch's user/host-level information is critical for the following:

  • Security
  • Performance monitoring
  • Forensics
  • Compliance
  • Network troubleshooting

Rated Stealthwatch's effectiveness in the following areas:

  • detecting DDoS: effective
  • accelerating incident response and forensics: effective
  • detecting advanced persistent threats: effective
  • detecting insider threats / suspicious behavior: effective
  • detecting malware / zero-day attacks: effective

Saves hours per incident for determining Mean-Time-To-Identify threats and Mean-Time-To-Know root cause using Stealthwatch.

Rated how critical Lancope Stealthwatch is for the following:

  • Monitoring visibility: critical
  • Improving security: somewhat critical
  • Managing cyber security: somewhat critical
  • Responding to cyber threats : not critical

Ranks Lancope's customer support as above average.

 

Download PDF (52.29 KB)
Read Brief

Clark County Nevada

Alexander's picture

Clark County Nevada

The key features and functionalities of Cisco Stealthwatch that Clark County Nevada uses: combat insider threats, identify malware and APTs, prevent ransomware attacks, improve network performance, conduct forensic investigations, proactively hunt for threats on the network, prevent DDoS attacks, and enforce policy.

Challenges

Clark Country Nevada deployed Cisco Stealthwatch to gain visibility into the following:

  • Data centers
  • Access
  • Edge
  • Core
  • User data
  • Virtualized infrastructure

Results

Clark County Nevada uses Cisco Stealthwatch for the following reasons:

  • Improve security efficacy
  • Reduce enterprise risk
  • Increase operational efficiency
  • Improve regulatory compliance

Uses Stealthwatch to enable the following:

  • Detect threats faster
  • Secure more areas of the network
  • Illuminate blind spots in the network
  • Reduce mean time to dwell for threats on the network
  • Accelerate incident response
  • Improve forensic investigations
  • Use the network as a sensor
  • Use the network as an enforcer

Rates their experience with Stealthwatch's proposed benefits to be as follows:

  • Simple, easy to use: very strongly agree
  • Open, easy to integrate: agree
  • Automated, reduces manual work: very strongly agree
  • Effective, enhances security: very strongly agree
Download PDF (55.78 KB)

On the first day Stealwatch was operating, we detected and solved two chronic issues that plagued our network team for months.

Jared Hansen, Supervisory Network Analyst

Asiacell (Iraq)

Alexander's picture

Asiacell (Iraq)

Challenge

The business challenges that led Asiacell (Iraq) to evaluate and ultimately select Cisco Stealthwatch: 

Uses Stealthwatch to gain visibility into the following:

  • Data centers
  • Access
  • Edge
  • Core
  • User data
  • Virtualized infrastructure

Use Case

The key features and functionalities of Cisco Stealthwatch that Asiacell (Iraq) uses:

Uses Stealthwatch for the following reasons:

  • Segment the network
  • Combat insider threats
  • Identify malware and APTs
  • Prevent ransomware attacks
  • Improve network performance
  • Prevent DDoS attacks
  • Enforce policy

Results

Uses Stealthwatch for the following reasons:

  • Improve security efficacy
  • Reduce enterprise risk
  • Increase operational efficiency
  • Improve regulatory compliance

Uses Stealthwatch to enable the following:

  • Detect threats faster
  • Secure more areas of the network
  • Accelerate incident response
  • Improve forensic investigations
  • Use the network as a sensor
  • Use the network as an enforcer

Rates their experience with Stealthwatch's proposed benefits to be as follows:

  • Simple, easy to use: very strongly agree
  • Open, easy to integrate: very strongly agree
  • Automated, reduces manual work: very strongly agree
  • Effective, enhances security: very strongly agree

Stealthwatch protects my previous investments by allowing me to do more with my existing security tools.

Hardi Ahmed, Security Officer

Deloitte & Touche LLP

Alexander's picture

Deloitte & Touche LLP

Stealthwatch provides industry-leading network visibility and security intelligence.

Deloitte & Touche LLP has integrated Stealthwatch with the Identity Services Engine (ISE).

 

Challenge

The business challenges that led Deloitte & Touche LLP to evaluate and ultimately select Cisco Stealthwatch: 

Uses Stealthwatch to gain visibility into the following:

  • Data centers
  • Access
  • Mobile devices
  • Application usage
  • Virtualized infrastructure
  • Cloud environments

Use Cases

The key features and functionalities of Cisco Stealthwatch that Deloitte & Touche LLP uses:

Uses Stealthwatch for the following reasons:

  • Segment the network
  • Combat insider threats
  • Identify malware and APTs
  • Improve network performance
  • Conduct forensic investigations
  • Proactively hunt for threats on the network
  • Prevent DDoS attacks
  • Enforce policy 

Results

Deloitte & Touche LLP achieved the following results with Cisco Stealthwatch:

Uses Stealthwatch for the following reasons:

  • Improve security efficacy
  • Reduce enterprise risk
  • Maintain a competitive advantage
  • Protect intellectual property
  • Better serve customers/partners
  • Increase operational efficiency
  • Improve regulatory compliance

Uses Stealthwatch to enable the following:

  • Secure more areas of the network
  • Illuminate blind spots in the network
  • Reduce mean time to dwell for threats on the network
  • Improve forensic investigations
  • Use the network as a sensor

Rates their experience with Stealthwatch's proposed benefits to be as follows:

  • Simple, easy to use: very strongly agree
  • Open, easy to integrate: very strongly agree
  • Automated, reduces manual work: very strongly agree
  • Effective, enhances security: very strongly agree
Download PDF (57.12 KB)

Stealthwatch protects my previous investments by allowing me to do more with my existing security tools.

Naveen Varma Chintalapati, Chief Technology Officer

The University of Chicago

Alexander's picture

The University of Chicago

The University of Chicago realized the following benefits from their engagement with Stealthwatch: faster threat detection, secure more of their network (devices, remote locations, etc.), detect different types of potential threats on their network, and integrate Stealthwatch with other security tools.

Challenges

The University of Chicago has improved in the following areas as a result of working with the Customer Success team for Cisco Stealthwatch:

  • Network baselining
  • Incident response
  • Overall security posture
  • Network troubleshooting

Results

By engaging with the Customer Success team, the University of Chicago achieved the following results with Stealthwatch:

  • Improve security efficacy
  • Faster time to value
  • Time to value in less than 30 days

Rates Stealthwatch Customer Success team to be better than competitors in the following areas:

  • Concerned about the client's success
  • Effortless to work with
  • Cost effective

Rates Stealthwatch Customer Success team as much better than other security vendors.

Rates their likelihood for re-engaging with the Stealthwatch Customer Success team in the following areas:

  • Learning & Development/Training: very likely
  • Support: extremely likely

Uses Stealthwatch to enable the following:

  • Detect threats faster
  • Secure more areas of the network
  • Illuminate blind spots in the network
  • Reduce mean time to dwell for threats on the network
  • Accelerate incident response
  • Improve forensic investigations
  • Use the network as a sensor
  • Use the network as an enforcer

Rates their experience with Stealthwatch's proposed benefits to be as follows:

  • Simple, easy to use: very strongly agree
  • Open, easy to integrate: agree
  • Automated, reduces manual work: very strongly agree
  • Effective, enhances security: very strongly agree
Download PDF (53.84 KB)

Stealthwatch has delivered a strong benefit to our organization, providing a fast return on investment.

Jason Edelstein, Engineer

Norfolk Southern Corporation

Alexander's picture

Norfolk Southern Corporation

Norfolk Southern Corporation uses Stealthwatch for the following reasons: segment the network, combat insider threats, identify malware and APTs, improve network performance, conduct forensic investigations, and proactively hunt for threats on the network.

Challenge

Norfolk Southern Corporation uses Stealthwatch to gain visibility into the following:

  • Data centers
  • Access
  • Edge
  • Core
  • User data
  • Mobile devices
  • Application usage
  • Virtualized infrastructure

Results

Norfolk Southern Corporation achieved the following results with Cisco Stealthwatch.

Uses Stealthwatch for the following reasons:

  • Improve security efficacy
  • Reduce enterprise risk
  • Maintain a competitive advantage
  • Better serve customers/partners
  • Increase operational efficiency
  • Improve regulatory compliance

Uses Stealthwatch to enable the following:

  • Detect threats faster
  • Illuminate blind spots in the network
  • Reduce mean time to dwell for threats on the network
  • Accelerate incident response
  • Improve forensic investigations
  • Use the network as a sensor
  • Use the network as an enforcer

Rates their experience with Stealthwatch's proposed benefits to be as follows:

  • Simple, easy to use: very strongly agree
  • Open, easy to integrate: very strongly agree
  • Automated, reduces manual work: very strongly agree
  • Effective, enhances security: very strongly agree
Download PDF (57.07 KB)

With quick access to netflow, we can easily get to the root of any investigation with absolute certainty of what happened and when.

Bill Guilford, Security Manager

Horizon Blue Cross Blue Shield Of NJ

Alexander's picture

Horizon Blue Cross Blue Shield Of NJ

The key features and functionalities of Cisco Stealthwatch that the surveyed company uses: identify malware and APTs, improve network performance, proactively hunt for threats on the network, prevent DDoS attacks, and enforce policy.

Challenges

The business challenges that led Horizon Blue Cross Blue Shield of NJ to evaluate and ultimately select Cisco Stealthwatch:

  • Application usage
  • Virtualized infrastructure

Results

The surveyed company achieved the following results with Cisco Stealthwatch:

  • Improve security efficacy
  • Reduce enterprise risk
  • Maintain a competitive advantage
  • Protect intellectual property
  • Better serve customers/partners
  • Increase operational efficiency
  • Improve regulatory compliance

Uses Stealthwatch to enable the following:

  • Detect threats faster
  • Secure more areas of the network
  • Illuminate blind spots in the network
  • Reduce mean time to dwell for threats on the network
  • Accelerate incident response
  • Improve forensic investigations
  • Use the network as an enforcer

Rates their experience with Stealthwatch's proposed benefits to be as follows:

  • Simple, easy to use: strongly agree
  • Open, easy to integrate: strongly agree
  • Automated, reduces manual work: strongly agree
Download PDF (55.46 KB)
Read Brief

Stealthwatch has dramatically improved my organization’s security posture.

Keerthi Kumar, IT Administrator

VIacom

Alexander's picture

Viacom

Challenges

Viacom uses Stealthwatch to gain visibility into the following:

  • Access
  • Application usage

Use Cases

Viacom uses Stealthwatch for the following reasons:

  • Improve network performance
  • Prevent DDoS attacks

Results

Viacom uses Stealthwatch for the following reasons:

  • Improve security efficacy
  • Protect intellectual property
  • Increase operational efficiency

Viacom uses Stealthwatch to enable the following:

  • Detect threats faster
  • Reduce mean time to dwell for threats on the network
  • Accelerate incident response

Rates their experience with Stealthwatch's proposed benefits to be as follows:

  • Simple, easy to use: strongly agree
  • Open, easy to integrate: strongly agree
  • Automated, reduces manual work: strongly agree
  • Effective, enhances security: strongly agree
Download PDF (51.22 KB)

Stealthwatch helped to identify the traffic and usage on the WAN link.

Byju Varghese, Engineer

Rio 2016 Olympics

Alexander's picture

Cisco Securely Connects the Rio 2016 Olympics to the World

All roads to the Olympics start with a dream. For the over 15,000 Olympic and Paralympic athletes from 205 countries who congregated in Rio de Janeiro in 2016, it’s the dream of competing at the highest level possible. It’s also about standing on the podium wearing a gold medal while their country’s flag rises and the national anthem plays. For Cisco, as a proud supporter of the 2016 Olympic and Paralympic Games in Rio, it also starts with a dream: that when we securely connect everything, anything is possible. Supporting a global event of this size is a monumental task that demands a network like no other. The Rio 2016 Games required connectivity, bandwidth, security, and support for:

  • 37 competition venues
  • More than 100 support venues
  • 15,000 athletes
  • 70,000 volunteers
  • 9 million ticketholders
  • 25,000 media personnel
  • 123 network broadcasters from around the world

All this while delivering 170,000 hours of video content and providing infrastructure for 5 billion TV viewers – up from 4 billion viewers for the London Olympics in 2012. In short, if this network were competing in the Olympics, it would break world records. However, simply providing the infrastructure wasn’t enough. Cisco also had to provide effective security.

 

 

Customer:
Rio Summer Olympics 2016
Size:
1,000+ Employees
Industry:
Sporting Event
Location:
Rio de Janeiro, Brazil  

 

"The challenge we faced at Rio 2016 was making memorable Games, and one crucial aspect was to provide uninterrupted connectivity to our athletes, guests, media, and critical systems, all while keeping everything secure,” said Marcelo Souza, Technology Systems General Manager of the Rio 2016 Organizing Committee for the Olympic Games. “We needed a vendor that could handle the traffic demands in a complex environment and deliver the security needed for such a monumental event."

Comparisons don’t come easy when we talk about a world stage event such as the Olympic Games. Securely connecting the Games required 60 tons of equipment and more than 60,000 hours of work. As the official networking and enterprise server supporter and supplier, Cisco deployed over 5,000 access points (a 400 percent increase from the London 2012 Games) and over 113,000 local area network (LAN) ports. Cisco also supplied 440 Cisco Unified Computing SystemTM (Cisco UCS®) servers, 480 vehicle routers, and 177 security devices. In addition, the Cisco network protected core activities such as accreditation, volunteers, sports entries and qualifications, and workforce management.

The network connected 183,044 unique devices of which 168,158 were wireless (92 percent of all devices). Cisco Identity Services Engine (ISE) and Cisco TrustSec technology were used to identify devices and segment accordingly. Any unrecognized device would connect to the guest network. Network traffic was extremely heavy – 2.144 petabytes of traffic over the course of the Games. To put that into perspective, it’s equivalent to 950,000 hours of HD video, which would take more than 110 years of nonstop streaming to watch.

At the network edge, Cisco Firepower Next-Generation Firewall and Next-Generation Intrusion Prevention System appliances prevented close to 7 million security events during the Games. On the network, millions of devices were monitored for anomalous activity through Cisco Stealthwatch®, and potentially vulnerable endpoints were identified and automatically segmented away from the rest of the network using Cisco ISE and Cisco TrustSec technology.

In a span of just 40 days, Cisco successfully secured and connected key networks that made the Olympic and Paralympic Games a resounding success. From London to Rio, to Tokyo and beyond, there has never been a better time to build an Olympic legacy.

Download PDF (688.26 KB)

The result was an amazing experience for everyone in Rio. Cisco provided us with the connectivity and security that allowed Rio 2016 to connect with the world.

Marcelo Souza, Technology Systems General Manager

Supreme Court of Virginia

Alexander's picture

Supreme Court of Virginia

Challenges

The business challenges that led the Supreme Court of Virginia to evaluate and ultimately select Cisco Stealthwatch: 

Uses Stealthwatch to gain visibility into the following:

  • Data centers
  • Access
  • Edge
  • Core
  • Mobile devices
  • Virtualized infrastructure
  • Cloud environments

Use Case

The key features and functionalities of Cisco Stealthwatch that the Supreme Court of Virginia uses:

Uses Stealthwatch for the following reasons:

  • Combat insider threats
  • Improve network performance
  • Proactively hunt for threats on the network

The Supreme Court of Virginia has integrated Stealthwatch with the Identity Services Engine (ISE).

Results

The surveyed organization achieved the following results with Cisco Stealthwatch:

Uses Stealthwatch for the following reasons:

  • Improve security efficacy
  • Reduce enterprise risk
  • Increase operational efficiency

Uses Stealthwatch to enable the following:

  • Detect threats faster
  • Secure more areas of the network
  • Illuminate blind spots in the network
  • Reduce mean time to dwell for threats on the network
  • Accelerate incident response

 Rates their experience with Stealthwatch's proposed benefits to be as follows:

  • Simple, easy to use: very strongly agree
  • Open, easy to integrate: very strongly agree
  • Automated, reduces manual work: very strongly agree
  • Effective, enhances security: very strongly agree
Download PDF (56.1 KB)

Ability to gain detailed visibility into all areas of our network. This has made a significant impact on our security posture and operational control.

Brad Johnson, Network & Security Architect, Supreme Court of Virginia

Toronto 2015 Pam Am Games

Alexander's picture

Toronto 2015 Pan Am Games - Cisco Systems Canada, Inc.

Challenges

  • Stealthwatch has helped improve the following:
    • Real-time threat detection
    • Incident response
    • Forensic investigations
    • Overall security posture
    • Network troubleshooting

Use Case 

  • Stealthwatch has helped with:
    • Insider threats
    • Malware/zero-day attacks
    • DDoS attacks
    • Network performance
    • Network segmentation
  • Is able to secure the following with Stealthwatch:
    • Virtual infrastructure/private clouds
    • The data center
    • A BYOD environment

Results

  • Reduced their network and security troubleshooting time by hours.
  • Stealthwatch System has helped their organization achieve the following:
    • Greater network visibility
    • Heightened threat intelligence
    • Enhanced visibility in the data center
    • Improved user identity awareness
    • Increased application awareness
    • More visibility into mobile devices
  • Found the following Stealthwatch capabilities to be the most beneficial:
    • Sophisticated security analytics/behavioral analysis
    • Context awareness (user, application, device data)
    • Flow stitching and deduplication
    • Detection of lateral movement (East-West Traffic)
  • Compared to other security vendors, Lancope is:
    • Effective at detecting attacks
    • Innovative
    • Supportive of its customers
  • Stealthwatch enables the company to:
    • Better manage security with limited staff/resources
    • Accelerate threat detection and mitigation
    • Speed up incident response
    • Reduce enterprise risk
    • Clearly report on organizational security to upper management

 

Stealthwatch works well with Cisco NetFlow to give holistic picture of the network. It allows us to group and build out profiles that reduce the amount of raw analysis making it practical for a very small security team to get a handle on what is happening on a large network.

Jeff Seifert, Distinguished Systems Engineer

Montefiore Medical Center

Alexander's picture

Montefiore Medical Center

Montefiore Medical Center Stealthwatch to combat insider threats, identify malware and APTs, conduct forensic investigations and proactively hunt for threats on the network.

Challenge

The business challenges that led Montefiore Medical Center to evaluate and ultimately select Cisco Stealthwatch: 

  • Data centers
  • Core
  • User data
  • Mobile devices
  • Application usage
  • Virtualized infrastructure
  • Cloud environments
  • IoT devices

Results

Montefiore Medical Center achieved the following results with Cisco Stealthwatch.

Uses Stealthwatch for the following reasons:

  • Improve security efficacy
  • Reduce enterprise risk
  • Protect intellectual property
  • Improve regulatory compliance

Uses Stealthwatch to enable the following:

  • Detect threats faster
  • Secure more areas of the network
  • Illuminate blind spots in the network
  • Accelerate incident response
  • Improve forensic investigations

Rates their experience with Stealthwatch's proposed benefits to be as follows:

  • Simple, easy to use: strongly agree
  • Open, easy to integrate: very strongly agree
  • Automated, reduces manual work: very strongly agree
  • Effective, enhances security: very strongly agree
Download PDF (55.9 KB)
Read Brief

Stealthwatch gives me a snapshot of what, how, and where the traffic on my network is doing.

Ali Chettih, Security Officer

Council Rock School District

Alexander's picture

Council Rock School District swiftly remediates threats with Lancope and Ziften

Challenge

After a student gained elevated privileges for a computer on its network, Pennsylvania’s Council Rock School District (CRSD) sought a solution for obtaining better network visibility across its 15 schools, 13,000 users and 5,000 endpoint devices. The solution would need to help the lean IT team detect both external attacks as well as the insider threats posed by its many curious students.

Solution

Lancope Stealthwatch System and Ziften

Results

With Lancope and Ziften, CRSD has obtained continuous visibility into its network and endpoint activity. Both internal and external attacks are rapidly identified and remediated, often within minutes. The school district is saving vast amounts of time on threat detection and incident response, and is also able to leverage the Lancope and Ziften tools for other critical efforts such as capacity planning.

 

 

Download PDF (118.87 KB)

Prior, I had no consolidated single view picture that provided, with a single click or two, the depth of information. I could get the depth, or the broad stroke, but not both. [Cisco Stealthwatch] provided me with the visibility I needed

Matthew Fredericton, IT Director

Grafisch Lyceum

Alexander's picture

Grafisch Lyceum Rotterdam

StealthWatch leverages sFlow to deliver end-to-end network visibility at 10G speeds for Grafisch Lyceum Rotterdam

Challenges

To increase visibility and traffic inspection, respect student privacy and keep costs down. The university was hampered by existing firewall technology and embedded IDS/IPS that could only inspect a portion of network traffic and did not provide visibility into GLR's high-speed internal and virtual network.

Solution: Cisco Stealthwatch

  • Management Console
  • Flow Collector
  • Flow Sensor
  • Cisco ISE

Benefits

Stealthwatch delivers:

  • visibility into GLR's Internet gateway traffic without requiring hardware upgrades
  • visibility across GLR's high speed internal and virtual network
  • faster time to resolution
  • automated mitigation
  • 75% cost savings compared to internal monitoring technologies
  • minimal administrative burden
Download PDF (276.39 KB)

[Stealthwatch Solution provides us with] the powerful combination of security with performance visibility, [also allowing] the ability to drill down into the actual flow(s) related to an incident.

Mark Pleunes, Engineer

Coppel

Alexander's picture

Coppel

Stealthwatch helps us to detect application response issues, data hording, identify strange behaviors between hosts and servers, servers to servers and hosts against hosts.

Cesar Felix, Coppel

Southern Company

Alexander's picture

Southern Company

The key features and functionalities of Cisco Stealthwatch that Southern Company uses are: identify malware and APTs, improve network performance, and proactively hunt for threats on the network.

Challenges

Southern Company deployed Cisco Stealthwatch to gain visibility into the following:

  • Data centers
  • Core
  • Virtualized infrastructure

Results

Southern Company achieved the following results with Cisco Stealthwatch:

  • Improve security efficacy
  • Reduce enterprise risk
  • Increase operational efficiency

Uses Stealthwatch to enable the following:

  • Detect threats faster
  • Illuminate blind spots in the network
  • Use the network as a sensor

Rates their experience with Stealthwatch's proposed benefits to be as follows:

  • Simple, easy to use: very strongly agree
  • Open, easy to integrate: very strongly agree
  • Automated, reduces manual work: agree
  • Effective, enhances security: very strongly agree
Download PDF (53.06 KB)

Stealthwatch out of the box gave us visibility into the network traffic and communications between end points that we previously could not see.

W. Kyle Allison, Operations Manager

Ivy Tech Community College of Indiana

Alexander's picture

Ivy Tech Community College Of Indiana

Stealthwatch's user interface makes it easy to investigate problems on the network

Challenges

Stealthwatch has helped improve the following:

  • Network baselining
  • Network segmentation
  • Real-time threat detection
  • Forensic investigations
  • Network troubleshooting

Use Case

Stealthwatch has helped with:

  • Insider threats
  • Network performance
  • Network segmentation

Is able to secure the following with Stealthwatch:

  • The data center
  • Areas of my network I could not see previously

Results

Reduced their network and security troubleshooting time by hours.

Stealthwatch System has helped their organization achieve the following:

  • Greater network visibility
  • Heightened threat intelligence
  • Increased application awareness

Found the following Stealthwatch capabilities to be the most beneficial:

  • Context awareness (user, application, device data)
  • Flow stitching and deduplication
  • Detection of lateral movement (East-West Traffic)

Compared to other security vendors, Lancope is:

  • Effective at detecting attacks
  • Innovative
  • Easy to use

Stealthwatch enables the company to:

  • Better manage security with limited staff/resources
  • Speed up incident response
  • Reduce enterprise risk
  • Foster cross-team collaboration within the IT department

Stealthwatch has given us insight into areas of our network that we previously did not have. It enables us to identify trouble spots earlier and respond in a timely manner. Prior to having Stealthwatch, identification of problems and forensic analysis took much more time to accomplish.

Ron Creviston, Senior IT Architect

ViaSat, Inc.

Alexander's picture

ViaSat, Inc.

Challenges

Solved the following operational challenges with Stealthwatch:

  • Reduced mean-time-to-know (MTTK) root cause of network or security incidents
  • Improved in network performance
  • Enhanced network security posture
  • Increased efficiency in the identification of security threats
  • Increased flow collection, monitoring and analysis

Use Case

Primarily uses Stealthwatch in the following ways:

  • Incident response
  • Network forensics
  • Network performance monitoring

Used Stealthwatch to detect or prevent the following security threats:

  • Network malware or virus
  • Suspicious user behavior
  • Network reconnaissance

Is doing the following with Stealthwatch deployment:

  • Monitoring a large, globally distributed network
  • Monitoring a centralized network with a large number of satellite or retail locations
  • Monitoring traffic within a data center, physical and virtual

Results

Chose Stealthwatch for the following capabilities:

  • Real-time flow monitoring capabilities
  • DDoS
  • Scalability
  • Application-aware network performance monitoring

Meets enterprise requirements by utilizing the following Stealthwatch benefits:

  • Scalability and flexibility
  • Real-time threat detection and correlation with user identity data
  • Improved incident response and threat management
  • Regulatory compliance
  • Enterprise-wide visibility into network activity
  • Forensic analysis

Reduced the time it took to mitigate a security incident by 25 percent to 49 percent by deploying Stealthwatch.

Rated the following Stealthwatch capabilities as compared to competing vendors:

  • Network Visibility: Much Better
  • Performance Monitoring: Much Better
  • Innovation: Much Better
  • Network Security: Better
  • Scalability: Better

[Stealthwatch is a] great way to see threats proactively.

Alex Kitthikoune, Network Administrator

University of Manchester

Alexander's picture

The University Of Manchester

Purchased Lancope because it is differentiated from competitive products.

Challenges

It is differentiated from competitive products in the following areas:

  • 1:1 Flows
  • Advanced behavioral detection
  • Flow analytics
  • Customer support

Use Case

Is currently using Stealthwatch for:

  • Network analysis & visibility
  • Network performance monitoring & diagnostics
  • Uses Stealthwatch with: VPN

Results

The following are the greatest benefits of the internal visibility provided by Stealthwatch:

  • Faster incident response
  • Forensics
  • Continuous internal monitoring

Ranks Lancope’s customer support as excellent.

Saves hours per incident for determining Mean-Time-To-Identify threats and Mean-Time-To-Know root cause using Stealthwatch.

Rated how critical Stealthwatch is for the following:

  • Accelerating incident response and forensics: extremely effective
  • Detecting insider threats / Suspicious behavior: extremely effective
  • Detecting malware / zero-day attacks: effective
  • Monitoring visibility: very critical
  • Improving security: very critical
  • Managing cyber security: very critical
  • Responding to cyber threats : critical

 

Stealthwatch provides an holistic view of our network rather than a specific link or part of the network. The rich functionality together with the superb customer support gives us an excellent tool for combating security issues on the network.

Tony Arnold, Security Manager

Salesforce

Alexander's picture

Salesforce

A one stop solution in mitigating any kind of attack vector across datacenter access.

Santosh Byahatti, Salesforce

Vesuvius

Alexander's picture

Vesuvius

Challenges

Solved the following operational challenges with Stealthwatch by Lancope:

  • Reduced mean-time-to-know (MTTK) root cause of network or security incidents
  • Improved in network performance and forensic analysis
  • Enhanced network security posture
  • Increased efficiency in the identification of security threats
  • Increased correlation of user identity and activity, flow collection and monitoring and analysis

Use Case

Primarily uses Stealthwatch by Lancope in the following ways:

  • Incident response
  • Network forensics
  • Security forensics
  • Network performance monitoring

Used Stealthwatch to detect or prevent the following security threats:

  • Network malware or virus
  • Suspicious user behavior
  • External hacking attempt

Is doing the following with Stealthwatch by Lancope deployment:

  • Monitoring a large, globally distributed network

Results

Chose Stealthwatch by Lancope for the following capabilities:

  • Behavior-based security monitoring
  • Real-time flow monitoring capabilities
  • DDoS
  • Scalability

Meets enterprise requirements by utilizing the following Stealthwatch by Lancope benefits:

  • Scalability and flexibility
  • Improved incident response and threat management
  • Enterprise-wide visibility into network activity

Rated the following Stealthwatch by Lancope capabilities as compared to competing vendors:

  • Network Security: Better
  • Scalability: Better
  • Network Visibility: Better
  • Innovation: Better

We are dependent on [Stealthwatch's] ‘Alarm and Target (Alarm Report by Type)’ for security analysis and detection.

Matthew Smith, IT Manager - Network and Security

Tatweer Buildings Company

Alexander's picture

Tatweer Buildings Company

After implementing Stealthwatch, the network visibility has improved a lot. Integrating Stealthwatch with Cisco ISE has helped us in identifying user access and also helped us to solve many other issues.

Mansoor Siddiqui, Tatweer Buildings Company

Qatar

Alexander's picture

Qatar

Faster detection of network anomalies, network threats, and faster learning of our network behaviour.

Igor Hitrec, Qatar

Elavon

Alexander's picture

Elavon Merchant Services

Elavon, the world's 4th largest payment processor, uses Stealthwatch and Identity Services Engine (ISE) to reduce dwell time and accelerate incident response by continuously monitoring their network to protect against malicious or anomalous activity. Discover how Elavon uses Stealthwatch to leverage the network (routers, switches, firewalls, etc.) as an early warning system and use ISE to shorten investigative time to the user. Stealthwatch is a dual purpose solution used for both security monitoring and network optimization.

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Cisco Stealthwatch:

  • Uses Stealthwatch to gain visibility into Edge
  • Uses Stealthwatch to gain visibility into Application usage

Use Case

The key features and functionalities of Cisco Stealthwatch that the surveyed company uses:

  • Improve network performance
  • Conduct forensic investigations
  • Proactively hunt for threats on the network
  • Prevent DDoS attacks
  • Enforce policy

Results

The surveyed company achieved the following results with Cisco Stealthwatch:



Uses Stealthwatch for the following reasons:

  • Improve security efficacy
  • Reduce enterprise risk
  • Improve regulatory compliance

Uses Stealthwatch to enable the following:

  • Detect threats faster
  • Reduce mean time to dwell for threats on the network
  • Accelerate incident response
  • Improve forensic investigations
  • Use the network as a sensor

Rates their experience with Stealthwatch's proposed benefits to be as follows:

  • Simple, easy to use: agree
  • Open, easy to integrate: agree
  • Automated, reduces manual work: agree
  • Effective, enhances security: strongly agree

StealthWatch has helped us increase the visibility of our network's edge points by 75% and it does a wonderful job in helping us to detect traffic anomalies in a few minutes. It has saved us lots of money, but more importantly, it helps us to maintain our priceless reputation as a very secure financial services company!

Paul Rodin, Senior IT Architect

Central Michigan University

Alexander's picture

Central Michigan University

Central Michigan University (CMU) is the fourth largest institution in Michigan and among the 100 largest public universities nationally with a total student enrollment of 27,357. With nearly 64,000 total user accounts and a campus supporting modern technology and state-of-the-art facilities, network security and performance are critical to CMU.

CMU's 100-percent Cisco network consists of 16,000 nodes, nearly 32,000 wired network ports and technology support for 19 remote locations. With 20,000 students supported on the main campus, more than 7,000 on-campus residents and 26 residence halls, CMU boasts "one port per pillow."

Challenge

CMU supports roughly 30,000 users and a campus supporting modern technology and state-of-the-art facilities making optimal network security and performance very critical. Each year the university experiences 125 percent increase in the number of mobile devices on its network. Network and security teams required greater visibility of internal and external traffic and a faster way to elevate security concerns from a vast number of flows. CMU also needed a solution to integrate with its Network Access Control system and replace its custom-built NetFlow analysis system, which mainly provides traffic summaries.

Solution

Cisco Stealthwatch

  • Management Console
  • Flow Collector
  • UDP Director

Results

CMU deployed Stealthwatch to:

  • Enhance visibility across its entire network
  • Leverage NetFlow to monitor its 100 percent Cisco network infrastructure using NetFlow
  • Improve security decision-making
  • Detect and mitigate external threats
  • Monitor and detect anomalies on internal hosts

Stealthwatch provides CMU with valuable decision making logic to help network and security teams make more informed decisions when presented with network anomalies.

Download PDF (255.35 KB)

[StealthWatch] allows us to gain internal network visibility... and easily audit our secure zones to ensure certain types of traffic are not leaving those networks.

Ryan Laus, Network Administrator

Cisco CSIRT

Alexander's picture

Cisco CSIRT

Challenges

  • High volume of global NetFlow (~16 Billion Flows Per Day)
  • IPv6 readiness

Solution

  • Deploy Stealthwatch: store more NetFlow for incident look-back, enhanced detection capabilities, IPv6 capable
  • Utilize the Stealthwatch feature set: syslog export of events, Host Group-based detection, API queries, Host Alarms

Results

  • Retain 90+ days of full NetFlow records
  • Provides unique interface for gaining insight into NetFlow and the information in contains
  • Automate NetFlow analysis

Lessons Learned

  • Require Full NetFlow for security
  • Tune Stealthwatch Alarms to trim false positives

Next Steps

  • Expand Stealthwatch hardware as network grows
  • Upgrade Stealthwatch to utilize new feature sets, including SLIC and Cisco ISE

 

Download PDF (260.38 KB)

One of the things we like about Stealthwatch is complete visibility into an event.

Mike Scheck, Cisco CSIRT Incident Response Manager

Stanford University School of Medicine

Alexander's picture

Stanford University

Improved forensic analysis and increased flow collection, monitoring and analysis.

Challenges

Solved the following operational challenges with Stealthwatch by Lancope:

  • Enhanced network security posture
  • Improved forensic analysis
  • Increased flow collection, monitoring and analysis

Use Case

Primarily uses Stealthwatch in the following ways:

  • Incident response
  • Network forensics
  • Security forensics

Used Stealthwatch to detect or prevent the following security threats:

  • Network malware or virus
  • Suspicious user behavior
  • External hacking attempt
  • Compromised host
  • Network reconnaissance

Is doing the following with Stealthwatch deployment:

  • Monitoring a centralized network with a large number of satellite or retail locations
  • Operating in a classified network with strictly controlled access to specific segments

Results

"[Lancope’s Stealthwatch] validates the fact that when a system is compromised/virused – we have the network information to back it up in the form of flows."
–Joe Zertuche, Security Officer, Stanford University

Chose Stealthwatch for the following capabilities:

  • Behavior-based security monitoring
  • Real-time flow monitoring capabilities
  • Internal visibility

Meets enterprise requirements by utilizing the following Stealthwatch benefits:

  • Real-time threat detection and correlation with user identity data
  • Enterprise-wide visibility into network activity
  • Deployment and support simplicity
  • Forensic analysis

Rated the following Stealthwatch capabilities as compared to competing vendors:

  • Network Security: Better
  • Performance Monitoring: Better
  • Scalability: Better
  • Network Visibility: Better
  • Innovation: Better

…I can immediately see who is misbehaving [on the network]. It is a great documented source for our incident reports.

Joe Zertuche, Information Security

United Auto Insurance Company

Alexander's picture

United Auto Insurance Company

UAIC primarily uses Stealthwatch for incident response, network forensics, security forensics, application performance monitoring, PCI compliance and network performance monitoring.

Challenges

UAIC solved the following operational challenges with Stealthwatch:

  • Reduced mean-time-to-know (MTTK) for root causes of network or security incidents
  • Improved in network performance, forensic analysis
  • Enhanced network security posture
  • Increased efficiency in the identification of security threats, correlation of user identity and activity, flow collection, monitoring and analysis
  • Enhanced compliance posture

Use Case

Primarily uses Stealthwatch in the following ways:

  • Incident response
  • Network forensics
  • Security forensics
  • Application performance monitoring
  • PCI compliance
  • Network performance monitoring

Used Stealthwatch to detect or prevent the following security threats:

  • Advanced persistent threats
  • Network malware or virus
  • Suspicious user behavior
  • External hacking attempt
  • Compromised host
  • Command and control traffic/ botnets
  • Network reconnaissance

Is doing the following with Stealthwatch deployment:

  • Operating in a classified network with strictly controlled access to specific segments
  • Monitoring traffic within a data center, physical and virtual

Results

Chose Stealthwatch for the following capabilities:

  • Behavior-based security monitoring
  • Real-time flow monitoring capabilities
  • Forensics
  • Advanced persistent threat (APT) detection
  • Auditing and compliance requirements
  • Identity awareness
  • Application-aware network performance monitoring

Selected Stealthwatch over the following vendors:

  • Arbor Networks
  • NetQoS / CA
  • Open source solution

Meets enterprise requirements by utilizing the following Stealthwatch benefits:

  • Scalability and flexibility
  • Real-time threat detection and correlation with user identity data
  • Improved incident response and threat management
  • Regulatory compliance
  • Enterprise-wide visibility into network activity
  • Deployment and support simplicity
  • Enterprise-wide user monitoring
  • Forensic analysis
  • Improved time to mitigation of a security incident by more than 75 percent by deploying Stealthwatch.

Rated the following Stealthwatch capabilities as compared to competing vendors:

  • Network Security: Much Better
  • Performance Monitoring: Much Better
  • Network Visibility: Better
  • Innovation: Better

[Lancope's] anomaly-based protection has been very instrumental in identifying both internal and external security threats.

M. Smith, Engineer

California Department of Education

Alexander's picture

California Dept. of Education

Reduced mean-time-to-know (MTTK) root cause of network or security incidents.

Challenges

Solved the following operational challenges with Stealthwatch by Lancope:

  • Reduced mean-time-to-know (MTTK) root cause of network or security incidents
  • Enhanced network security posture
  • Increased efficiency in the identification of security threats
  • Improved forensic analysis
  • Increased correlation of user identity and activity
  • Increased flow collection, monitoring and analysis

Use Case

Primarily uses Stealthwatch by Lancope in the following ways:

  • Incident response
  • Network forensics
  • Security forensics
  • Network performance monitoring

Used Stealthwatch to detect or prevent the following security threats:

  • Network malware or virus
  • Suspicious user behavior
  • External hacking attempt
  • Compromised host
  • Network reconnaissance
  • Is doing the following with Stealthwatch by Lancope deployment:Midsized LAN / and Small WAN

Results

"Going to Lancope has provided us with end-to-end visibility, and monitoring scalability once thought impossible for a reasonable price."
–Tom Wilcox, Network Administrator

Chose Stealthwatch for the following capabilities:

  • Behavior-based security monitoring
  • Real-time flow monitoring capabilities
  • Internal visibility
  • Forensics
  • Identity awareness
  • Application-aware network performance monitoring

Meets enterprise requirements by utilizing the following Stealthwatch benefits:

  • Scalability and flexibility
  • Real-time threat detection and correlation with user identity data
  • Improved incident response and threat management
  • Enterprise-wide visibility into network activity
  • Deployment and support simplicity
  • Enterprise-wide user monitoring
  • Forensic analysis

Reduced the time it took to mitigate a security incident by > 75 percent by deploying Stealthwatch.

Rated the following Stealthwatch capabilities as compared to competing vendors:

  • Network Security: Much Better
  • Scalability: Much Better
  • Innovation: Much Better
  • Performance Monitoring: Better

Knowing that if my manager asks for stats on a client-server connection or history of such a connection, I can go back and give him that information; it's also extremely helpful in providing our DBA's and Server team with such connection data / performance data as they plan their projects or iron out issues. 

Tom Wilcox, Network Administrator

McKee Foods

Alexander's picture

McKee Foods

McKee solved several operational challenges with Stealthwatch, including improving network performance, enhancing its network security posture, increasing efficiency in the identification of security threats, increased correlation of user identity and activity and increasing flow collection, monitoring and analysis.

Challenges

Solved the following operational challenges with Stealthwatch:

  • Improved in network performance
  • Enhanced network security posture
  • Increased efficiency in the identification of security threats
  • Increased correlation of user identity and activity
  • Increased flow collection, monitoring and analysis

Use Case

Primarily uses Stealthwatch in the following ways:

  • Network forensics
  • Security forensics
  • Application performance monitoring
  • Network performance monitoring

Used Stealthwatch to detect or prevent the following security threats:

  • Advanced persistent threats
  • Network malware or virus
  • Suspicious user behavior
  • External hacking attempt
  • Data loss/ exfiltration
  • Command and control traffic/ botnets
  • Network reconnaissance

Is doing the following with Stealthwatch deployment:

  • Monitoring a centralized network with a large number of satellite or retail locations
  • Monitoring traffic within a virtual environment
  • Monitoring traffic within a data center, physical and virtual

Results

Chose Stealthwatch for the following capabilities:

  • Behavior-based security monitoring
  • Real-time flow monitoring capabilities
  • Internal visibility
  • Forensics
  • Scalability

Selected Stealthwatch over the following vendors:

  • NetScout
  • In-house monitoring solution
  • Open source solution

Meets enterprise requirements by utilizing the following Stealthwatch benefits:

  • Scalability and flexibility
  • Improved incident response and threat management
  • Enterprise-wide visibility into network activity
  • Deployment and support simplicity
  • Enterprise-wide user monitoring
  • Forensic analysis

Reduced the time it took to mitigate a security incident by 50 percent to 74 percent by deploying Stealthwatch.

Rated the following Stealthwatch capabilities as compared to competing vendors:

  • Network Security: Much Better
  • Performance Monitoring: Much Better
  • Scalability: Much Better
  • Network Visibility: Much Better
  • Innovation: Better

We have used [Stealthwatch] to consolidate several tools including replacing our IDS system and reducing costs and time to locate network problems. It provides much greater visibility across our network of anomalies and problems than we have ever had.

Greg Sutherland, Sr. IT Manager

Erie Insurance

Alexander's picture

Erie Insurance

Erie insurance has integrated Stealthwatch with the Identity Services Engine (ISE). The key features and functionalities of Cisco Stealthwatch that the surveyed company uses: segment the network, combat insider threats, identify malware and APTs, improve network performance, conduct forensic investigations, proactively hunt for threats on the network, prevent DDoS attacks, enforce policy.

Challenges

The business challenges that led the Erie Insurance to evaluate and ultimately select Cisco Stealthwatch:

  • Data centers
  • Access
  • Edge
  • Core
  • User data
  • Mobile devices
  • Application usage
  • Virtualized infrastructure

Results

Erie Insurance achieved the following results with Cisco Stealthwatch:

  • Improve security efficacy
  • Reduce enterprise risk
  • Protect intellectual property
  • Increase operational efficiency
  • Improve regulatory compliance

Uses Stealthwatch to enable the following:

  • Detect threats faster
  • Illuminate blind spots in the network
  • Reduce mean time to dwell for threats on the network
  • Accelerate incident response
  • Improve forensic investigations
  • Use the network as a sensor

Rates their experience with Stealthwatch's proposed benefits to be as follows:

  • Simple, easy to use: strongly agree
  • Open, easy to integrate: very strongly agree

Of the integration into other technologies, the visibility, and insight into all areas of our network.

Jamison Budacki, Senior IT Architect

Logistics Manager

Alexander's picture

Logistics Manager

Logistics Manager uses Stealthwatch for the following reasons: segment the network, combat insider threats, and prevent ransomware attacks.

Challenges

Logistics Manager uses Stealthwatch to gain visibility into the following:

  • Data centers
  • Access
  • User data
  • Mobile devices
  • Application usage

Results

Logistics Manager achieved the following results with Cisco Stealthwatch:

  • Improve security efficacy
  • Reduce enterprise risk
  • Maintain a competitive advantage

Uses Stealthwatch to enable the following:

  • Detect threats faster
  • Illuminate blind spots in the network
  • Reduce mean time to dwell for threats on the network

Rates their experience with Stealthwatch's proposed benefits to be as follows:

  • Simple, easy to use: very strongly agree
  • Open, easy to integrate: very strongly agree
  • Automated, reduces manual work: very strongly agree
Download PDF (52.84 KB)

I love Stealthwatch because it helps to reduce risk and threats.

Greg Allen, Logistics Manager

Tembec

Alexander's picture

Tembec

[Lancope] provides greater visibility and the ability to zero in on the problem quickly. Ability to trace incidents back to source.

Ben Petroff, IT Manager, Tembec

Hodgson Russ LLP

Alexander's picture

Hodgson Russ LLP

The key features and functionalities of Cisco Stealthwatch that Hodgson Russ LLP uses are: identify malware and APTs and prevent ransomware attacks.

Challenges

The business challenges that led Hodgson Russ LLP to evaluate and ultimately select Cisco Stealthwatch:

  • Data centers
  • Access
  • Core
  • Mobile devices
  • Virtualized infrastructure

Results

Hodgson Russ LLP achieved the following results with Cisco Stealthwatch:

  • Reduce enterprise risk
  • Maintain a competitive advantage
  • Increase operational efficiency

Uses Stealthwatch to enable the following:

  • Detect threats faster
  • Secure more areas of the network
  • Illuminate blind spots in the network
  • Use the network as a sensor

Rates their experience with Stealthwatch's proposed benefits to be as follows:

  • Simple, easy to use: strongly agree
  • Open, easy to integrate: strongly agree
  • Automated, reduces manual work: strongly agree
  • Effective, enhances security: very strongly agree
Download PDF (54.78 KB)

I love Stealthwatch because it fills the void of identifying threats in the areas of the network we cannot see.

William Scott, Infrastructure Manager

Alpha Natural Resources

Alexander's picture

Alpha Natural Resources

We purchased Cisco due to a sense of urgency brought about by the results of an external penetration test. Our organization is relatively small, and the IT focus had been on everything but security for a while. Cisco immediately made clear its ROI due to the overwhelming visibility it provided to events that would likely had never been noticed had we not integrated Stealthwatch into our environment. It is hard to pick a favorite aspect at this juncture besides the Stealthwatch solution as a whole.

Andrew Chapman, Alpha Natural Resources

Wargaming

Alexander's picture

Wargaming

Learn how Wargaming uses Cisco Stealthwatch and ISE for improved security.

Executive Summary

Customer Name: Wargaming

Industry: Online gaming

Location: Global

Number of Employees: More than 4,000

 

Business Challenges

  • Needed to protect intellectual property and maintain a competitive advantage
  • Needed to secure a large, distributed global network
  • Lacked centralized visibility across the environment

 

Network Solution

  • Network visibility for advanced threat detection
  • Identity and device data for added security context
  • Improved access control and policy enforcement

 

Business Results

  • Dramatically improved incident investigations
  • Increased security team efficiency by saving time on incident analysis
  • Enhanced network performance by quickly remediating slowdowns
Download PDF (266.68 KB)

Our integrated security solution gives us greater visibility and control over our network. It facilitates faster, more thorough forensic investigations.

Vasily Yanov, IP Network Team Lead, Wargaming

Passaic County Technical Institute

Alexander's picture

Passaic County Technical Institute

Recently we were contacted by an organization informing us that a device at our institute was infected and scanning hosts on the Internet. Our endpoint protection product did not pick this up. Luckily, we had Stealthwatch. Using the time, date, and destination IP information they provided us, we were able to quickly find the infected host and remediate it. I’m not sure what we would have done without Stealthwatch.

Roberto D. Rubino, Passaic County Technical Institute

Experian

Alexander's picture

Experian

Challenges

Purchased Cisco because it is differentiated from competitive products in
the following areas:

  • 1:1 Flows
  • Advanced behavioral detection
  • Customer support
  • flow stitching and depth of information

Use Case

Is currently using Stealthwatch for:

  • Specialized threat analysis & protection
  • Network analysis & visibility
  • Advanced threat detection
  • Network performance monitoring & diagnostics

Uses Stealthwatch with:

  • SIEM
  • Firewalls
  • Full-packet capture system

Results

The following are the greatest benefits of the internal visibility provided by
Cisco Stealthwatch:

  • Earliest detection of advanced threats (APTs, malware, etc.)
  • Faster Incident response
  • Forensics
  • Monitors individual user activity & mobile devices
  • Continuous internal monitoring
  • Contextual & situational awareness


Agrees that Stealthwatch’s user/host-level information is critical for the
following:

  • Security
  • Forensics
  • Network troubleshooting

Rated Stealthwatch’s effectiveness in the following areas:

  • detecting DDoS: effective
  • accelerating incident response and forensics: extremely effective
  • detecting advanced persistent threats: effective
  • detecting insider threats / Suspicious behavior: extremely effective
  • detecting malware / zero-day attacks: extremely effective

Saves hours per incident for determining Mean-Time-To-Identify threats
and Mean-Time-To-Know root cause using Stealthwatch.


Rated how critical Cisco Stealthwatch is for the following:

  • Monitoring visibility: very critical
  • Improving security: Critical
  • Managing cyber security: Critical
  • Responding to cyber threats : very critical
Download PDF (55.63 KB)

Stealthwatch is a product that provides so much insight into what is really happening within your network, and gives the best blend of advance notice of problems combined with historic reporting using standard flow data. Couple this with outstanding support, sales, marketing, and active collaboration with customers and it’s a winning solution.

Steve Mould, Senior IT Architect