The service provider industry must be vigilant in protecting its networks from online attackers due to the key role it plays in critical infrastructure and the number of businesses and individuals that depend upon it every day. Service providers must diligently protect their customers from distributed denial-of-service (DDoS) attacks, performance issues and malware originating from external attackers or other customers’ networks.
Because they transmit large volumes of data to and from thousands of other organizations and users, service provider networks must remain open in order to conduct business – essentially, the network is their business. Due to this intricately connected architecture, conventional perimeter defenses such as firewalls are of little use. And due to the massive amount of traffic flowing through service provider networks, probe-based monitoring solutions cannot feasibly or cost-effectively scale to protect them.
Instead, service providers require next-generation solutions that provide a faster, more holistic view of everything that is happening across the network to safeguard both the internal environment and customer networks. As service provider bandwidth needs continue to grow – from 10 Gbps to 40, 80 and even 120 Gbps – the only viable solution for obtaining comprehensive visibility across their networks is flow-based monitoring.
Through massively scalable network visibility and security context, Lancope's Stealthwatch System provides the in-depth network insight needed to protect and preserve the integrity and availabiliy of service provider networks. NAT support provides even more security and reliability by explicitly defining the source IP address responsible for network congestion or anomalous traffic. High-speed NAT logging is especially crucial now that service providers are considering using carrier-grade NAT (CGN), also known as large-scale NAT (LSN), which allows for literally thousands of users to share a single IP address and makes it easy for bad actors to hide behind NAT.
The Stealthwatch System can also consume NAT information from the Cisco ASR 1000 separately from other flow records. This feature is especially beneficial for ISPs that need to capture just the NAT information from flow records in order to comply with the Communications Assistance for Law Enforcement Act (CALEA).
- Achieve comprehensive, end-to-end visibility and protection from core to edge
- Protect customer networks from damaging DDoS attacks
- Detect anomalous behavior down to the exact customers and applications causing it
- Quickly prevent security problems such as botnets and advanced persistent threats (APTs) from infiltrating customer networks
- Generate and analyze flow data from areas of the network that do not inherently support it, eliminating dangerous network blind spots
- Improve network availability and performance by identifying top bandwidth users
- Accurately measure and bill back customers based on bandwidth usage
- Scale and extend monitoring to next-generation environments including high-speed, cloud and IPv6
- Support other efforts including forensic investigations, capacity planning and regulatory compliance
- Differentiate offerings through managed services supported by industry-leading network monitoring