Extend the protection of Stealthwatch to the cloud.
Many organizations are utilizing cloud computing for improved agility, scalability, and cost savings, and the public cloud market is expected to grow to a $191-billion industry by 2020, according to Forrester Research. Despite this popularity, cloud environments present a variety of security challenges, including:
- Decreased visibility
- New attack vectors
- A lack of intra-cloud security
With the Cloud License, Stealthwatch users can extend network visibility, advanced threat detection, and real-time situational awareness to public, private, and hybrid cloud environments.
The Cloud License is a virtual add-on to Stealthwatch that allows users to collect telemetry from the cloud just as they would from a traditional network. This data is then processed and analyzed by Stealthwatch to:
- Extend visibility into traffic within or involving public, private, or hybrid clouds
- Detect and alert on suspicious activity or attacks that involve the cloud
- Build a network audit trail for incident response and forensic investigations
- Secure the cloud regardless of underlying virtualization technology
The Cloud License deploys a lightweight agent in each of the organization’s cloud servers. This software agent monitors traffic and exports NetFlow information to the Stealthwatch Cloud Concentrator, a virtual appliance that collects telemetry from the various agents and sends it to a Flow Collector or UDP Director.
Stealthwatch then processes the data, analyzes it for signs of malicious activity, and incorporates it into the historic network audit trail. In other words, the cloud data undergoes the same scrutiny as NetFlow from the physical network, providing continuous detection and response capabilities to the entire network.