Detect advanced threats and respond to them faster by achieving additional visibility and context from records within proxy devices.
Traditionally, proxy servers create a blind spot on the network by associating security events with a proxy address versus the actual address causing the issue. The conversations on either side of the proxy are not connected with each other and look like separate conversations. With the Stealthwatch Proxy License, organizations can see the translated address associated with the other side of a proxy conversation for more accurate troubleshooting, advanced threat detection, incident response and forensics.
Incorporating context data into the flow records provides more intelligence and allows users to prioritize what systems in their network they should investigate first. The Proxy License provides additional network visibility and threat detection capability by:
- Increasing visibility for the Stealthwatch System by monitoring network conversations that pass through web proxies.
- Providing context data to the Stealthwatch System to increase the accuracy of security events and alarms.
- Adding context to security events, allowing for quicker and more precise investigations and response.
The Proxy License component of Stealthwatch ingests proxy records and associates them with flow records, delivering the original user, application and URL information for each flow. This increases contextual awareness and enhances organizations’ ability to effectively pinpoint the source of threats and expedite Mean Time to Know (MTTK).
Administrators can see exactly who within their organization went to a specific web site, and can also evaluate the URL data against Lancope’s Stealthwatch® Labs Intelligence Center (SLIC) Threat Feed for yet another layer of protection. This additional visibility and context provided by the Proxy License allows Stealthwatch users to detect threats quicker and respond appropriately regardless of whether the traffic passed through a proxy.