Collect and analyze massive amounts of network data to obtain comprehensive visibility for early threat detection.
The Stealthwatch FlowCollector collects and analyzes vast amounts of valuable data from existing network infrastructure to provide a complete, cost-effective picture of everything happening in an enterprise environment. Sophisticated behavioral analytics and advanced security context enable early detection and enhanced protection for a wide range of threats including APTs, insider threats, DDoS and zero-day malware. The FlowCollector uses flow-based anomaly detection to zoom in on any unusual behavior and immediately sends an alarm with actionable intelligence that allows personnel to take quick, decisive steps to mitigate any issues. Operators can use the Stealthwatch System’s unique drill-down features to identify and isolate the root cause within seconds, enhancing operational efficiency, decreasing costs and dramatically reducing the time from problem onset to resolution. Visit our FPS calculator or bandwidth calculator.
Leverages Existing Infrastructure for Comprehensive, Cost-Effective Visibility
By drawing upon NetFlow, IPFIX and other types of flow data from existing infrastructure, the FlowCollector provides a cost-effective means of achieving comprehensive, end-to-end visibility across the entire enterprise network. Vast amounts of data are collected and analyzed from routers, switches, firewalls and other network infrastructure devices to provide a complete picture of network activity. No additional hardware, sensor technology, inline device or software agent is required. Essentially, the network is your sensor, detecting and alerting on anomalous behavior 24/7. Stitched, duplicated, 1:1 flows further streamline network and security monitoring. In addition to detecting threats in real time, the Stealthwatch FlowCollector can store months or even years of data, creating a complete audit trail that can be used to improve forensic investigations and compliance initiatives.
“[Stealthwatch] has the ability to drill down into information from a single console.”
Detects Lateral Movement Not Seen by Other Technologies
While most security technologies focus on "bad" communications going to and from their network to the outside, the Stealthwatch System protects the network from the inside out, also detecting suspicious communications within the network itself. This monitoring of lateral, east-west traffic is critical for identifying insider threats, as well as tracking the spread of external attacks throughout the network to determine who has been infected.
Provides Massive Scalability for Large, High-Speed Environments
A FlowCollector exists for any organization to monitor and protect every part of the network that is IP-reachable, regardless of size. With unmatched scalability, a single FlowCollector can store and analyze data from as many as 4,000 flow sources at up to 240,000 flows per second (fps). When fully scaled, the Stealthwatch System can process data from as many as 50.000 flow sources at up to 6 million fps. Easy upgrade paths enable an organization to start small and expand the system as capacity needs change over time. The FlowCollector Virtual Edition (VE) is designed to perform the same function as the appliance editions, but in a VMware environment. The FlowCollector VE also scales dynamically according to the resources allocated to it.