Lancope is now part of Cisco Learn MoreLancope Arrow About Cisco
Monitor Lateral Movement Using The Network As A Sensor

Stealthwatch FlowSensor

Overview

Identify the applications in use throughout your network for improved network and security troubleshooting. Obtain valuable visibility into virtualized infrastructure.

The Stealthwatch FlowSensor uses a combination of deep packet inspection (DPI) and behavioral analysis to identify applications and protocols in use across the network – no matter if they are plain text or use advanced encryption and obfuscation techniques. It also gathers packet-level performance statistics at a fraction of the cost of traditional probe-based devices, playing a key role in troubleshooting both security incidents and application performance problems. Additionally, the FlowSensor VE (Virtual Edition) enables operators to see the same detailed traffic statistics for their virtual networks as they can for their physical environments, eliminating dangerous network blind spots.   

StealthWatch FlowSensor screenshot

Application Performance Monitoring

Providing true Layer 7 application visibility, the FlowSensor gathers application information, along with packet-level performance statistics, to provide valuable security context for troubleshooting a wide range of issues. The FlowSensor recognizes more than 900 application variants and their classifications, including business-critical, peer-to-peer, social media and mobile applications, just to name a few. This advanced insight is invaluable for determining whether an issue stems from an application, the network itself, or from a security incident. Lancope also provides URL information in flow records generated by the FlowSensor. Previously unavailable from most flow sources, URL data enables administrators to see exactly which web sites users are going to, as well as the file path, to more easily identify which applications are causing performance or security problems. 

Virtual Visibility

Because virtual-machine-to-virtual-machine (VM2VM) communications inside a physical server cannot be monitored by traditional network and security devices, this lack of visibility complicates problem identification and resolution. For virtual environments with limited system resources, the FlowSensor VE (Virtual Edition) enables operators to see the same detailed traffic statistics for their virtual networks as they can for their physical environments, effectively eliminating the blind spots associated with virtualized infrastructure. Deployed on a VMware ESX host, the Stealthwatch FlowSensor VE captures vital traffic statistics to address multiple virtualization challenges, including gaining virtual network topological and location awareness, securing virtual networks, demonstrating compliance, controlling VM sprawl and tracking virtual machines when they are moved via VMware VMotion.