Lancope is now part of Cisco Learn More About Cisco
Monitor Lateral Movement Using The Network As A Sensor

StealthWatch FlowSensor

Overview

Identify the applications in use throughout your network for improved network and security troubleshooting. Obtain valuable visibility into virtualized infrastructure.

The StealthWatch FlowSensor uses a combination of deep packet inspection (DPI) and behavioral analysis to identify applications and protocols in use across the network – no matter if they are plain text or use advanced encryption and obfuscation techniques. It also gathers packet-level performance statistics at a fraction of the cost of traditional probe-based devices, playing a key role in troubleshooting both security incidents and application performance problems. Additionally, the FlowSensor VE (Virtual Edition) enables operators to see the same detailed traffic statistics for their virtual networks as they can for their physical environments, eliminating dangerous network blind spots.   

StealthWatch FlowSensor screenshot

Application Performance Monitoring

Providing true Layer 7 application visibility, the FlowSensor gathers application information, along with packet-level performance statistics, to provide valuable security context for troubleshooting a wide range of issues. The FlowSensor recognizes more than 900 application variants and their classifications, including business-critical, peer-to-peer, social media and mobile applications, just to name a few. This advanced insight is invaluable for determining whether an issue stems from an application, the network itself, or from a security incident. Lancope also provides URL information in flow records generated by the FlowSensor. Previously unavailable from most flow sources, URL data enables administrators to see exactly which web sites users are going to, as well as the file path, to more easily identify which applications are causing performance or security problems. 

Virtual Visibility

Because virtual-machine-to-virtual-machine (VM2VM) communications inside a physical server cannot be monitored by traditional network and security devices, this lack of visibility complicates problem identification and resolution. For virtual environments with limited system resources, the FlowSensor VE (Virtual Edition) enables operators to see the same detailed traffic statistics for their virtual networks as they can for their physical environments, effectively eliminating the blind spots associated with virtualized infrastructure. Deployed on a VMware ESX host, the StealthWatch FlowSensor VE captures vital traffic statistics to address multiple virtualization challenges, including gaining virtual network topological and location awareness, securing virtual networks, demonstrating compliance, controlling VM sprawl and tracking virtual machines when they are moved via VMware VMotion. 

 

  FS 1010* FS 2010* FS 3010* FS 4000*
Communications
 
Throughput
(512 byte)
1.0 Gbps
(512 Byte Packets)
400 Mbps
(64 Byte Packets)
2.5 Gbps
(512 Byte Packets)
800 Mbps
(64 Byte Packets)
5.0 Gbps
(512 Byte Packets)
1.2 Gbps
(64 Byte Packets)
20.0 Gbps
(512 Byte Packets)
4 Gbps
(64 Byte Packets)
Throughput
(64 byte)
400 Mbps 800 Mbps 1.2 Gbps 4.0 Gbps
Interfaces
Management Port 1 Cu; 10/100/1000
Monitor Port 3 Cu; 10/100/1000 5; 1 GB; 5 copper, or 3 copper and 2 fiber optic (Rated to monitor 2.5 Gbps) 2; 10 GB; fiber optic (Rated to monitor 5 Gbps total) 4; 10 GB; fiber optic (Rated to monitor 20 Gbps total)
Console Port Serial, KVM *
Physical
Hardware Platform R220 R630
Hardware Generation 12G  13G
Form Factor 1U Rack (Stackable)
Height 1.67 in (4.24 cm) 1.68 in (4.3 cm)
Width 17.09 in (43.4 cm)

18.99 in (48.24 cm) With rack latches / 17.08 in (43.4 cm) Without rack latches

Depth 15.5 (39.37 cm ) 29.25 in (74.3 cm)
Weight 35 lb (15.4 kg) 41 lbs (18.6 kg) maximum configuration
Rails 1U-2 Post /4 Post Static
Rails, Short
1U, Stackable Sliding Ready Rails
Storage 500 GB Non-Redundant 300 GB (RAID-1 Redundant)
Environmental
Power Single; 250 W (Nonredundant) Redundant 750 W AC, 50/60 Hz; Auto Ranging (100V to 240V)
Heat Dissipation 1040 BTUs per hour 2891 BTU per hour maximum
Temperature

Operating:
10° to 35° C
(50° to 95° F)
Storage:
-40° to 65° C
(-40° to 149° F)

Operating: 10° to 35° C (50° to 95° F) with a maximum gradation of 10° C (50° F) per hour
Note: For altitudes above 2,950 feet, the maximum operating temperature is derated
-17° C (1° F) per 550 feet
Storage: -40° to 65° C (-40° to 149° F) with a maximum gradation of 20° C (68° F) per hour
Relative Humidity Operating: 10% to 80% (non-condensing) with maximum gradation of 10% per hour
Storage: 5% to 95% (non-condensing)
Regulatory Compliance
Please call for a complete list CE Emissions
FCC Class A
RoHS
• FCC (U.S only) Class A
• DOC (Canada) Class A
• VCCI Class A
• UL 1950
• CSA 950
• CE Mark (EN 55022 Class A, EN 55024, EN 61000-3-2, EN 61000-3-3, EN 60950)
*Specs for StealthWatch v6.5
**Supports direct keyboard and monitor for configuration.

 

 Minimum Disk Space Requirements Hypervisors Supported:
VMware ESXi
Minimum Memory Requirements Minimum CPU Requirements
1.4 GB v4.x or v5.x 512 MB 2 GHz