Stanford University

Improved forensic analysis and increased flow collection, monitoring and analysis.


Solved the following operational challenges with Stealthwatch by Lancope:

  • Enhanced network security posture
  • Improved forensic analysis
  • Increased flow collection, monitoring and analysis

Use Case

Primarily uses Stealthwatch in the following ways:

  • Incident response
  • Network forensics
  • Security forensics

Used Stealthwatch to detect or prevent the following security threats:

  • Network malware or virus
  • Suspicious user behavior
  • External hacking attempt
  • Compromised host
  • Network reconnaissance

Is doing the following with Stealthwatch deployment:

  • Monitoring a centralized network with a large number of satellite or retail locations
  • Operating in a classified network with strictly controlled access to specific segments


"[Lancope’s Stealthwatch] validates the fact that when a system is compromised/virused – we have the network information to back it up in the form of flows."
–Joe Zertuche, Security Officer, Stanford University

Chose Stealthwatch for the following capabilities:

  • Behavior-based security monitoring
  • Real-time flow monitoring capabilities
  • Internal visibility

Meets enterprise requirements by utilizing the following Stealthwatch benefits:

  • Real-time threat detection and correlation with user identity data
  • Enterprise-wide visibility into network activity
  • Deployment and support simplicity
  • Forensic analysis

Rated the following Stealthwatch capabilities as compared to competing vendors:

  • Network Security: Better
  • Performance Monitoring: Better
  • Scalability: Better
  • Network Visibility: Better
  • Innovation: Better

…I can immediately see who is misbehaving [on the network]. It is a great documented source for our incident reports.

Joe Zertuche, Information Security