With broad customer and industry experience, the Lancope Professional Services team helps organizations optimize Stealthwatch deployments to meet specific business requirements, increase productivity and reduce risk. A unique combination of network and security skills enables the team to quickly and effectively implement Stealthwatch to meet the intense demands of today's advanced cyber threat environment.
The Cisco Security Stealthwatch Deployment Service allows network and security teams to closely align Stealthwatch with the overall security strategy and business objectives. The service will install and integrate Stealthwatch into your network infrastructure. The service provides for the initial configuration, tuning, and report configuration.
Customers will experience fast, error-free deployment, highly effective threat detection and maximum protection from a wide range of online attacks. They will also benefit from the unique opportunity to learn from Cisco Stealthwatch experts.
- Configuration of default Host Group structure
- Alarm tuning
- Dashboard, map and report configuration
- Implementation of desired alerting
- On-the-job instruction for technical staff
- A half-day knowledge transfer session on system operation and investigative workflows
For more information, read the Cisco Security Stealthwatch Deployment Service At-a-Glance.
Health Check and Tuning provides customers with the ability to have their Stealthwatch verified for proper operation and tuned to increase the fidelity of alarms for increased operational efficiency.
Lancope's Health Check and Tuning enables organizations to achieve increased operational efficiency and return on investment. Customers will benefit from high fidelity alarms, quicker response times and minimized corporate risk.
- Upgrade the Stealthwatch deployment as needed
- Review network architecture and flow collection design for maximum performance
- Review Host Group structure and recommend changes if necessary
- Tune alarms to increase fidelity
- Help configure dashboards, reports and maps
- Implement desired alerting
- Provide on-the-job instruction for technical staff
The Cisco Stealthwatch Host Group Automation Service gives customers a logical means of categorizing network assets for improved visibility and control. Through the Host Group Automation service, Cisco enables customers to automatically synchronize Host Groups with data from their authoritative IP address management system.
Optimize Stealthwatch performance and reduce operational overhead to lower operating costs while reducing errors, superfluous alerts, and job notifications. Automate host-group updating, which keeps Stealthwatch operating at maximum efficiency for optimal protection against wide-ranging threats.
For more information, read the Cisco Stealthwatch Host Group Automation Service At-a-Glance.
Use the Cisco Stealthwatch Proxy Integration Service to integrate virtually any web proxy with the Cisco Stealthwatch Flow Collector and extend network visibility between internal hosts, across proxy servers, and out to the public Internet and public web services. This end-to-end network visibility spans web proxies, and expands network protection, improves threat detection, and reduces your corporate risk with the granular visibility afforded by the integration service.
Obtaining insight into proxy sessions allows customers to improve threat detection and minimize corporate risk, while also enabling quick forensic investigations into command-and-control (C&C) communications across the proxy. It allows for immediate alerting of corporate use policy violations.
- Development of tailored integration strategy
- Installation of the proxy adapter on virtual or physical hosts
- Configuration of the adaptor and Stealthwatch components to enable ingest of NetFlow
- Assistance with configuration of the adapter for Syslog ingest
- Integration of up to four like proxies into Stealthwatch
For more information, read the Cisco Stealthwatch Proxy Integration Service At-a-Glance.
The Cisco Stealthwatch System Information Event Management Integration Service provides additional context around potential threats by combining alarm notification with flow data, so that customers can classify a threat and take appropriate action. By aggregating alarm notification with Cisco Stealthwatch flow data, the SIEM Integration Service can enable a quick, complete description of network traffic related to a suspicious IP address.
Customers will be able to see the full context of a potential threat, which will enable them to greatly reduce the Mean-Time-to-Know and Mean-Time-to-Respond to a security incident.
This service provides a high level of alarm fidelity. Key features include:
- Aggregation of flow data with alarm
- Alarm notification from any security system
- REST API for direct consumption of Stealthwatch data
For more information, read the Cisco Stealthwatch System Information Event Management Integration Service At-a-Glance.
The Cisco Stealthwatch Flow Collector 5020 appliance can handle up to 240,000 flows per second, making it the highest performing NetFlow collection system designed for large enterprise deployments. The Cisco Security Stealthwatch Deployment Service for the Flow Collector 5000 Series ensures that the Flow Collector 5020 is operating at maximum efficiency and that Stealthwatch is tuned to promote optimal system performance and alarm fidelity.
Cisco Security Stealthwatch Deployment Service for the Flow Collector 5000 Series enables organizations to achieve increased operational efficiency and return on investment.
- Installation and configuration of the Flow Collector 5020. We will:
- Review the network architecture and flow data collection design for effective operation
- Configure IP addresses for the Flow Collector 5020
- Ensure flow collection on the Flow Collector 5020
- Verification and tuning. We will:
- Verify flow data collection
- Verify correct license installation
- Stealthwatch system tuning. We will:
- Monitor flow data collection across the entire Stealthwatch system
- Balance flow data collection across all flow collectors, if needed
For more information, read the Cisco Security Stealthwatch Deployment Service for the Flow Collector 5000 Series At-a-Glance.
Our customers have access to the Lancope Customer Community, which provides access to training, along with the latest product documentation, knowledge base articles, forums and videos, plus the option to submit web-based support requests (cases). The Community also allows our customers to provide feedback to Lancope regarding ideas for product enhancements.