Lancope's Stealthwatch System Can Help Monitor For Advanced Threats

Continuously monitor for advanced threats

Lancope is now part of Cisco Learn MoreLancope Arrow About Cisco
Overview

Obtain comprehensive, scalable enterprise visibility and security context.

The Stealthwatch System leverages existing IT infrastructure to seamlessly monitor huge volumes of data for potential threats. The system delivers the pervasive visibility and security context needed to accurately baseline network behavior and pinpoint malicious activity. It is highly scalable to monitor and protect even the largest, most dynamic networks.

SteatlhWatch main dashboard showing monitoring tools

Gain real-time situational awareness of all users, devices and traffic on the network.

Stealthwatch provides in-depth security context for improved situational awareness. Added layers of visibility including application, device and user identity dramatically improve security, network troubleshooting and compliance.

Monitor lateral movement using the network as a sensor.

By turning the entire network into a sensor grid, Stealthwatch can monitor lateral movement inside the network not seen by other solutions. This is critical for pinpointing insider threats and tracking the spread of external attacks across the network.

 

 

Bandwidth Calculator

Leverage the calculator to get an idea of bandwidth consumed when enabling flow on your network.

The most popular follow format in production today, NetFlow v5 is available on a wide range of network equipment. Vendor support includes Cisco, Juniper (who refers to NetFlow v5 as “cflow”), and a variety of open source projects. NetFlow v5’s format is fixed but does provide a useful set of network conversation metadata that is useful in bandwidth bill-back, malware and DoS detection, and network troubleshooting of all types.

Average flow records per 1500 UDP packet: 30

NetFlow v7 is seen when using Cisco equipment such as the Catalyst 6500. NetFlow v7 is similar to NetFlow v5 but includes additional information required for processing flows from network equipment with multiple switching/routing engines (such as the MSFC/Sup2 combination found int eh Cat6k). Unfortunately, NetFlow v7 exports do not include TCP flag combinations and are often less useful for security analysis.

Average flow records per 1500 UDP packet: 28

NetFlow v9 is a flexible and extensible flow format that allows new fields and record types to be added to flow data as the network infrastructure matures. NetFlow v9 can be extended to include powerful information unavailable in NetFlow v1, v5, or v7. NetFlow v9 will eventually replace v5 altogether as the standard flow format used within the network. This calculator option assumes the user is using the default “traditional” NetFlow v9 format found in most IOS-based Cisco devices.

Average flow records per 1500 UDP packet: 34

Packeteer-2 flows originate from Packeteer WAN optimization and traffic policing network appliances. Packeteer-2 includes the same basic information found in NetFlow v5 with the addition of extra application identifier fields that describe the network traffic based on payload rather than the layer-4 port number.

Average flow records per 1500 UDP packet: 22

Lv9 IPv4 is Lancope’s own NetFlow V9 export format used within the StealthWatch FlowSensor technology for IPv4 flows. Lv9 includes all the information found in traditional NetFlow v9 plus additional Lancope vendor specific non-key fields such as separate counters for TCP fields and the “socket initiator” field used for security-focused analysis of network.

Average flow records per 1500 byte UDP: 30

Lv9-IPv6 is Lancope’s own NetFlow v9 export format used within the StealthWatch FlowSensor technology for IPv6 flows. Lv9 includes all the information found in traditional NetFlow v9 plus additional Lancope vendor specific non-key fields such as separate counters for TCP fields and the “socket initiator” field used for security-focused analysis of network flows.

Average flow records per 1500 byte UDP: 30

+Open Description

Use the slider to change the number of records exported per second:

6
9,000
61.52Kbps
Testimonial

Stealthwatch System is a product that provides so much insight into what is really happening within your network, and gives the best blend of advance notice of problems combined with historic reporting using standard flow data.

Steve Mould,Experian
Related products