Network Behavior Analysis


Lancope StealthWatch

With more applications processing private customer data and mission-critical business information, infrastructure and security risks continue to rise. This is exacerbated by the increasing number of trusted users, the expanding array of malware, and the growing insider threat.
                                 http://www.thirdi.net/

Lancope`s StealthWatch system provides a "single pane of glass" for both security and network operations and uniquely addresses the following business needs: 


  • Proactively detect threats from network problems, security incidents and user behaviours
  • Reduce man-hours spent diagnosing and responding to network and security incidents
  • Resolve network and security problems before major business impact is suffered
  • Generate reports needed for compliance and IT executives 


Figure: StealthWatch Architecture

http://www.thirdi.net/


What the Analysts are Saying:

Gartner Group

"Network behaviour analysis provides visibility into network activity to satisfy both security and network operations requirements"

"About 80% of organizations report they justify and purchase NBA tools for security reasons, but many seasoned users report they derive 80% of the value in a network operations context."

"By year-end 2007, 25 percent of large enterprises will employ NBA as part of their network security strategy (0.8 probability)"

Yankee Group

"Lancope has emerged as the clear market leader in Network Behaviour Analysis"

"StealthWatch monitors all connected devices within an enterprise`s internal network, delivering end-to-end visibility. Armed with this deeper insight, network teams gain the ability to efficiently manage complex networks without requiring significant amounts of additional hardware and software."


Key Benefits


Detect Unknown and Known Attacks in High-Speed Networks without Signatures


StealthWatch dynamically detects deviations from normal behaviour, as defined through automatically tuned traffic and host profile baselines. This enables rapid identification of hour-zero attacks as well as known threats without the burden of maintaining signatures or requiring prior knowledge of attacks. StealthWatch uses behavioural analysis which excels at detecting worms, Trojans and Denial of Service (DoS) attacks, including low and slow reconnaissance and distributed scanning. Encryption, obfuscation and other traditional IDS evasion techniques do not impact its ability to detect and prioritise attacks. Operating at gigabit speeds, StealthWatch is particularly effective at securing comprehensively the internal network as well as the perimeter.


Remediate Misconfigurations, Enforce Policy and Optimise Network Utilisation


StealthWatch reaches beyond attack detection to proactively eliminate infrastructure and user risks and pinpoint inefficient network utilisation. By identifying unauthorised applications and devices, nonessential network services and malfunctioning or misconfigured network devices, StealthWatch provides effective security and network operations, while minimising legal and financial risks to your organisation. Early detection and remediation of security policy violations can prevent attackers from taking advantage of vulnerabilities. Regardless of obfuscation techniques, StealthWatch identifies popular peer-to-peer file sharing applications that introduce new vulnerabilities, consume significant bandwidth and create substantial liabilities.


Gathering a timely and complete picture of services on each host is critical, but nearly impossible to do manually. Traditional network scanning tools are laborious and capture only a static picture while host-based systems are expensive to deploy and maintain. With StealthWatch`s behavioural base-lining, administrators can easily view the services running on the network to determine which are appropriate and in profile. This illumination of your network efficiently and cost-effectively provides a baseline from which to establish, audit and enforce network usage policies as well as remediate network vulnerabilities. 


Visit  www.lancope.com for detailed product information and whitepapers