STEALTHWATCH MANAGEMENT CONSOLE



Similar documents
STEALTHWATCH MANAGEMENT CONSOLE

Network Performance + Security Monitoring

Using Lancope StealthWatch for Information Security Monitoring

Cisco Cyber Threat Defense - Visibility and Network Prevention

REVOLUTIONIZE THE WAY YOU VIEW YOUR NETWORK GAIN A UNIFIED VIEW OF SECURITY AND NETWORK OPERATIONS ACROSS PHYSICAL AND VIRTUAL NETWORKS

Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats

QRadar SIEM and FireEye MPS Integration

QRadar Security Intelligence Platform Appliances

Cisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

Cisco IPS 4200 Series Sensors

with NetFlow Technology Adam Powers Chief Technology Officer

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

How To Make A Network Safer With Stealthwatch

Overview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A

RAVEN, Network Security and Health for the Enterprise

Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module

Symantec Advanced Threat Protection: Network

FlowMon. Complete solution for network monitoring and security. INVEA-TECH

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Security Information & Event Manager (SIEM)

Security Information & Event Manager (SIEM)

How To Manage Sourcefire From A Command Console

SECURITY ANALYTICS AND MORE Putting together an effective Incident Response plan

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Secure Cloud-Ready Data Centers Juniper Networks

IBM QRadar Security Intelligence Platform appliances

IBM SECURITY QRADAR INCIDENT FORENSICS

Unified Security, ATP and more

Maximize Network Visibility with NetFlow Technology. Andy Wilson Senior Systems Engineer Lancope

Delivers fast, accurate data about security threats:

Cisco WAE Deployed with Cisco ACNS: Product Function Matrix. Two 10/100/1000BASE-T. Two 10/100/1000BASE- T

Extreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection

Observer Probe Family

Observer Probe Family

Unified network traffic monitoring for physical and VMware environments

Extreme Networks Security Analytics G2 Risk Manager

Clavister InSight TM. Protecting Values

Network Management and Monitoring Software

SANS Top 20 Critical Controls for Effective Cyber Defense

Xirrus Management System

How To Manage Security On A Networked Computer System

Cyb T er h Threat D f e ense S l o uti tion Moritz Wenz, Lancope 1

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

Cisco SR 520-T1 Secure Router

Cisco Performance Visibility Manager 1.0.1

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Cisco Intrusion Detection System Services Module (IDSM-2)

Cisco ASA 5500 Series IPS Solution

Extreme Networks Security Analytics G2 Vulnerability Manager

IBM Security Intelligence Strategy

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

QRadar Security Management Appliances

Network Performance Management Solutions Architecture

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Concierge SIEM Reporting Overview

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Enabling Security Operations with RSA envision. August, 2009

Dell SonicWALL report portfolio

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

The SIEM Evaluator s Guide

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Best Practices for NetFlow/IPFIX Analysis and Reporting

IBM Security Network Protection

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

IBM Security QRadar Risk Manager

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

IBM Security QRadar Risk Manager

5View NetFlow Powerful Real-time Application Flow Monitoring and Analysis

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Best Practices for Building a Security Operations Center

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

End-user Security Analytics Strengthens Protection with ArcSight

Network Instruments white paper

Open Source Software for Cyber Operations:

End Your Data Center Logging Chaos with VMware vcenter Log Insight

WHITE PAPER WHAT HAPPENED?

The Value of QRadar QFlow and QRadar VFlow for Security Intelligence

INFRASTRUCTURE MONITORING:

The Critical Role of Netflow/IPFIX Telemetry in the Next- Generation Network Security Infrastructure

Panorama PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.

When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs

McAfee Network Security Platform A uniquely intelligent approach to network security

Cisco IPS 4200 Series Sensors

Cisco IOS Flexible NetFlow Technology

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

The Purview Solution Integration With Splunk

Purview. Product Overview NETWORK-POWERED APPLICATION ANALYTICS AND OPTIMIZATION DATA SHEET PURVIEW HIGHLIGHTS

Intel Security Certified Product Specialist Security Information Event Management (SIEM)

IBM Security QRadar QFlow Collector appliances for security intelligence

Vulnerability Management

Transcription:

STEALTHWATCH MANAGEMENT CONSOLE The System by Lancope is a leading solution for network visibility and security intelligence across physical and virtual environments. With the System, network operations and security teams obtain actionable insight into who is using the network, what applications and services are in use and how well they are performing. The System delivers total, unified network visibility from a single, integrated platform to improve threat detection and incident response while increasing network availability and reducing enterprise risk. The Management Console (SMC) provides the single vantage point for disparate IT groups to see contextual information about all activity across the network and to investigate accordingly. It is available as either a physical or virtual appliance. Solve Issues in Minutes, Not Days with Pervasive Network Visibility With the SMC, gone are the days when different IT departments spent hours and even days trying to isolate the root cause of an issue before finally being able to deploy the appropriate personnel to take corrective action. By simply glancing at the SMC s user-friendly graphical interface, operators can immediately spot and zoom in on any unusual behavior. Using the SMC s unique drilldown features, IT personnel can go from identifying the issue to isolating the root cause within minutes, identifying affected applications and users along the way, thereby reducing Mean Time To Know (MTTK), enhancing operational efficiency and decreasing costs. Administrators can rapidly detect and prioritize security threats, pinpoint network misuse and suboptimal performance and manage event response across the enterprise all from a single control center. Armed with The SMC is a centralized control center with customizable views and powerful drill-down capabilities. graphical representations of network traffic, customized summary reports and integrated security and network intelligence, operators can easily identify internal and external attacks, network exposures and policy violations. The SMC also enhances network management through trend analysis, firewall and capacity planning, and performance monitoring. Visualize and Troubleshoot APTs, Malware and Insider Threats The SMC empowers the security team to proactively identify threats on the network that could lead to data breaches or performance issues. From worms, viruses and other malware to targeted attacks, DDoS, insider threats and APTs, the System provides the in-depth visibility and security context needed to thwart evolving threats. The System quickly zooms in on any unusual behavior, immediately sending an alarm to the SMC with the contextual information necessary for security personnel to take quick, decisive action to mitigate any potential damage. 1

By collecting, analyzing and storing large amounts of NetFlow, IPFIX and other types of flow data for extended periods of time, the System also provides a full audit trail of all network transactions for more effective forensic investigations. Comprehensive network intelligence eliminates the time-consuming and resourceintensive manual investigation associated with other solutions. Gain More Insight into Evolving Threats with the New SLIC Threat Feed The Labs Intelligence Center (SLIC) is Lancope s research initiative through which global intelligence on the Internet s top threats is delivered to customers and the public. Lancope s research group, Labs, conducts both in-house research and taps into a broad community of third-party experts and partners to aggregate emerging threat information from around the world. Through the SLIC Threat Feed, Lancope correlates real-time intelligence on global threats with suspicious network activity to alert on hosts infected with advanced malware, including botnet activity. The SMC s sophisticated flow visualization enables operators to immediately understand attack activity, propagation and impact, quickly identifying points of entry to expedite incident response and fortify defenses. Continuously monitoring customer networks for thousands of known command-and-control servers, the threat feed further enhances Lancope s early threat detection capabilities, preventing cyber-attacks from wreaking havoc on corporate and government networks. Accelerate Problem Resolution with Customizable Relational Flow Mapping With real-time, customizable relational flow maps, the SMC provides network operations and security teams with graphical views of the current state of the organization s traffic. Within seconds, these teams can see exactly where to focus their attention. The SMC allows administrators to easily construct maps of their network based on any criteria, such as location, function or virtual environment. By creating a connection between two groups of hosts, operators can quickly analyze the traffic traveling between them. Then, simply by selecting a data point in question, they can drill down to gain even deeper insight into what is happening at any point in time. With the SLIC Threat Feed, data on known botnets is automatically incorporated into the System. 2

Shedding Light on the NAT Blind Spot with NAT Stitching Relational flow maps enable network and security personnel to quickly investigate areas that need attention. Using data from select devices, the System can unify NAT information from inside the firewall with information from outside the firewall to pinpoint which IPs and users inside the network are responsible for a particular action. Access to this unique information prevents would-be hackers and other bad actors from hiding behind NAT. With NAT stitching, organizations can quickly identify the source of any possible outbound attack or copyright violation notice. Analyze Network Traffic Down to the Application and User Level With the advent of Web 2.0, as much as 85% of all network traffic is now going through port 80. As a result, distinguishing between individual applications has become increasingly difficult. Both network operations and security teams need to know what, when and how applications are in use across the enterprise to optimize performance and secure the network. The SMC brings true Layer 7 application visibility to network and security teams by gathering application information and packet-level metrics and displaying them in easily understood pie charts, graphs and tables. In addition, administrators can use the SMC to define their own custom applications based on IP addresses. For example, one group of IP addresses can represent all of the Exchange servers in the organization. Another group of IP addresses can represent all of the DNS servers and so on. Real-time visualization helps network and security teams identify risky user behaviors such as P2P file sharing. How It Works The System stitches NAT communications together to enhance visibility at the network edge. The SMC configures, coordinates and manages the System appliances, including FlowCollector, FlowSensor, and IDentity appliances. As these devices gather intelligence from critical segments throughout the enterprise, they feed it to the SMC. The SMC in turn correlates this information in real time and displays it in an easily understood graphical format. Along with flow export technologies, the System can collect data from other types of technologies, such as firewalls, Web proxies, intrusion detection devices (IDS), intrusion prevention systems (IPS) and network admission control (NAC) systems. The SMC associates this data with behavior-based, flow-driven events, displays it graphically and stores it in the database for further analysis. In addition, the flexible SOAP-compliant Web API provides programmable access to System data from within enterprise applications, such as SIEMs, network managers, trouble-ticketing systems and third-party reporting systems. 3

Management Console or VE FAILOVER Management Console Virtual Edition (VE) Syslog, SNMP NetFlow/sFlow FC or ID FlowReplicator FlowCollector FlowCollector Virtual Edition (VE) Cisco ISE IDentity NetFlow/sFlow + Application Information + Packet-Level Metrics Legacy Traffic Analysis Software NetFlow, Syslog, SNMP NetFlow-enabled Routers, Switches, Firewalls FlowSensor vsphere with FlowSensor VE User and Device Information Feeds of emerging threat information The SMC provides centralized management, configuration and reporting for all System devices. Management Console Features Matrix *Limited functionality with sflow Features Network Security User identity tracking Flexible deployment options, including virtual Quick root-cause analysis, troubleshooting Relational flow maps NAT stitching Custom dashboards Custom reports Automated blocking, remediation or rate limiting Top N reports for applications, services, ports, protocols, hosts, peers and conversations Traffic composition breakdown Customizable user interface based on Point-of-View TM technology Support for multi-gigabit and large-scale MPLS network environments Advanced flow visualization Massive scalability Combined internal and external monitoring Capacity planning and historical traffic trending WAN optimization reporting* DSCP bandwidth utilization Worm propagation visualization Internal security for high-speed networks 4

Management Console Specifications SMC 500 and 1000* SMC 2000* Network Management Port 1; 10/100/1000 Copper Database Capacity 1 TB (RAID-6 Redundant) 2 TB (RAID-6 Redundant) Hardware Platform Hardware Generation Rack Units (Mountable) Power Heat Dissipation Dimensions Weight Rails Regulatory * System v6.5 specifications FCC (U.S. only) Class A DOC (Canada) Class A CE Mark (EN55022 Class A, EN55024, EN61000-3-2, EN 61000-3-3, EN60950) R620 12G 1U Redundant 750W AC, 50/60 Hz Auto Ranging (100V to 240V) 2,891 BTU per hour maximum Height: 1.68 in. (4.3 cm) Width: 17.08 in. (43.4 cm) Depth: 27.25 in. (69.2 cm) 41 lb (18.6 kg) Sliding Ready Rails with Cable Management Arm VCCI Class A UL 1950 CSA 950 Please contact sales@lancope.com for a complete list. SMC Virtual Edition (VE) The SMC Virtual Edition (VE) is designed to perform the same function as the appliance edition, but in a VMware environment. The SMC VE Minimum Resource Requirements table shows the minimum resource requirements for the SMC VE to operate based on the number of FlowCollectors sending it data. However, the SMC VE scales dynamically according to the resources allocated to it. Therefore, for the SMC VE to operate effectively, be sure to allocate resources so that they are reserved for the SMC VE and not shared with any other virtual machine. SMC VE Minimum Resource Requirements FlowCollectors Concurrent Users Reserved Memory Storage 1 Up to 2 4 GB 2 Up to 3 Up to 5 8 GB 3 Up to 5 Up to 10 16 GB 4 Note: If the External Event processing (Syslog) feature is used, then more memory and processing resources will be required. 2014 Lancope, Inc. All rights reserved. Lancope,, and other trademarks are registered or unregistered trademarks of Lancope, Inc. All other trademarks are properties of their respective owners. DSV3-r001-03262014 STEALTHWATCH MANAGEMENT CONSOLE 6.5 DATA SHEET www.lancope.com 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information