Mapping to NIST 800-53 and Exceeding the Standard with StealthWatch



Similar documents
Network Performance + Security Monitoring

Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats

Looking at the SANS 20 Critical Security Controls

Security and Privacy Controls for Federal Information Systems and Organizations

STEALTHWATCH MANAGEMENT CONSOLE

FISMA / NIST REVISION 3 COMPLIANCE

SANS Top 20 Critical Controls for Effective Cyber Defense

Cisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats

Compliance Overview: FISMA / NIST SP800 53

How To Manage Security On A Networked Computer System

Overview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A

CORE Security and GLBA

CTR System Report FISMA

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Cyb T er h Threat D f e ense S l o uti tion Moritz Wenz, Lancope 1

The Cloud App Visibility Blindspot

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Get Confidence in Mission Security with IV&V Information Assurance

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE

STEALTHWATCH MANAGEMENT CONSOLE

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Concierge SIEM Reporting Overview

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

ForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002

Security Controls Assessment for Federal Information Systems

I D C A N A L Y S T C O N N E C T I O N

Cisco Cyber Threat Defense - Visibility and Network Prevention

Breaking down silos of protection: An integrated approach to managing application security

Solutions Brochure. Security that. Security Connected for Financial Services

IBM Internet Security Systems October FISMA Compliance A Holistic Approach to FISMA and Information Security

The Business Case for Security Information Management

IBM Security QRadar Risk Manager

Cisco SAFE: A Security Reference Architecture

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

End-user Security Analytics Strengthens Protection with ArcSight

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Cisco Advanced Malware Protection

The Importance of Cybersecurity Monitoring for Utilities

Defending Against Data Beaches: Internal Controls for Cybersecurity

How To Buy Nitro Security

IBM Security QRadar Risk Manager

REVOLUTIONIZE THE WAY YOU VIEW YOUR NETWORK GAIN A UNIFIED VIEW OF SECURITY AND NETWORK OPERATIONS ACROSS PHYSICAL AND VIRTUAL NETWORKS

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

IBM Security Intelligence Strategy

COORDINATION DRAFT. FISCAM to NIST Special Publication Revision 4. Title / Description (Critical Element)

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Requirements When Considering a Next- Generation Firewall

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

INTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH

Health Insurance Portability and Accountability Act Enterprise Compliance Auditing & Reporting ECAR for HIPAA Technical Product Overview Whitepaper

THE TOP 4 CONTROLS.

with NetFlow Technology Adam Powers Chief Technology Officer

Analyzing HTTP/HTTPS Traffic Logs

CONTINUOUS MONITORING

RSA Security Analytics

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Netwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure

Carbon Black and Palo Alto Networks

Total Protection for Compliance: Unified IT Policy Auditing

The SIEM Evaluator s Guide

Best Practices for Building a Security Operations Center

Security Control Standard

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

NIST A: Guide for Assessing the Security Controls in Federal Information Systems. Samuel R. Ashmore Margarita Castillo Barry Gavrich

Avoiding the Top 5 Vulnerability Management Mistakes

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

CA Host-Based Intrusion Prevention System r8.1

Cisco Advanced Malware Protection for Endpoints

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Maximize Network Visibility with NetFlow Technology. Andy Wilson Senior Systems Engineer Lancope

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

Extreme Networks Security Analytics G2 Risk Manager

How To Protect Your Data From Attack

TRIPWIRE NERC SOLUTION SUITE

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

Incident Response. Six Best Practices for Managing Cyber Breaches.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Preemptive security solutions for healthcare

How To Secure Your System From Cyber Attacks

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Using LYNXeon with NetFlow to Complete Your Cyber Security Picture

Cloud Security for Federal Agencies

ARS v2.0. Solution Brief. ARS v2.0. EventTracker Enterprise v7.x. Publication Date: July 22, 2014

Altius IT Policy Collection Compliance and Standards Matrix

The Hillstone and Trend Micro Joint Solution

Introducing IBM s Advanced Threat Protection Platform

Cisco Advanced Malware Protection for Endpoints

Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples

Seven Things To Consider When Evaluating Privileged Account Security Solutions

On-Premises DDoS Mitigation for the Enterprise

Vulnerability Management

Continuous Network Monitoring

Transcription:

Mapping to NIST 800-53 and Exceeding the Standard with StealthWatch Using Lancope s StealthWatch System for Better Incident Response and Network Protection By Kevin Beaver, CISSP White Paper Mapping to NIST 800-53 and Exceeding the Standard with StealthWatch 1

Table of Contents Executive Summary 3 Introduction 3 What You Need to Know About NIST SP 800-53 Revision 4 4 How Lancope s StealthWatch System Maps to NIST SP 800-53 5 The Network as a Sensor 9 Proper Incident Response is Often the Missing Link 10 Conclusion 11 The Lancope StealthWatch System 13 White Paper Mapping to NIST 800-53 and Exceeding the Standard with StealthWatch 2

Executive Summary Today s network threats require government agencies and corporations alike to shift how they address information security. From the most technical IT administrators to high-level business executives, key personnel within the United States federal government and the private industry corporations they do business with are realizing that network control is decreasing while the risks are increasing. You cannot secure what s happening on the network if you don t know about it which underscores the importance of having the proper network security tools and processes in place to obtain the insight needed to respond in a rapid and focused manner when incidents do occur. The general lack of information about who is doing what, when, where, and how on enterprise networks underscores the fact that we really don t have control over our networks. This white paper discusses the latest revision of the NIST Special Publication 800-53 1 standard for information security and privacy, and maps these changing security controls to Lancope s StealthWatch System. It also defines how Lancope enables government agencies and corporations to address mobile and cloud security; application security; trustworthiness, assurance, and resiliency of information systems; the insider threat; supply chain security; and the advanced persistent threat (APT). With the StealthWatch System, organizations can baseline, inventory, and label network assets, uncover and remediate security deficiencies, and continuously monitor and report on issues to maintain a strong security posture. Lancope s ability to transform the network into a virtual sensor grid helps facilitate compliance and ensure the ongoing visibility and control needed to minimize risks. Introduction Enterprise IT within government agencies and corporations is bearing a heavy burden today. Organizations are being attacked from inside and out. Malware is relentless. The budgets behind the threats have no limits. Given enough motivation, practically anyone can orchestrate and execute an attack capable of stealing priceless information or bringing down critical networks once deemed unbreakable. All it takes is one weakness or oversight for an attack or data theft to be carried out. 1 NIST Special Publication 800-53 Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations, April 2013, http://csrc.nist.gov/publications/drafts/800-53-rev4/sp800-53-rev4-ipd.pdf White Paper Mapping to NIST 800-53 and Exceeding the Standard with StealthWatch 3

A serious challenge arguably the underlying cause of these security risks is the complexity of information systems. Be it cloud applications, mobile devices, or anything on the network in between, the sheer complexity of any given enterprise IT environment can create enormous security risks. The technical components that make up the network (applications, infrastructure devices, and the like) aren t all to blame. There are also people, policies, and processes in the mix that can make many networks seemingly unmanageable. But it s not all bad. Government agencies and corporations have numerous and often free resources at their disposal to provide guidance, including National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53. The SP 800-53 standard, now in its fourth revision, has been updated to address the evolving challenges government agencies are currently facing. Various improvements have been made to address areas such as cloud computing, APTs, and information privacy all relevant issues impacting IT teams across the country. NIST SP 800-53 is one of the most relevant information security standards frameworks. Its granular controls, based on the varying priorities of diverse information systems, provide detailed guidance on protecting networks and critical data. What You Need To Know About NIST SP 800-53 Revision 4 Originating from the Federal Information Security Management Act (FISMA) of 2002, NIST Special Publication 800-53 Security and Privacy Controls for Federal Information Systems and Organizations is to be used in conjunction with the Federal Information Processing Standard (FIPS) to ensure that federal agencies comply with FISMA requirements. In other words, NIST SP 800-53 is a document that contains guidance, controls, and best practices to help federal agencies manage their information risks. The SP 800-53 standard has 18 unique security control families that address the fundamental information security principles that many other standards and regulations, such as ISO/ IEC 27001 and the Health Insurance Portability and Accountability Act (HIPAA), are based upon. Many corporations especially those that deal with the federal government also use NIST SP 800-53 as guidance for their own information security programs. White Paper Mapping to NIST 800-53 and Exceeding the Standard with StealthWatch 4

The latest revision of NIST SP 800-53 (revision 4) was published in April 2013. Its key improvements include: The concept of overlays for more tailored security controls in unique environments Privacy controls addressing the management of sensitive data More granular and streamlined guidance around security control baselines Control mappings to Common Criteria (ISO/IEC 15408) The new SP 800-53 revisions provide additional focus on taking a riskbased approach (referred to as Build It Right ), and on continuous monitoring 2, underscoring the importance of these two concepts in protecting enterprise networks. The document also addresses emerging technologies such as mobile devices and cloud computing, as well as threats such as APTs and malicious insiders. These are all key areas of focus for Lancope s StealthWatch System product line. Keep in mind that before SP 800-53 can be realized on the network, endpoints on the network need to be categorized and labeled using FIPS 199. If you haven t performed this exercise, it s a worthy goal to have for the near future. Compliance is a worthy goal for NIST SP 800-53 implementation, but it needs to go much deeper than that. Rather than attempting to piece together siloed security controls, an organization can align with the federal government requirements through acquisition of technologies such as Lancope s StealthWatch. This can minimize long-term resource investments and help ensure proper management of information risks. How Lancope s StealthWatch System Maps to NIST SP 800-53 The StealthWatch System supports FISMA/NIST compliance by providing: Comprehensive, continuous monitoring of the physical and virtual network Behavioral-based anomaly detection to: Detect APTs and zero-day attacks that bypass perimeter defenses Uncover insider threats that can jeopardize security and compliance Custom rules to alarm on network traffic with sensitive systems 2 NIST Special Publication 800-53 Revision 4, Foreword, Page XV White Paper Mapping to NIST 800-53 and Exceeding the Standard with StealthWatch 5

Automatic threat prioritization and mitigation for faster troubleshooting and incident response Layer 7 visibility to track application-level threats Identity awareness to uncover the root cause of issues all the way down to the user Network forensic data for easily conducting security investigations An easy-to-understand graphical user interface for gathering actionable network intelligence Advanced reporting capabilities to assist with demonstrating compliance To help facilitate compliance and ensure the ongoing visibility and control needed to minimize information risks, Lancope s StealthWatch System maps directly to the NIST SP 800-53 requirements in areas such as mobile and cloud computing, trustworthiness, and resiliency of information systems, as shown in the following table. How Lancope s StealthWatch System Maps to NIST SP 800-53 The StealthWatch System network visibility and security intelligence solution delivers key capabilities that map directly to the latest NIST SP 800-53 standard in many areas. Note that this table represents only some of the ways that StealthWatch can help address the 800-53 requirements and is not intended to be an all-inclusive list. For more information you can contact the Lancope federal sales team at fedsales@lancope.com. White Paper Mapping to NIST 800-53 and Exceeding the Standard with StealthWatch 6

SP 800-53 Security Families SP 800-53 Controls StealthWatch Capability Access Control AC-3 - Access Enforcement AC-3 As it relates to observed Network traffic separation (high/low/pci/etc.) Integration with other products such as Cisco ISE takes this a step further. Host Groups / Host Locks / Custom Events / Host Relationship Maps) Audit and Accountability Security Assessment and Authorization AU-2: Audit Events AU-3: Content of Audit Records AU-4: Audit Storage Capacity AU-5: Response to Audit Processing Failures AU-6: Audit Review, Analysis and Reporting AU-7: Audit Reduction and Report Generation AU-8: Time Stamps AU-9: Protection of Audit Information AU-10: Non-repudiation AU-11: Audit Record Retention AU-12: Audit Generation AU-13: Monitoring for Information Disclosure AU-15: Alternate Audit Capability AU-16: Cross-Organizational Auditing CA-2: Security Assessments CA-5: Plan of Action and Milestones CA-7: Continuous monitoring CA-9: Internal System Connections AU-2 (StealthWatch as an Audit source) AU-3 (StealthWatch as an Audit source) AU-4 (StealthWatch as an Audit source) AU-5 (StealthWatch as an Audit source) AU-6 (StealthWatch as an Audit source) AU-7 (StealthWatch as an Audit source) AU-8 (StealthWatch as an Audit source, Flow Tables) AU-9 (StealthWatch as an Audit source and Flows, Host Locks/Custom Events for access to controlled Audit systems) AU-10: Non-repudiation (StealthWatch as an Audit source) AU-11 (StealthWatch as an Audit source) AU-12 (StealthWatch as an Audit source) AU-13 (StealthWatch as an Audit source) AU-15 (StealthWatch as an Audit source) AU-16 (Flow Tables / Syslog) CA-2 (NBA/Custom Events/Host Lock/Flow Tables) CA-5 (As it relates to Network traffic/ Network Planning) CA-7 (Flow Tables) CA-9 (Flow Tables) Configuration Management CM-4: Security Impact Analysis CM-8: Information System Component Inventory CM-4 (As it relates to network usage/ Flow Tables) CM-8: (As the host is observed on the network - Host Profiles/Flows) Identification and Authentication CP-2: Contingency Plan CP-2 (As it relates to Network traffic/network Planning) Incident Response Planning IR-4: Incident Handling IR-5: Incident Monitoring IR-6: Incident Reporting IR-9: Information Spillage Response PL-2: System Security Plan PL-7: Security Concept of Operations PL-8: Information Security Architecture PL-9: Central Management IR-4 (StealthWatch system workflow and integrations with SIEM) IR-5 (StealthWatch as a monitoring/alarming IR-6 (StealthWatch as a monitoring/alarming IR-9: Suspect Data Loss / Data Hoarding Alarm profiles / Host Lock / Custom Events / DPI PL-2 (As it relates to network usage) PL-7 (As it relates to network usage) PL-8 (As it relates to network usage) PL-9 (StealthWatch Management Console / integration with SIEM) White Paper Mapping to NIST 800-53 and Exceeding the Standard with StealthWatch 7

SP 800-53 Security Families SP 800-53 Controls StealthWatch Capability Risk Assessment System and Services Acquisition System and Communications Protection System and Information Integrity Program Management RA-2: Security Categorization RA-3: Risk Assessment SA-4: Acquisition Process SA-13: Trustworthiness SC-5: Denial of Service Protection SC-7 Boundary Protection SC-10: Network Disconnect SC-31: Covert Channel Analysis SI-3: Malicious Code Protection SI-4: Information System Monitoring SI-5: Security Alerts, Advisories and Directives SI-6: Security Function Verification SI-12: Information Handling and Retention PM-5: Information Systems Inventory PM-6: Information Security Measures of Performance PM-7: Enterprise Architecture PM-8: Critical Infrastructure Plan PM-12: Inside Threat Program Pm-14: Testing, Training, and Monitoring PM-16: Threat Awareness Program RA-2 (As it relates to network usage) RA-3 (As it relates to network usage) SA-4 (9) Functions / Ports / Protocol / Services in Use - Host Profiling / Flows - Audit SA-13 (Hostgroups/HostLocks/CustomEvents SC-5 (StealthWatch as a monitoring/alarming SC-7 (StealthWatch as a monitoring/alarming SC-10 (StealthWatch as a monitoring/ alarming SC-31 (StealthWatch as a monitoring/ alarming SI-3 (StealthWatch as a monitoring/alarming source/slic, integration with SIEM) SI-4 (StealthWatch as a monitoring/alarming SI-5 (StealthWatch as a monitoring/alarming SI-6 (StealthWatch as a monitoring/alarming SI-12 (StealthWatch as a monitoring/alarming PM-5 (StealthWatch as a monitoring active host on the network/alarming source, integration with SIEM) PM-6 (StealthWatch as a monitoring/alarming PM-7 (As it relates to network usage/ Flow Tables) PM-8 (As it relates to network usage/ Flow Tables) PM-12 (StealthWatch as a monitoring/ alarming Pm-14 (StealthWatch as a monitoring/ alarming PM-16 (StealthWatch as a monitoring/ alarming *StealthWatch s roles will vary depending on contol systems deployed White Paper Mapping to NIST 800-53 and Exceeding the Standard with StealthWatch 8

In addition to significantly improving compliance, these StealthWatch System capabilities also translate into better incident response and network protection. By leveraging flow data from the network infrastructure, the StealthWatch System provides the pervasive visibility to quickly detect threats on the internal network and the situational awareness to determine who is doing what, on which device, where, and how on enterprise networks. StealthWatch delivers security context that enables organizations to respond rapidly to threats and effectively contain damage. The Network as a Sensor The nice thing about your network is that it can actually be used to protect itself. With dozens, even hundreds, of data extraction/ exporting points (i.e. firewalls, routers, switches and probes that export flow telemetry), you can use the network stack for detecting anomalous activity and minimizing security risks. NetFlow data can be particularly useful. Technologies such as Lancope s StealthWatch can collect NetFlow data and apply intelligence using hundreds of behavioral algorithms to make sense of what s actually happening. Visibility, traceability, and auditability are all part of the incident response equation. Early detection, quick response, and ongoing vigilance are essential for minimizing business risks. With the StealthWatch System, you have the ability to see what s taking place on the network at any given moment. This near real-time insight can help pinpoint which areas of the IT environment need attention and paint a much broader picture of the network s security posture than many people assume is possible. This level of information can be very useful for larger and more complex network environments, such as those at the federal government level. Existing network security technologies such as firewalls, intrusion prevention systems, and content filtering systems are good at preventing known attacks, but alone they fail to protect against advanced targeted attacks or zero-day malware. Not only can a breach bypass these traditional controls, but once you re alerted, odds are good that you still won t have enough information to be able to respond effectively. With today s advanced threats and exploits, perimeter and signature-based solutions are no longer enough. StealthWatch fills in the gaps where other controls fall short to provide cost-effective, pervasive visibility across the entire network. For the advanced threat, there are no longer places to hide and remain persistent. White Paper Mapping to NIST 800-53 and Exceeding the Standard with StealthWatch 9

Proper Incident Response is Often the Missing Link There s a universal IT law that many government agencies and corporations have learned over the years: you cannot secure what you are not aware of. Without pervasive, real-time intelligence into what is actually on the network it is impossible to properly secure or manage the network. The reality that many IT and information security managers and leaders face is that they don t truly have good information about what s happening on their networks. Whether due to budget or time concerns, or both, this blind spot should not be ignored. With technologies like StealthWatch, organizations can continuously monitor for and remediate risks, simplifying compliance processes and maintaining a strong security posture on an ongoing basis without expending excessive amounts of time and resources. NIST SP 800-53 outlines the key areas of a reasonable incident response program. Many organizations have a formal incident response plan to address this, but documentation is not enough. The ability to actually execute the plan is what matters most. In order to do it well, you have to know where on your network the threat actually exists. Technologies and tools such as Lancope s StealthWatch System provide such benefits for incident response, allowing you to receive a quick return on your investment by being able to: Respond to threats more quickly to minimize impact Determine precisely which part of the network is infected Quarantine specific network segments rather than taking down the entire network Conduct thorough forensic investigations to help prevent future threats However you approach incident response, you cannot do it well without 1) seeing the bigger picture, 2) making your decisions based on reliable information, and 3) having the proper tools and telemetry to facilitate the process. White Paper Mapping to NIST 800-53 and Exceeding the Standard with StealthWatch 10

Conclusion The information security demands placed on federal government agencies and corporations by today s advanced threats have changed the way IT professionals must manage their networks. Siloed controls used to be sufficient, and a lack of communication among business units didn t impact information risk. The consequences of a serious network security breach were few and far between. In recent years, however, many things have changed. In order to be effective, today s security operations must involve continuous monitoring, auditing, and reporting in an effort to actually manage information risks. Ensuring that IT-related threats and vulnerabilities are kept in check requires enterprise-level leadership and enterprise-ready tools. A significant part of this effort can, and really should, include proactive security technologies such as Lancope s StealthWatch System. It is also recommended that federal government agencies and corporations get to know the NIST SP 800-53 standard. It has become well known and widely accepted for a reason. Those organizations that have implemented its security control baselines have positioned themselves ahead of the curve. As the saying goes, it pays to dig your well before you re thirsty. Organizations that are proactive in this area of IT will be rewarded time and again. White Paper Mapping to NIST 800-53 and Exceeding the Standard with StealthWatch 11

White Paper Mapping to NIST 800-53 and Exceeding the Standard with StealthWatch VISION TO SECURE, INTELLIGENCE TO PROTECT About the Author Kevin Beaver, CISSP, is an independent information security consultant, writer, and professional speaker with Atlanta, GA-based Principle Logic, LLC. He has two and a half decades of experience in IT and specializes in performing information security assessments revolving around compliance and minimizing business risks. Kevin has authored/coauthored 11 books including one of the best-selling information security books Hacking For Dummies (Wiley) as well as Implementation Strategies for Fulfilling and Maintaining IT Compliance (Realtimepublishers.com) and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He is also the creator and producer of the Security On Wheels audio programs providing security learning for IT professionals on the go (securityonwheels.com). Kevin can be reached at his website www.principlelogic.com and you can follow him on Twitter at @kevinbeaver and connect to him on LinkedIn at www. linkedin.com/in/kevinbeaver. 12

White Paper Mapping to NIST 800-53 and Exceeding the Standard with StealthWatch VISION TO SECURE, INTELLIGENCE TO PROTECT The Lancope StealthWatch System Lancope, Inc. is a leading provider of network visibility and security intelligence to defend organizations against today s top threats. Delivering pervasive insight across distributed networks, Lancope improves incident response, streamlines forensic investigations, and reduces enterprise risk. The StealthWatch System helps government agencies and corporations address: APT - The StealthWatch System can detect the various steps of an advanced attack including network reconnaissance, internal pivoting, zero-day malware, C&C communications, and data exfiltration. Insider Threat - The StealthWatch System provides the internal network insight needed to identify suspicious user activities however authenticated and thwart attacks launched by malicious insiders trying to sabotage the organization or steal confidential data. Malware - The StealthWatch System can detect the full spectrum of malware and botnets, including zero-day attacks, whether they come in through the perimeter, from mobile devices, or on USB keys. DDoS - DDoS attacks have become increasingly prominent, and the size of the attacks keeps growing. The StealthWatch System identifies DDoS attack sources before they cause costly service outages. Audit & Compliance The StealthWatch System monitors communications across networks and the cloud for more effective compliance. The system helps enforce policies and detects network misuse and unauthorized access to confidential data, while firewall auditing capabilities ensure that traffic adheres to security policies. BYOD The StealthWatch System monitors users and mobile devices on the network, including personal smart phones, tablets, and laptops. Mobile awareness helps pinpoint the exact source of issues such as zero-day attacks, insider threats, policy violations, and data leakage. Performance Bottlenecks - The StealthWatch System provides high-level traffic overviews and sophisticated drill-down capabilities to help uncover the root cause of network slowdowns within minutes. To learn more or request a demo, contact fedsales@lancope.com. Lancope, Inc. 3650 Brookside Parkway, Suite 500, Alpharetta, GA 30022 (888) 419-1462 www.lancope.com 2014 Lancope, Inc. All rights reserved. Lancope, StealthWatch, are registered trademarks of Lancope, Inc. All other trademarks are properties of their respective owners. WP-r03-12112014 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information