Combining the advanced security capabilities of Lancope and Cisco, the Cyber Threat Defense Solution provides visibility into the network interior. By collecting and analyzing NetFlow, IPFIX and other flow data from existing infrastructure, StealthWatch provides insight into internal and external threats facing enterprise networks. Automatic threat prioritization and optional, automated mitigation further expedite troubleshooting and reduce the time between problem identification and resolution.
The StealthWatch Management Console (SMC) serves as the central point for collecting, analyzing, graphically displaying and reporting on network and security data across the enterprise. Through these new, specialized dashboards included in the SMC, administrators can now more easily view actionable intelligence surrounding:
Network reconnaissance – probing of the network to uncover attack vectors that can be leveraged for customized attacks.
Internal malware propagation – the spread of malware across hosts on the internal network to gather security reconnaissance information, steal data or create backdoors for infiltrating a network.
Command-and-control traffic – botnet communications between attackers and compromised hosts within the network.
Data exfiltration – the export of sensitive information back to an attacker, generally via command-and-control communications.
These new levels of intelligence help to ensure that security analysts can determine the correct next steps to take for mitigating each type of risk. In addition to combating threats in real time, the data can also be used for additional efforts including forensic investigations and regulatory compliance.
Not relying on signature updates to detect attacks, StealthWatch delivers the situational awareness needed to achieve security and network performance across the entire enterprise. The system is scalable to meet the needs of even the largest networks, analyzing up to 3 million flows per second, and can also provide visibility into virtual environments.
Behavioral analysis and capabilities including identity, application and mobile device awareness enable organizations to remain a step ahead of the many cyber-attacks threatening to take down their networks or extract confidential data.