Lancope updated its StealthWatch platform to collect and analyze network data traffic to identify security and network problems based on deep packet inspection and real-time bandwidth information.
Lancope updated its StealthWatch network behavioral analysis
platform with application awareness and visualization tools to help IT managers
detect and address network problems.
The new StealthWatch platform can analyze up to 1.5 million
flows per second, according to Lancope. It features granular application
awareness, flexible grouping of network assets and relational mapping for
network visualization, Lancope said.
StealthWatch 6.0, announced Feb. 7, collects and analyzes network
data flows and other traffic data to give IT teams end-to-end network
visibility and greater forensic intelligence to identify anomalous activity,
such as traffic spikes, botnet activity
and performance degradation, Mike
Potts, president and CEO of Lancope, told eWEEK. StealthWatch represented an "intersection of
network and security," Potts said, as the platform examines flow data to
identify both network and security issues. Managers can't identify the problem
if they can't figure out what's wrong with the environment, he said.
"Remediation comes later. The first step is to focus on
what's happening with the network or application," said Potts. Stealthwatch reduces
the time from problem onset to resolution, he said.
Lancope added application awareness to StealthWatch so that
it can use deep packet inspection technology to really understand what is
passing through Port 80, Joe Yeager, product manager at Lancope, told eWEEK.
When 85 percent of network traffic is Web traffic passing through that port, it
is critical that network administrators have deep visibility inside that
, Yeager said.
Security teams need to be able to answer questions like,
"What is that traffic? Is that file transfer a legitimate activity or not?"
Fine-grained application awareness also enables IT teams to
determine if reports of "slowness" are actually caused by network problems or
if they are really application issues, such as heavy video usage, a malicious
program or an issue within an application, Yeager said.
"Is it the network or the application? The network is
guilty till proven innocent," he said.
Everyone points fingers when reporting slowness, but it's
hard to investigate what users are experiencing, he said. He cited a Gartner
report that business blamed the network 80 percent of the time for problems,
but that it was at fault only a quarter of the time.
Understanding the cause of performance issues saves organizations
from throwing bandwidth capacity at what appear to be network issues but may be
related to applications or a faulty configuration on the DNS server, he said.
The new relational mapping capability also helps IT managers
visualize what is happening in the network in real-time via customizable diagrams,
Yeager said. The various assets can be designated on the map based on network
topologies and logical groupings such as all assets belonging to a business
unit, Yeager said. These maps display real-time information about the network
flow data between assets, giving IT managers instant feedback about what kind
of bandwidth is available for each connection, Yeager said.
At the University of Rotterdam, a network administrator was
able to look at the relational map and know immediately that the network was
not at fault for an application that was performing sluggishly, Yeager said.
The map indicated there was plenty of bandwidth available, so the IT team was
able to investigate and find the real issue, he said.
"There's an onslaught of traffic," Potts said, noting that companies such as health care firms are
processing large amounts of data and transactions daily.
Network managers have to get to problem resolution faster
with more data on hand, Yeager said.
StealthWatch also features advanced reporting capabilities
that allow IT managers to retrieve the exact and detailed information relating
to the incident and easily create high-level reports for senior executives,
Yeager said. The reports can organize asset information in logical groupings,
but also allow managers to drill-down to user level. "Universities can tell
what kind of things students are doing on the network, and then send e-mails to
specific students violating network policy saying, -Don't do that.- It changes
the students' behavior," Yeager said.
Pricing for StealthWatch 6.0 starts at $55,995 and is
available immediately, Lancope said.