Lancope Inc.s launch this month of its first SMC (StealthWatch Management Console) appliance, and the simultaneous release of its StealthWatch 4.1 system software, makes the companys network behavior anomaly detection tools far easier to manage than previous StealthWatch versions. The ability to manage sensors, policies, alerts and reports is a key differentiator in the hotly contested anomaly detection market, which includes competitors such as Arbor Networks Inc.s Peakflow X and iSpheres Corp.s Halo.However, because configuration changes will have a huge impact on the quality of security data being reported by the StealthWatch appliance to the SMC, only senior security staff should be allowed to create SMC policies. People can make mistakes, and we wish there were an automatic way to roll back configuration changes. NBAD (network behavior anomaly detection) systems are relatively pricey, and Lancopes SMC and accompanying StealthWatch appliance are no exception. The SMC and the StealthWatch appliance start at $9,995 each, and there is a fee of $1,995 to $3,995 for every StealthWatch appliance connected to the SMC. The console is based on Dell Inc.s PowerEdge 1750 server with dual 3.06GHz processors, 4GB of RAM and 146GB of hard drive space in a RAID 5 configuration. The beefy hardware is required to process the network traffic flows to discern patterns that fall outside the profiles the StealthWatch system software learns over time. New in this version of the software is a three-dimensional StatusView that clearly shows the security posture and the health of a network in real timesomething earlier versions of the software could not do. We found the graphic displays useful, but we recommend that IT managers spend their time scrutinizing the other real-time monitors included in this version of the system software. The new investigation work space view provided us with all the data views created by the product and allowed us to move easily among windows of data while also being able to see tables that showed time stamps indicating when particular network devices were acting in an anomalous manner. In tests, the SMC appliance worked without a hitch and should perform well in large-scale deployments. Setting up trust relationships between appliances and the SMC must be done manually, but these management connections are important enough to warrant the extra effort. Once we established these trusted relationships between the StealthWatch appliance and the SMC, the policy and configuration changes were simple to make. Lancope did not significantly change the anomaly detection capabilities in this version of the StealthWatch system software, focusing, instead, on monitoring and management improvements. Nevertheless, we were impressed with the extent and accuracy of the SMCs reports of anomalous behavior in our network, and we could use the reports to determine quickly when likely security problems were occurring. Labs Technical Director Cameron Sturdevant can be reached at firstname.lastname@example.org. Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
During tests at eWEEK Labs, in which we collected network data for more than a month to train the StealthWatch appliance, we found that Lancopes SMC made creating and distributing policies a painless task.