Lancope Adds Application Awareness to StealthWatch Network Analysis Suite

Lancope updated its StealthWatch platform to collect and analyze network data traffic to identify security and network problems based on deep packet inspection and real-time bandwidth information.

Lancope updated its StealthWatch network behavioral analysis platform with application awareness and visualization tools to help IT managers detect and address network problems.

The new StealthWatch platform can analyze up to 1.5 million flows per second, according to Lancope. It features granular application awareness, flexible grouping of network assets and relational mapping for network visualization, Lancope said.

StealthWatch 6.0, announced Feb. 7, collects and analyzes network data flows and other traffic data to give IT teams end-to-end network visibility and greater forensic intelligence to identify anomalous activity, such as traffic spikes, botnet activity and performance degradation, Mike Potts, president and CEO of Lancope, told eWEEK. StealthWatch represented an "intersection of network and security," Potts said, as the platform examines flow data to identify both network and security issues. Managers can't identify the problem if they can't figure out what's wrong with the environment, he said.

"Remediation comes later. The first step is to focus on what's happening with the network or application," said Potts. Stealthwatch reduces the time from problem onset to resolution, he said.

Lancope added application awareness to StealthWatch so that it can use deep packet inspection technology to really understand what is passing through Port 80, Joe Yeager, product manager at Lancope, told eWEEK. When 85 percent of network traffic is Web traffic passing through that port, it is critical that network administrators have deep visibility inside that network traffic, Yeager said.

Security teams need to be able to answer questions like, "What is that traffic? Is that file transfer a legitimate activity or not?" Yeager said.

Fine-grained application awareness also enables IT teams to determine if reports of "slowness" are actually caused by network problems or if they are really application issues, such as heavy video usage, a malicious program or an issue within an application, Yeager said.

"Is it the network or the application? The network is guilty till proven innocent," he said.

Everyone points fingers when reporting slowness, but it's hard to investigate what users are experiencing, he said. He cited a Gartner report that business blamed the network 80 percent of the time for problems, but that it was at fault only a quarter of the time.

Understanding the cause of performance issues saves organizations from throwing bandwidth capacity at what appear to be network issues but may be related to applications or a faulty configuration on the DNS server, he said.

The new relational mapping capability also helps IT managers visualize what is happening in the network in real-time via customizable diagrams, Yeager said. The various assets can be designated on the map based on network topologies and logical groupings such as all assets belonging to a business unit, Yeager said. These maps display real-time information about the network flow data between assets, giving IT managers instant feedback about what kind of bandwidth is available for each connection, Yeager said.

At the University of Rotterdam, a network administrator was able to look at the relational map and know immediately that the network was not at fault for an application that was performing sluggishly, Yeager said. The map indicated there was plenty of bandwidth available, so the IT team was able to investigate and find the real issue, he said.

"There's an onslaught of traffic," Potts said, noting that companies such as health care firms are processing large amounts of data and transactions daily.

Network managers have to get to problem resolution faster with more data on hand, Yeager said.

StealthWatch also features advanced reporting capabilities that allow IT managers to retrieve the exact and detailed information relating to the incident and easily create high-level reports for senior executives, Yeager said. The reports can organize asset information in logical groupings, but also allow managers to drill-down to user level. "Universities can tell what kind of things students are doing on the network, and then send e-mails to specific students violating network policy saying, -Don't do that.- It changes the students' behavior," Yeager said.

Pricing for StealthWatch 6.0 starts at $55,995 and is available immediately, Lancope said.