Lancope Extends NetFlow-Based Behavioral Analytics to the Perimeter for Greater Contextual AwarenessExtension of internal monitoring capabilities to the perimeter dramatically improves network visibility, performance and security
ATLANTA, GA & LAS VEGAS, NV – July 11, 2011 – (Cisco Live conference) – Lancope, Inc., a leader in flow-based security, network and application performance monitoring, has announced that it will now combine internal and perimeter-based network monitoring for greater contextual awareness. By integrating NetFlow analysis from the internal network with key data from perimeter devices such as firewalls, Lancope will enable customers to achieve dramatically improved visibility, performance and security.
Through its new capabilities, Lancope’s StealthWatch® System will now assign Concern Index™ points to IP addresses that are continuously denied access to the network by perimeter technologies. When malicious users evade perimeter defenses, they will already be red hot, lighting up their activity to IT administrators as a potential concern immediately upon entering the network. By applying behavioral analytics to data from the network perimeter, organizations can be better prepared to detect attacks that make it into the internal environment.
“StealthWatch can now not only consume flow data from devices at the perimeter, but also learn from them,” said Joe Yeager, director of product management for Lancope. “The system takes the knowledge gained by the perimeter, and combines it with its own deep understanding of internal network activity. It then applies behavioral analytics to the data to deliver the overall picture needed to combat advanced threats and troubleshoot the tough issues facing today’s complex networks.”
Extending behavioral analytics to the perimeter vastly improves risk posture, as well as a wide range of other IT initiatives including policy management, network troubleshooting and compliance. These new capabilities will initially support NSEL flow data from Cisco ASA 5500 Series Adaptive Security Appliances, and will also support other firewalls in the future. As additional security devices on the market such as IDS/IPS add support for NetFlow and other types of flow data, Lancope will extend these capabilities to those technologies as well.
“In today’s environment, with a quickly vanishing perimeter and increasingly sophisticated cyber attacks, external defenses are no longer enough to adequately protect network assets and users,” said Mike Potts, president and CEO of Lancope. “Lancope has always been dedicated to providing in-depth visibility into the internal network for improved performance and security. By combining internal and external monitoring, we are introducing unique capabilities to the market that will even further strengthen organizations’ governance, risk management and compliance initiatives.”
Lancope’s StealthWatch fills in the gaps between other network and security technologies to provide faster troubleshooting and more secure, high-performance networks. By leveraging flow data from existing devices, the system eliminates blind spots, cuts network and security management costs and dramatically reduces the time from problem onset to resolution.
Not relying on signature updates, StealthWatch uncovers sophisticated, zero-day attacks that bypass perimeter defenses, as well as internal threats such as policy violations, network misuse, unauthorized access, device misconfigurations and data leakage. Advanced features including application and identity awareness, as well as automatic threat prioritization and mitigation, also make the system ideal for other efforts such as forensic investigations. StealthWatch is scalable to meet the needs of even the largest networks, and can also monitor and protect virtual environments.
Lancope is demonstrating its combined internal and external monitoring capabilities and other components of the StealthWatch System at Cisco Live Booth #1751. StealthWatch is also monitoring all show floor traffic for the conference, including flow data from the Cisco ASA 5500 Series.
Lancope’s combined internal and external monitoring capabilities will be available in August as part of the StealthWatch 6.1 product release. Current customers can contact their account manager, local Support Partner or Lancope Customer Care ([email protected]) for more information. Others can contact [email protected] or their local Lancope representative.
Lancope®, Inc. is a leading provider of flow-based monitoring solutions to ensure high-performing and secure networks for global enterprises. Unifying critical network performance and security information for borderless network visibility, Lancope provides actionable insight that reduces the time between problem identification and resolution. Enterprise customers worldwide, including healthcare, financial services, government and higher education institutions, rely on Lancope to make better network decisions, respond faster to network problem areas and avoid costly outages and downtime – at a fraction of the cost of conventional network monitoring solutions. With Lancope, you can know your network and run your business better. Privately held and venture-backed, Lancope is headquartered in Atlanta, Georgia. For more information, visit www.lancope.com.