www.lancope.com 1

StealthWatch® System

STEALTHWATCH® MANAGEMENT CONSOLE

The StealthWatch System by Lancope is a leading solution for network visibility and security intelligence across physical and virtual environments. With the StealthWatch System, network operations and security teams obtain actionable insight into who is using the network, what applications and services are in use and how well they are performing. The StealthWatch System delivers total, unified network visibility from a single, integrated platform to improve threat detection and incident response while increasing network availability and reducing enterprise risk.

The StealthWatch Management Console (SMC) provides the single vantage point for disparate IT groups to see contextual information about all activity across the network and to investigate accordingly. It is available as either a physical or virtual appliance.

Solve Issues in Minutes, Not Days with Pervasive Network Visibility With the SMC, gone are the days when different IT departments spent hours and even days trying to isolate the root cause of an issue before finally being able to deploy the appropriate personnel to take corrective action.

By simply glancing at the SMC’s user-friendly graphical interface, operators can immediately spot and zoom in on any unusual behavior. Using the SMC’s unique drill-down features, IT personnel can go from identifying the issue to isolating the root cause within minutes, identifying affected applications and users along the way, thereby reducing Mean Time To Know (MTTK), enhancing operational efficiency and decreasing costs.

Administrators can rapidly detect and prioritize security threats, pinpoint network misuse and suboptimal performance and manage event response across the enterprise – all from a single control center. Armed with graphical representations of network traffic, customized summary reports and integrated security and network intelligence, operators can easily identify internal and

The SMC empowers the security team to proactively identify threats on the network that could lead to data breaches or performance issues. From worms, viruses and other malware to targeted attacks, DDoS, insider threats and APTs, the StealthWatch System provides the in-depth visibility and security context needed to thwart evolving threats.

The StealthWatch System quickly zooms in on any unusual behavior, immediately sending an alarm to the SMC with the contextual information necessary for security personnel to take quick, decisive action to mitigate any potential damage.

Visualize and Troubleshoot APTs, Malware and Insider Threats

The SMC is a centralized control center with customizable views and powerful drill-down capabilities.

external attacks, network exposures and policy violations. The SMC also enhances network management through trend analysis, firewall and capacity planning, and performance monitoring.

www.lancope.com 2

By collecting, analyzing and storing large amounts of NetFlow, IPFIX and other types of flow data for extended periods of time, the StealthWatch System also provides a full audit trail of all network transactions for more effective forensic investigations. Comprehensive network intelligence eliminates the time-consuming and resource-intensive manual investigation associated with other solutions.

The SMC’s sophisticated flow visualization enables operators to immediately understand attack activity, propagation and impact, quickly identifying points of entry to expedite incident response and fortify defenses.

With the SLIC Threat Feed, data on known botnets is automatically incorporated into the StealthWatch System.

Gain More Insight into Evolving Threats with the New SLIC Threat FeedThe StealthWatch LabsTM Intelligence Center (SLIC) is Lancope’s research initiative through which global intelligence on the Internet’s top threats is delivered to customers and the public. Lancope’s research group, StealthWatch Labs, conducts both in-house research and taps into a broad community of third-party experts and partners to aggregate emerging threat information from around the world. Through the SLIC Threat Feed, Lancope correlates real-time intelligence on global threats with suspicious network activity to alert on hosts infected with advanced malware, including botnet activity.

Continuously monitoring customer networks for thousands of known command-and-control servers, the threat feed further enhances Lancope’s early threat detection capabilities, preventing cyber-attacks from wreaking havoc on corporate and government networks.

Accelerate Problem Resolution with Customizable Relational Flow Mapping™With real-time, customizable relational flow maps, the SMC provides network operations and security teams with graphical views of the current state of the organization’s traffic. Within seconds, these teams can see exactly where to focus their attention.

The SMC allows administrators to easily construct maps of their network based on any criteria, such as location, function or virtual environment. By creating a connection between two groups of hosts, operators can quickly analyze the traffic traveling between them. Then, simply by selecting a data point in question, they can drill down to gain even deeper insight into what is happening at any point in time.

www.lancope.com 3

Analyze Network Traffic Down to the Application and User LevelWith the advent of Web 2.0, as much as 85% of all network traffic is now going through port 80. As a result, distinguishing between individual applications has become increasingly difficult. Both network operations and security teams need to know what, when and how applications are in use across the enterprise to optimize performance and secure the network.

Relational flow maps enable network and security personnel to quickly investigate areas that need attention.

Real-time visualization helps network and security teams identify risky user behaviors such as P2P file sharing.

Shedding Light on the NAT Blind Spot with NAT StitchingUsing data from select devices, the StealthWatch System can unify NAT information from inside the firewall with information from outside the firewall to pinpoint which IPs and users inside the network are responsible for a particular action. Access to this unique information prevents would-be hackers and other bad actors from hiding behind NAT. With NAT stitching, organizations can quickly identify the source of any possible outbound attack or copyright violation notice.

The StealthWatch System stitches NAT communications together to enhance visibility at the network edge.

How It WorksThe SMC configures, coordinates and manages the StealthWatch System appliances, including FlowCollector, FlowSensor, and IDentity appliances. As these devices gather intelligence from critical segments throughout the enterprise, they feed it to the SMC. The SMC in turn correlates this information in real time and displays it in an easily understood graphical format.

Along with flow export technologies, the StealthWatch Sys tem c an co l lec t dat a f rom other t ypes o f technologies, such as firewalls, Web proxies, intrusion detection devices (IDS), intrusion prevention systems (IPS) and network admission control (NAC) systems. The SMC associates this data with behavior-based, flow-driven events, displays it graphically and stores it in the database for further analysis.

The SMC brings true Layer 7 application visibility to network and security teams by gathering application information and packet-level metrics and displaying them in easily understood pie charts, graphs and tables. In addition, administrators can use the SMC to define their own custom applications based on IP addresses. For example, one group of IP addresses can represent all of the Exchange servers in the organization. Another group of IP addresses can represent all of the DNS servers and so on.

Increasingly, access to endpoint data for a full contextual view is necessary for complete analysis. Being able to launch and analyze data from an endpoint agent offers a greater degree of visibility to devices connected to the network. Change parameters and modify data to fit desired needs adds even higher fidelity to user traffic.

www.lancope.com 4

The SMC provides centralized management, configuration and reporting for all StealthWatch System devices.

StealthWatch Management Console Features Matrix

Features Network Security

User identity tracking

Flexible deployment options, including virtual

Quick root-cause analysis, troubleshooting

Relational flow maps

NAT stitching

Custom dashboards

Custom reports

Automated blocking, remediation or rate limiting

Top N reports for applications, services, ports, protocols, hosts, peers and conversations

Traffic composition breakdown

Customizable user interface based on Point-of-ViewTM technology

Support for multi-gigabit and large-scale MPLS network environments

Advanced flow visualization

Massive scalability

Combined internal and external monitoring

Capacity planning and historical traffic trending

WAN optimization reporting*

DSCP bandwidth utilization

Worm propagation visualization

Internal security for high-speed networks

*Limited functionality with sFlow

StealthWatch FlowCollectorVirtual Edition (VE)

UDP Director

vSphere with StealthWatch FlowSensor VE

StealthWatch FlowSensorNetFlow,

Syslog, SNMP

NetFlow/sFlow

NetFlow/sFlow + Application Information+ Packet-Level Metrics

Syslog, SNMP

LegacyTra�c Analysis

Software

NetFlow-enabled Routers, Switches,

Firewalls

StealthWatch FlowCollector

or

or

StealthWatch Management

Console

StealthWatch Management

Console Virtual Edition (VE)

StealthWatch IDentity

Cisco ISE

User and Device Information

www.lancope.com 5

sales@lancope.com

LEARN MORE. REQUEST A DEMO.

© 2015 Lancope, Inc. Lancope, StealthWatch, and other trademarks are registered or unregistered trademarks of Lancope, Inc. All other trademarks are properties of their respective owners. | DS-v6.7-r03-04012015

tealthWatch Management Console SpecificatioSMC 500 and 1010* SMC 2010*

Network Management Port — 1; 10/100/1000 Copper

Database Capacity 1 TB (RAID-6 Redundant) 2 TB (RAID-6 Redundant)

Hardware Platform R630

Hardware Generation 13G

Rack Units (Mountable) 1U

PowerRedundant 750W AC, 50/60 Hz

Auto Ranging (100V to 240V)

Heat Dissipation 2,891 BTU per hour maximum

Dimensions

Height: 1.68 in. (4.3 cm)

Width: 17.08 in. (43.4 cm)

Depth: 27.25 in. (69.2 cm)

Weight 41 lb (18.6 kg)

Rails Sliding Ready Rails with Cable Management Arm

Regulatory

• FCC (U.S. only) Class A• DOC (Canada) Class A• CE Mark (EN55022 Class A, EN55024, EN61000-3-2, EN 61000-3-3, EN60950)

• VCCI Class A

• UL 1950• CSA 950

*StealthWatch System v6.7 specifications. **The maximum fps can change depending on varying network conditions.

SMC Virtual Edition (VE)The SMC Virtual Edition (VE) is designed to perform the same function as the appliance edition, but in a VMware environment. The SMC VE Minimum Resource Requirements table shows the minimum resource requirements for the SMC VE to operate based on the number of FlowCollectors sending it data. However, the SMC VE scales dynamically according to the resources allocated to it. Therefore, for the SMC VE to operate effectively, be sure to allocate resources so that they are reserved for the SMC VE and not shared with any other virtual machine.

FlowCollectors Concurrent Users

ReservedMemory Storage

1 Up to 2 4 GB 2

Up to 3 Up to 5 8 GB 3

Up to 5 Up to 10 16 GB 4

SMC VE Minimum Resource Requirements

Note: If the External Event processing (Syslog) feature is used, then more memory and processing resources will be required.