1 / 24

Lancope StealthWatch Technology

Security Through Network Intelligence www.lancope.com. Lancope StealthWatch Technology. 3 years focused research in flow-based network and security technologies. StealthWatch evolved from research conducted by Dr. John Copeland at Georgia Tech Based in Atlanta, GA

alyn
Download Presentation

Lancope StealthWatch Technology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Through Network Intelligence www.lancope.com Lancope StealthWatch Technology

  2. 3 years focused research in flow-based network and security technologies. • StealthWatch evolved from research conducted by Dr. John Copeland at Georgia Tech • Based in Atlanta, GA • Flagship product: StealthWatch -Real time attacks inside your network (Not signature based) -Mitigation and documentation of real time attacks -Forensic short and long term About Lancope

  3. Easy to deploy 1/3rd to 1/2 the cost of other solution Shows the performance and risks of your Enterprise NOC and SOC in real time. Not Signature based Not perimeter based Not multilayer steps to get results StealthWatch is Best at: Discovering Prioritizing Mitigating Real time worms, viruses and exploits in your Internal Network StealthWatch gives you Network Optimization and Threat Management for your Enterprise NOC and SOC Why Stealth Watch vs. other technology for your internal Network? Why Stealth Watch vs. other technology for your internal Network

  4. Internal Breaches: Bandwidth consumption, Policy Violations, Trojans, Zero Day Attacks, Application Misuse and others have caused: Service and System Interruptions Data Loss Intellectual Property Theft Major loss in Company credibility Huge Financial Losses The growth in Internal Attacks in a survey of 600 North American Companies and Western Europe: 2003 up 30% 2004 up 50% 2005 could be up 75% t Internal Attacks on the rise!The trend has been moving away from external to internal security” (Security Analysts)Wall Street Journal June 2005

  5. Organizations should establish a trusted behavior baseline for each machine on the network. • Look for changes in current foot print behavior. • If these procedures are implemented effectively they can detect and protect systems against new malicious code, worms and other Internal Breaches. (US Secret Service and Gov. Cert May 2005) How to protect your environment from Internal attacks? How to protect your environment from Internal attacks?

  6. 140+ Existing Customers…

  7. - CVE Contains 7819 Vulnerabilities (Feb, 2005) - Most Signature Vendors block on about 150 sigs - That’s 2% • What about the other 98%? Too Many Attack Vectors

  8. “Given the widespread use of automated attack tools, attacks against Internet-connected systems have become so commonplace that counts of the number of incidents reported provide little information with regard to assessing the scope and impact of attacks. Therefore, as of 2004, we will no longer publish the number of incidents reported.” - CERT Attack frequency increases… …while discovery-to-exploit window decreases. Signatures Can’t Keep Up

  9. “Flows” provide total visibility across a wide network range by collecting data from routers in varying locations. This gives Stealth Watch total supervision over the network and provides an ability to track behavior throughout the network, from start to end. NetFlow provides “Mountaintop visibility”

  10. Number of concurrent flows Packets per sec Bits per second New flows created Number of SYNs sent Time of day Number of SYNs received Rate of connection resets Duration of the flow <Many others> Analyze Flows… Establish baseline… Alarm on changes in behavior… BEHAVIOR RATHER THAN SIGNATURES

  11. Cisco Native Ethernet SPAN LAN/WAN NetFlow Signatures SIM/SEM ArcSight Guarded ISS Snort Etc. BEHAVIOR-BASED FLOW ANALYSIS Powerful audit, compliance reporting, and forensic capabilities Streamline and shorten resolution time Provides visibility into “most significant” network behaviors Cost-effective, extended enterprise-wide protection and control STEALTHWATCH: BEHAVIOR-BASED FLOW ANALYSIS

  12. INFRASTRUCTURE IPS

  13. Firewalls Forensics

  14. STM FeaturesSupported Security Devices IDS IPS

  15. M250 Designed for fast Ethernet networks G1 Designed for networks with speeds up to one gigabit per second. M45 Designed for DS3 links or underutilized fast Ethernet connections Xe-1000 Midrange StealthWatch NetFlow Collector Xe-500 Entry-level StealthWatch NetFlow Collector Xe-2000 High-end StealthWatch NetFlow Collector. SMCCollects and Manages multiple StealthWatch and StealthWatch Xe appliances. (StealthWatch Rack Mountable 1U Appliance) StealthWatch Product Line

  16. Deployment: How do we collect flows?

  17. 1 StealthWatch Xe Required 12 IDP/IPS Sensors Required StealthWatch Xe: Monitor Remote Locations

  18. Inline IPS Inline IPS Inline IPS Inline IPS 8 Inline IPS @ $64,995:$519,960 1 Netflow-based Xe-2000:<$50,000 Inline IPS Overcome complex deployments and cost

  19. Concern Index PRE-EXISTING CONDITIONS ARE DETECTED

  20. FLOW VISUALIZATION

  21. StealthWatch Solution • StealthWatch is a fast, accurate and cost-effective solution that immediately detects malicious or unauthorized network activity, including new and otherwise unidentifiable threats. As a network-based system, StealthWatch overcomes the cost and complexity of deploying and maintaining signature- or host-based systems. With StealthWatch, organizations can now identify and resolve network exposures, such as new, misconfigured or unauthorized devices and applications. These threats, which include rogue servers and P2P file sharing applications, result in 65% of network risks, according to a Gartner estimate. When unpreventable network events or host infections occur, StealthWatch detects and contains the incident while delivering critical insight that accelerates resolution and minimizes damage. StealthWatch Solution

  22. Network Security Problems Addressed Problems Solved

  23. Next Steps for your Company and Lancope • NDA • Evaluation • References Next Steps for your Company and Lancope

More Related