New StealthWatch Features Enhance Behaviour-Based Anomaly Detection and Network Performance Monitoring to Benefit Security and Network Operations

Lancope, Inc., the provider of the StealthWatch(TM) System, the most widely used Network Behaviour Analysis (NBA) and response solution, today announced the general availability of StealthWatch System 5.6. The system-wide upgrade includes powerful new features, including Live Alarms(TM), High-Performance Flow Queries, Dynamic Data Aging and Storage Optimisation, Failover Configuration and interoperability with Foundry Networks' IronView Network Manager (INM). These features significantly extend the scalability and value of behaviour-based anomaly detection and network performance monitoring for enterprise organisations.

"Lancope's StealthWatch combines behaviour-based anomaly detection with traffic reporting and network optimisation data. The resulting visibility enables network teams to efficiently manage complex networks without the need for additional hardware and software. StealthWatch can also detect zero-day, targeted, low-slow and unknown attacks which enhances network operations and security as well," said Chris Liebert, a senior analyst for Yankee Group.

"With this release of StealthWatch, the best of breed NBA solution, we are delivering even greater functionality to unify network security and operations," said Harland LaVigne, president and CEO of Lancope. "The delicate balance between business enablement, network availability and security requires a powerful combination of network performance monitoring and behaviour-based anomaly detection. The new features in StealthWatch System 5.6 provide security personnel with more focused, actionable views of risk across the enterprise, assist network planners with more historical data for capacity planning and benefit operations personnel with business continuity assurance."

StealthWatch System 5.6 introduces the following features:

Live Alarms(TM)

The ability to view only Live Alarms (the active network events when an administrator accesses StealthWatch) provides time-saving direction that focuses on the most critical incidents impacting the network, and enables security and network administrators to perform root cause analysis. Alarms that are no longer cause for immediate concern remain available for detailed historical analysis within the Alarm Manager.

High-Performance Flow Queries

With greatly accelerated query-response time, StealthWatch System 5.6 provides immediate access to current and historical network flows. Administrators can rapidly query all IP network transactions that have occurred for a suspicious IP or network service, minimising incident investigation time and maximising staff productivity. From any graph or table within StealthWatch, administrators can use the context-sensitive "Associated Flows" option to summon the specific flow records that triggered an alarm, alert or graph element. Billions of flows, which can be stored across 25 distributed StealthWatch flow collectors, are available for immediate recall using StealthWatch's high-speed flow indexing system.

Dynamic Data Aging and Storage Optimisation

StealthWatch System 5.6 displays different types of network traffic and network security data as well as how much storage each type consumes. Security and network administrators can optimise the inventory to devote more storage to the most meaningful data. Administrators can now specify how long and in what interval--whether by minute, hour or day, and for weeks, months or years--to store individual data types, such as zone data or interface traffic statistics. The ability to "age" data and specify the required level of granularity gives administrators greater control over and access to critical network intelligence. With historical reference to network activity, administrators can more easily perform network trending analysis over months and years to aid capacity planning.

Source