PacketWatch extends value of Lancope StealthWatch® System for context-aware security analytics and advanced cyber threat defense
Lancope, Inc., a leader in network visibility and security intelligence, is unveiling its new PacketWatch™ solution for intelligent packet capture this week at Infosecurity Europe 2015. With the PacketWatch solution, large enterprises can obtain deeper network visibility and more granular security context for streamlined incident response and forensics – at a fraction of the cost of full packet capture.
“Full packet capture solutions create massive volumes of data, making it difficult and costly to store all of the information, and also challenging to find relevant security details amidst a deluge of innocuous traffic,” said Kerry Armistead, vice president of product management for Lancope. “PacketWatch alleviates these challenges by enabling organizations to conduct intelligent packet capture for select areas of the network where an issue is suspected – dramatically reducing storage requirements and costs while making it easier to extract actionable data for fending off sophisticated cyber-attacks.”
When collected and analyzed with an advanced security analytics platform like Lancope’s StealthWatch®System, NetFlow and other types of network telemetry provide critical metadata for detecting dangerous cyber threats. However, there are instances when security and forensic analysts may want to obtain additional insight by analyzing the corresponding packets from anomalous network conversations.
The StealthWatch System for flow-based monitoring combined with PacketWatch for intelligent packet capture provides an ideal solution for obtaining comprehensive levels of network and security insight. With the PacketWatch solution, packets can be collected and stored for finite network segments and periods of time, and analyzed to gain added threat intelligence for detecting and investigating specific network and security issues.
Network Visibility from Lateral Movement to Packet-Level Inspection
By conducting flow-based monitoring with Lancope’s StealthWatch System, operators can detect lateral (East-West) movement on the network to quickly identify suspicious behaviors associated with highly sophisticated threats that have already penetrated the network. Once an indicator of compromise has been identified, the operator can then easily and seamlessly pivot to PacketWatch right from the StealthWatch Management Console (SMC) to obtain additional insight.
Lancope’s PacketWatch reduces the cost of ownership for packet capture by allowing users to trigger searches based on alarms generated in the StealthWatch System. This targeted approach enables organizations to store only packets of interest, reducing storage costs while providing a more detailed, context-rich record of what happened on the network.
“PacketWatch for the StealthWatch System provides the best of both worlds,” added Armistead. “The pervasive visibility and security context provided by NetFlow is combined with a more precise and cost-effective means of obtaining packet-level data to further investigate a specific issue when necessary.”
Availability
Lancope PacketWatch will be available in the second half of 2015 as part of the StealthWatch System 6.8 release.* Lancope is showcasing the solution this week at Infosecurity Europe Stand F20. Those interested should stop by the stand for a demonstration or contact [email protected] for further details. Additional information on the PacketWatch solution can be found here.
About Lancope
Lancope, Inc. is a leading provider of network visibility and security intelligence to protect enterprises against today’s top threats. By analyzing NetFlow, IPFIX and other types of network telemetry, Lancope’s StealthWatch® System delivers Context-Aware Security Analytics to quickly detect a wide range of attacks from APTs and DDoS to zero-day malware and insider threats. Combining continuous lateral monitoring across enterprise networks with user, device and application awareness, Lancope accelerates incident response, improves forensic investigations and reduces enterprise risk. For more information, visit www.lancope.com.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.