Lancope last month announced an updated version of its flagship product suite that the company says can now more deeply inspect application and Cisco router traffic for potential worms, viruses and malicious behavior on internal networks.
The company’s StealthWatch suite of traffic analysis appliances has been upgraded to manage more security devices, to process NetFlow data from Cisco routers, and inspect traffic for application-specific policies such as port usage. By monitoring traffic flows and inspecting packets across a network, this type of network-anomaly behavior detection tool from Lancope, Arbor Networks and Q1 Labs attempts to provide an early warning to network managers.
Burton Group analyst Trent Henry says Lancope’s product provides additional insight into security issues that could have sneaked by perimeter tools such as firewalls and intrusion-detection systems (IDS) or intrusion-prevention systems (IPS). According to a Forrester Research survey of 190 IT shops, 58 per cent of companies this year will invest in network firewalls, 43 per cent will invest in gateway anti-virus, and 35 per cent will invest in network-based IDS or IPS. The same survey also found IT managers more concerned over internal security problems.
Henry says Lancope and its competitors could gain traction among enterprises looking to more quickly lock down internal threats.
“Network-anomaly detection is used to some extent by IDS and IPS systems for known vulnerabilities, but Lancope goes a bit further by providing visualization across the entire network,” he says. “Anomaly-detection tools monitor normal vs. potential bad behavior, but they are also like (security information management) products in that they provide event management and correlation to other systems to more quickly pinpoint the problem.”
Lancope packages its StealthWatch 5 software on appliances that are distributed across a network, near a core switch or data centre router. Upon installation, it performs a benchmark of normal traffic behavior and continuously monitors for changes. The product does not sit in line of network traffic, but passively monitors conversations between hosts and clients. Administrators can tap into the appliances via a Web-based interface or use the management console to configure, monitor and generate reports from multiple distributed appliances.
Lancope’s StealthWatch 5 is expected to ship in June. Pricing for a stand-alone appliance starts at US$10,000 and scales up to US$500,000 for a typical deployment.