What's New in StealthWatch v6.5

Uploaded on

Lancope’s latest release includes an intuitive Web interface and sophisticated alarming capabilities for enhanced usability, security analytics and early threat detection. The new version further …

Lancope’s latest release includes an intuitive Web interface and sophisticated alarming capabilities for enhanced usability, security analytics and early threat detection. The new version further improves incident response and network forensics for fending off today’s advanced attacks. Specific new features include:
• The Operational Network & Security Intelligence (ONSI) dashboard, which keeps track of the attacker’s “kill chain,” providing administrators with awareness of how far attacks are progressing within their networks.
• New “data hoarding” alarms that detect attackers who are moving stolen data around within internal networks or preparing it for exfiltration.
• StealthWatch Labs Security Updates that provide constantly updated, automated security capabilities in the StealthWatch System to detect the latest threats.
• User-defined Threat Criteria, which enable administrators to monitor their networks for targeted attack activity based on specific threat intelligence.

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. What’s new in StealthWatch 6.5 April, 2014 1© 2013 Lancope, Inc.   All rights reserved. 
  • 2. • Your Presenters Scott Block Product Marketing Matt Robertson Technical Marketing Engineer  • Agenda – Technical overview of StealthWatch 6.5 – Q & A Session – Any Follow Up Activities • Quick Hits – It represents a major advances in functionality  – Current users are experiencing excellent results What’s New in StealthWatch 6.5 – Introduction
  • 3. 3© 2013 Lancope, Inc.   All rights reserved.  What drives StealthWatch
  • 4. StealthWatch Solution Vision Decide Act Observe Orient Meaning Knowledge Data Context • Flow data • Logs • Packets • Etc…. • Intelligence • Application • User • Etc… Collect Store Correlate Synthesize Analyze Turning Data into KnowledgeTurning Data into Knowledge
  • 5. 5© 2013 Lancope, Inc.   All rights reserved.  StealthWatch 6.5 is a SIGNIFICANT Release 
  • 6. • New Security Features – Operational Network & Security Intelligence  (ONSI) for faster, more effective  troubleshooting  – StealthWatch Labs Security Updates for  enhanced protection  – User Defined Threat Criteria (UDTC) for  more collaborative threat defense  • Flow Enhancements – Enhanced quick view shows most important  details at a glance – Save key flow queries and results through  flow query management StealthWatch 6.5 – At a Glance • Improved User Experience – Introduction of some operational elements of a  new Web UI optimized for Security Analysis • FlowSensor 4000 – NetFlow generation for 10 GE environments – Application identification • Palo Alto Networks Integration – Added application and identity awareness • REST API – make flow information easily accessible
  • 7. Attack Lifecycle Model  Exploratory  Actions Footprint  Expansion Execution Theft Disruption Staging Initial  Compromise Initial  Recon Initial  Recon Infiltration (C&C)
  • 8. 8© 2013 Lancope, Inc.   All rights reserved.  All new, Intuitive Web Interface Operational Network and  Security Intelligence  Dashboard
  • 9. New High‐Level Alarm Categories  Exfiltration: Indicates a host that have been transferring an  abnormal amount of data (EXI points) Command and Control: Indicates the existence of bot infected  server or hosts in your network attempting to or successfully  communicating with a C&C server (C&C points) Policy Violation: The subject is exhibiting behaviour that  violates normal network policies (PVI points) Concern Index: Tracks hosts that appear to be  compromising network integrity (CI points) Target Index: Tracks hosts that appear to be victims of the  suspicious behaviour of other hosts (TI points)
  • 10. 10 Alarm Colors Blue Yellow Orange Red No security event Some security events; baseline not  deviated (<1x) – slightly suspicious  Many security events; baseline is deviated  (1x>2x) – very suspicious Significant security events; baseline significantly deviated  (>2x) – extremely suspicious OR Known Bad has occurred 
  • 11. 11© 2013 Lancope, Inc.   All rights reserved.  User Defined Threat Criteria Time &  Duration conditions Object  conditions Peer  conditions Connection  conditions
  • 12. 12© 2013 Lancope, Inc.   All rights reserved.  Dynamic Flow Analysis Subject conditions conditions Peer  conditions Connection details Multiple Includes  & Excludes  conditions
  • 13. 13© 2013 Lancope, Inc.   All rights reserved.  Flow Analysis Features Save results & Save query Optimizing flow  investigations Faceted Filtering allows  extremely fast traversal  of flow results Flow summary provides  quick view of flow  including directionality  Tab view  exposes  all flow  data for  ease of  export
  • 14. 14© 2013 Lancope, Inc.   All rights reserved.  Enhanced Quick View of Flow Data Who WhoWhat More Details When How URL Details
  • 15. 15© 2013 Lancope, Inc.   All rights reserved.  Context Enriched Data Visualization Alarms Users Activity &  Applications Integration with Palo Alto Networks Firewalls for added application & identity awarenessIntegration with Palo Alto Networks Firewalls for added application & identity awareness
  • 16. 16© 2013 Lancope, Inc.   All rights reserved.  New from StealthWatch Labs
  • 17. 17© 2013 Lancope, Inc.   All rights reserved.  New Security Events Suspect Data Hoarding Target Data Hoarding • Detects systems that have downloaded an unusually  large amount of data from other inside hosts • Contributes to EXI points • Alarming status is disabled by default • Detects systems that have unusually large amounts of  data downloaded from them • Contributes to EXI points • Alarming status is disabled by default
  • 18. 18© 2013 Lancope, Inc.   All rights reserved.  Suspect Data Hoarding Unusually large amount of data  inbound from other hosts Default Policy
  • 19. 19© 2013 Lancope, Inc.   All rights reserved.  Target Data Hoarding Unusually large amount of data  outbound from a host to multiple hosts Default Policy
  • 20. 20© 2013 Lancope, Inc.   All rights reserved.  StealthWatch Labs Security Updates
  • 21. 21© 2013 Lancope, Inc.   All rights reserved.  StealthWatch FlowSensor 4000 NetFlow generation in 10 GE environments
  • 22. THANK  YOU 22© 2013 Lancope, Inc.   All rights reserved. 
  • 23. http://www.lancope.com @Lancope (company) @netflowninjas (company blog) https://www.facebook.com/Lancope http://www.linkedin.com/groups/NetFlow‐Ninjas‐2261596/about https://plus.google.com/u/0/103996520487697388791/posts http://feeds.feedburner.com/NetflowNinjas 23© 2013 Lancope, Inc.   All rights reserved.