As sophisticated intrusions become more subtle, many administrators are finding that security models built around traditional solutions are increasingly inadequate to protect networks.
An obvious intrusion is bad enough, but undetected intrusions often prove to be more damaging. These intrusions, if discovered at all, are often found long after the incursion or breach, leaving little evidence to indicate what data was taken.
|FRANK J. OHLHORST|
The StealthWatch appliance is available in three models: The M45 1U rackmount, which offers four ports and 45-Mbps capacity; the M250, which scales to 250 Mbps; and the G1, which offers gigabit speeds.
Solution providers can install StealthWatch at the perimeter of an enterprise network and set the appliance to Promiscuous mode. In this mode, StealthWatch analyzes every packet transmitted to and from the Internet. The appliance can also be installed more deeply within the network infrastructure to protect and monitor specific network segments or departments.
Administrators can manage and monitor the unit using a secure browser-based session. The main console displays realtime data and provides a reference to trended data. Administrators will find the interface simple to use and will appreciate having at-a-glance access to information on the network in seconds.
The interface provides exceptional information by basing statistics on normalized traffic. Historical information is used to develop a normalization profile, and any detected exceptions are clearly displayed in the management interface. The console highlights exceptions in red, while traffic that falls within norms is displayed in green.
Data can be broken down and examined at the most minute level, including raw packet data, MAC addresses and sending IP addresses. This capability extends well beyond realtime analysis; the unit can store as much as 30 days of historical information, which allows administrators to quickly assess events and trends over the last 30 days.
Packet data views can be further simplified by defining zones. Those zones can filter traffic down to certain connections, locations or domains. Many businesses find it inefficient to dedicate staff to 24x7 monitoring of network traffic. With that in mind, Lancope has integrated an advanced notification and alarm system into the StealthWatch product. Administrators can define triggers to alert administrators of suspicious activity. The unit can also automatically respond to those alerts and temporarily mitigate the problem until an administrator can respond. Once the data from an intrusion event is analyzed, it can be used to create mitigation scripts to further automate protection.
Another of the product's strong points is the ability for administrators to use it to define access policies. Policies can be set up to block or allow certain types of activity, ranging from acceptable hosts to allowable ports.
Lancope's two-tier channel program has been in existence for 18 months and covers the basics quite well. Lancope offers technical and presales support, NFR products, an end-user evaluation program, co-marketing funding, and technical and sales training. Customized training and support programs are optional.
The program is broken down into reseller and referral partner levels. Catalog or Web-based sales are not permitted by partners. Reseller partners manage the sales process and have technical resources for implementation, while referral partners provide qualified leads to Lancope territory managers. The product's price starts at $9,995, and the average margin is 30 percent.
CHANNEL PROGRAM SNAPSHOTS
DISTRIBUTORS: Direct from vendor
Note: Vendors can earn up to five stars for technical merit and five for their channel program. If the average of these two scores is four stars or greater, the product earns CRN Test Center Recommended status.