StealthWatch Sneaks Out With New Features

Lancope's popular StealthWatch product has been on the market for a few years and currently ships as version 4.0. But solution providers will be excited to learn that Lancope is set to release StealthWatch version 5.

CRN Test Center engineers evaluated a late beta of the product and discovered new features that enhance network security and empower Lancope's channel. While the older version of StealthWatch did an adequate job of monitoring networks and offered the ability to drill down to specific network events, many administrators found the user interface slow and difficult to work with. Lancope took those complaints to heart and set out to improve the UI. Those improvements are most welcome and evident in the latest version of the product.

To get the most out of StealthWatch, solution providers will first need a basic understanding of where the device fits into a network and what it accomplishes. Simply put, StealthWatch is a combination of software and hardware that monitors all network traffic to create baselines. These baselines are then compared against new traffic to discover anomalies.

Installation is straightforward and can be accomplished in a matter of minutes. The device's management software is also easy to set up and manage. The software is a Java application that runs securely in almost any browser. For StealthWatch to work effectively, solution providers should deploy the appliance and allow it to gather network data for several days to build accurate baselines.

The management console allows administrators to divide the network into an hierarchy, which can be segmented into domains and zones. The ability to create virtual subnets based upon ranges of IP addresses adds flexibility and allows administrators to quickly retune the device for specific departmental needs.

Once deployed, StealthWatch continuously monitors and identifies network traffic trends. The product's intuitive interface allows administrators to quickly identify anomalies using comprehensive graphic representations and also allows users to drill down to the specific activities creating the traffic anomalies. Much of this process can be automated by defining scripts that are triggered when certain events exceed predefined thresholds. All critical notifications are instantly relayed to an assigned administrator, and triggers can launch scripts that can instruct other security devices to combat security threats and/or unwelcome traffic.

StealthWatch, with pricing that starts at $9,995, extends well beyond realtime monitoring. A powerful reporting engine and integrated database allow administrators to map out trends, create snapshots of particular events or generate comprehensive reports for executive management. Lancope could further improve the product by adding automated report generation and e-mail delivery capabilities.

Moreover, StealthWatch creates ample opportunity for solution providers, especially in light of the newest legislative requirements and the frequency with which enterprise networks are coming under attack. While standard technologies such as virus scans, content-filtering and firewall appliances, spyware blockers and pop-up blockers are still used to combat attacks, many enterprises are turning to the law to prosecute intruders. To that end, StealthWatch's ability to provide forensic data could prove to be a valuable ally in the courtroom.

Other features include the ability to trend traffic, plan for traffic increases, detect unauthorized network applications and quickly identify virus outbreaks or worm attacks. StealthWatch 5.0 will be available in June 2005 to Lancope's authorized partners.

Lancope's channel program separates partners into Reseller and Referral tiers. Referral partners pursue leads and provide customers to Lancope, receiving a fee for this service. Reseller partners actively market StealthWatch, offer first line of support to customers and can close more deals. Lancope offers all partners access to sales, technical and marketing support through the company's dedicated partner Web site. Reseller partners also have access to Lancope sales managers and security engineers. Technical support is provided by phone from 8:30 a.m. to 6 p.m. EST via a toll-free number. Average solution provider margins are between 25 percent and 30 percent.