Presentation is loading. Please wait.

Presentation is loading. Please wait.

StealthWatch: Network Visibility & Security Intelligence BATTLE CARD

Published byShannon Atkinson Modified over 6 years ago

Similar presentations

Presentation on theme: "StealthWatch: Network Visibility & Security Intelligence BATTLE CARD"— Presentation transcript:

1 StealthWatch: Network Visibility & Security Intelligence BATTLE CARD
“How do I know if my network is compromised?” “How do I lower my TCO for Threat Management?” “How do I know who is doing what/when on the internal & virtual network?” “How do I improve how we detect and respond to active attacks?” “How do I improve my enterprise risk posture?” “How do I protect against threats from Mobile Devices?” What It Is Customer Benefits Questions To Ask To Initiate The Sale Lancope's StealthWatch® System helps organizations quickly detect a wide range of attacks from APTs and DDoS to zero-day malware and insider threats. It accelerates incident response, improves forensic investigations and reduces enterprise risk. StealthWatch’s security capabilities are continuously enhanced with threat intelligence from the StealthWatch Labs research team. How important is security to your organization? Explain how you detect and respond to active attacks? How quickly? How do you know what devices and hosts on your network are already infected? How do you determine which information, systems, or individuals could be targeted in an advanced attack? Does your current solution provide the same level of security as it does visibility? (SW offers both) How do you assess the scope and magnitude of a compromise? Describe your visibility into historical, end-user activity when launching a security investigation. Did you know there is a solution that can address BYOD, Continuous Monitoring, Data Loss and other challenges using your existing network equipment? Continuous monitoring and situational awareness for internal networks Quickly detects stealthy, zero-day attacks that bypass traditional defenses and identifies affected hosts Quickly pinpoints source of insider misuse and abuse Single pane of glass for troubleshooting, incident response and forensics Audits firewall rules and detects policy violations to help demonstrate compliance Cost-effectively leverages flow telemetry from edge, access and core across physical and virtual networks Eliminates network blind spots and reduces total network and security management costs Value Proposition, Key Points Pervasive visibility and security intelligence across the internal network: With advanced security intelligence, SW finds the “needle in a haystack” and identifies security and performance issues before they impact operations. Detect and resolve advanced threats: Through sophisticated behavioral analysis and security context, SW can quickly detect both internal and external threats, helping to address advanced, targeted attacks and other issues such as botnets, DDoS and insider threats. Accelerate incident response and troubleshooting: SW dramatically accelerates Mean-Time-to-Know (MTTK) to uncover root cause, manage security incidents, restore performance and combat advanced cyber threats faster than ever. Mitigate operational and enterprise risk: SW delivers unparalleled levels of visibility, accountability and measurability to enhance security posture, reduce risk, improve compliance and ensure network availability. Adjacent Technologies SIEM tools can process some NetFlow to help supplement log-based analysis tools, but offers limited anomaly detection, if any. IPS/IDS tools only see traffic that crosses the perimeter and lack visibility into traffic that stays internal to the network. PCAP/Forensics tools capture, store and analyze the full packet, are triggered by policy violations; Flows provide continuous network monitoring and auditing, whereas logs provide additional context for an investigation. NPM tools analyze NetFlow primarily for performance, availability and traffic analysis, but lack behaviour-based anomaly detection and security capabilities. Challenges StealthWatch Resolves Insider Threats Zero-day Malware APTs DDoS BYOD Policy violations Performance bottlenecks Continuous monitoring Audit & compliance Network Visibility & Security Context Lancope Confidential ©2013 V 3.2 INTL

2 StealthWatch: Network Visibility & Security Intelligence BATTLE CARD
Top Customer Objections Massively Scalable StealthWatch Architecture Objection: We already have tools in place to address those issues. Answer: FW, AV, and traditional IPS/IDS play a role in defense-in-depth. StealthWatch adds functionality through a behavioral approach that detects APTs, zero-day attacks and insider threats that bypass signature-based devices. SIEMs lack the situational awareness of security events that StealthWatch provides. Objection: Flow data is not reliable enough for my network. NetFlow cannot scale to meet my network needs. Answer: StealthWatch leverages NetFlow from routers/switches (without requiring probes or network downtime to install) to provide a continuous and pervasive network surveillance system for end-to-end visibility. Objection: I’m already doing flow monitoring today. Answer: Can your NetFlow tool provide more than basic flow visibility for networking staff? StealthWatch delivers commodity, NetFlow-based performance monitoring features, differentiated by innovative security intelligence to detect APTs, botnets, malware, DDoS, data exfiltration, insider threats and policy violations. Objection: I don’t have any current budget or projects. Answer: How would you prioritize this level of visibility for your security strategy? Do you have any data center consolidation or infrastructure refreshes planned? Do you have OpEx for a service? Competition Success Story Proof Points Cascade/Riverbed: Focus is on WAN optimization. Low capacity, flows per minute, lacks security features (Internal Host Reputation, ISE integration, NAT Stitching, additional threat context, e.g. SLIC). Be aware: RB has always-on packet capture and VXLan integration. Arbor: Focus is on DDoS Mitigation. Pravail has only been available since Oct Pravail is Peakflow X rebranded. Collectors are lower in capacity, as is management. No NAT Stitching. Be aware: Arbor is attractive to customers concerned with stopping DDoS and could use existing relationships to bring in Pravail. IBM/Q1 Labs: More akin to a SIEM than a true security tool. Flow collectors are low capacity, between 10K-20Kfps. Scaling to meet the needs of the enterprise would be costly. “StealthWatch has allowed us to…..isolate network-based threats quickly and with confidence.” Sherman Lofton, Security Manager, Turner Broadcasting System, Inc. “Lancope enables our team to detect and respond quickly to security incidents as they occur.” Jeff DeLong, Security Architect, Westinghouse “We were quickly able to get [bot-infected] machines off the network that had been sitting there and scanning for months.” Todd Ferris, Director of Informatics Services, Stanford University's School of Medicine “Lancope’s anomaly-based protection has been instrumental in identifying both internal and external security threats.” M. Smith, Engineer, United Auto Insurance Group Network Visibility & Security Context Lancope Confidential ©2013 V 3.2 INTL

Download ppt "StealthWatch: Network Visibility & Security Intelligence BATTLE CARD"

Similar presentations

The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Boost your network security with NETASQ Vulnerability Manager.

Boost your network security with NETASQ Vulnerability Manager.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.

1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
© 2004-2014. Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.

© Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
1 Panda Malware Radar Discovering hidden threats Channel Presentation Name Date.

1 Panda Malware Radar Discovering hidden threats Channel Presentation Name Date.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.

1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.

Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Network security Product Group 2 McAfee Network Security Platform.

Network security Product Group 2 McAfee Network Security Platform.
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.

Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.

Similar presentations

Ads by Google