Anomaly Detection

In today’s environment where threats evolve at Internet speeds, traditional, pattern-based technologies are not sufficient in detecting anomalies that could harm your network. Your business operations and assets are under multiple points of attack from both inside and outside your network.

Leveraging NetFlow and sFlow to cost effectively deliver unified visibility across physical and virtual networks, StealthWatch® Network Behavior Analysis provides detailed views of anomalies to help align security and network operations with the goals of the enterprise.

The StealthWatch Advantage

  • Concern Index™ feature automatically ranks unexpected network activity in terms of severity and risk, which in turn greatly accelerates administrators' ability to isolate and resolve any network performance or security incident
  • Grants network visibility that aids in the detection of anomalies, such as Denial of Service (DoS) and Distributed Denial of Service (DDos) attacks, worms, pre-attack reconnaissance and network misuse
  • Drill-down analysis into alarms, host-level activity and anomalous network behavior enables administrators to quickly prioritize and respond to contain attacks and mitigate network damage
  • Network engineers see router interface statistics, top talkers, and trending reports. Security analysts receive reports detailing policy violations, worm outbreaks and other malware traversing the network
  • Provides a unique, integrated, real-time overview of network usage, network performance and host integrity — with information easily customized for each administrators' individual responsibilities
  • Dramatically reduces the time necessary to diagnose and separate security and network events from each other, and then to generate an appropriate response
  • Protects without requiring signatures— even against zero-day or unknown threats
  • Easily scales for large networks to quickly pinpoint anomalies, internal threats, unauthorized activity and unauthorized devices that evade traditional security — including the ability to connect events to individual devices and users

 

Security Operations