NERC

Lancope's StealthWatch System® is the leading Network Behavior Analysis solution worldwide. Delivering visibility across physical and virtual networks, StealthWatch eliminates network blind spots and reduces total network and security management costs.

Providing continuous network monitoring, StealthWatch helps demonstrate network-wide compliance for following sections of NERC:

NERC CIP Standard 005, Requirement 2.2 & NERC CIP Standard 007, Requirement 2

StealthWatch helps by:

  • monitoring and profiling all services and ports in use on the network. In this way, StealthWatch
  • confirming which ports and services are necessary for normal business
  • highlighting those ports and services that may have been overlooked
  • profiling and optionally blocks unnecessary ports and services
  • verifying firewall policy configurations by quickly identifying traffic that’s out of compliance
  • optionally mitigating violations to firewall configuration policy

**************************************************************

NERC CIP Standard 007, Requirement 4

StealthWatch helps by:

  • detecting compromised hosts based on how that host is behaving regardless of signature availability. When traditional IDS/IPS fails, StealthWatch fills the gap to detect zero day attacks that bypass perimeter defenses, including walk-in worms and internal misuse and abuse.
    • This also meets PNM requirement 2.1.1

***************************************************************

NERC CIP Standard 007, Requirement 5

StealthWatch helps by:

  • determining when user accounts are active and what they did during this activity
  • tying the offending IP address to the actual person using that IP, enabling much quicker resolution of both network and security issues
  • alarming on unauthorized access conditions where hosts access disallowed hosts or utilize disallowed services

**************************************************************

NERC CIP Standard 007, Requirement 6-6.3

StealthWatch helps by:

  • monitoring all host and network activity, collecting and correlating external events from third party devices with relevant hosts and users

  • alarming on conditions related to security incidents beyond malicious activity, but also including suspicious activity such as unauthorized access and out of profile conditions

    • This also meets PNM requirement 2.1.14

Compliance