NetFlow-based StealthWatch by Lancope Rapidly Detects Malware and Responds to Escalating Worm Attacks

December 7, 2009

ATLANTA, Dec. 7 /PRNewswire/ — Lancope®, Inc., the provider of the StealthWatch® System, the Best in NetFlow(TM) Analysis (http://www.lancope.com/news/08052008.aspx) and the leader in flow-based network performance and security monitoring for unified visibility across physical and virtual networks, today announced that StealthWatch provides rapid malware detection and response to increasing worm attacks on enterprise networks seen in the first half of 2009. By analyzing flow data from the network infrastructure, StealthWatch continuously monitors network behavior, detects malware and isolates known and unknown threats — including the worms, which are now the second most prevalent threat facing enterprise networks. Far beyond the capabilities of traditional network security technologies, StealthWatch delivers actionable network intelligence to reduce total network and security management costs.

According to the recently released Microsoft Security Intelligence Report Volume 7 (SIRv7) (http://www.informationweek.com/news/global-cio/security/showArticle.jhtml?articleID=221400323), the number of worm infections in enterprise environments–those running Forefront Client Security–doubled from the last half of 2008 through the first half of 2009(1). Microsoft’s report is based on data collected from more than 450 million Windows PCs worldwide from January to June 2009. With worms as the second most common threat behind Trojans, organizations can rely on StealthWatch’s scalable, flow-based monitoring for immediate detection of and response to worms that often bypass traditional security defenses.

In addition, the Aberdeen Group noted in its recent research brief Network Behavior Analysis: Protecting by Predicting and Preventing (November 2009) that NBA solutions have helped top-performing organizations on average reduce the number of malware infections by over 90 percent and improve the efficiency of response and remediation by more than 40 percent(2). Validating these metrics, a former director of security services at Dartmouth College previously stated, “Immediately upon deployment, StealthWatch uncovered 400 misbehaving hosts and helped reduce network threats by 90 percent. Email worms, which used to propagate quickly, are now immediately stopped with StealthWatch. New attacks, for which no signatures exist, now fail to gain a foothold unlike before.”

“Behavioral analysis from StealthWatch is a critical weapon in detecting anomalies and preventing the spread of worms across internal networks,” said Harland LaVigne, president and CEO of Lancope. “Because StealthWatch is flow-based, it does not require signature updates to detect malware such as worms, botnets, anomalies and other threats. Unlike expensive host-based devices, which can take hours to update against new worms, our customers rely on StealthWatch to continuously monitor and proactively protect their networks.”

StealthWatch is the first and only flow-based solution to combine network performance monitoring with real-time behavior-based anomaly detection. As a result, enterprises gain network visibility along with improved security and performance. Unlike traditional perimeter-based security technologies that require probes, agents and continuous signature updates, StealthWatch patented

flow-based technology leverages flow information from existing routers and switches to lower the cost of monitoring and protecting the network. StealthWatch stops worms and worm variants that IDS/IPS devices routinely miss–without requiring attack signatures, without creating performance bottlenecks on internal network segments and without the need for intricate policy coordination across dozens of IDS/IPS devices.

About Lancope

Lancope®, Inc. is the leader in NetFlow Analysis and the provider of the StealthWatch® System for flow-based network performance and security monitoring. Delivering unified visibility across physical and virtual networks, StealthWatch eliminates network blind spots and reduces total network and security management costs. Both OPSEC and Common Criteria-certified, StealthWatch monitors the networks of Global 2000 organizations, academic institutions and government entities worldwide. Lancope also partners with fellow best-of-breed solution providers through its Technology Alliance Program, which includes Cisco Systems, Brocade, Blue Coat, VMware, IBM Tivoli, Check Point, TippingPoint, ArcSight and A10 Networks. Lancope is a privately held, venture-backed company headquartered in Atlanta, Georgia. For more information, visit www.lancope.com.

©2009 Lancope, Inc. All rights reserved. Lancope, StealthWatch, and other trademarks are registered or unregistered trademarks of Lancope, Inc. All other trademarks are properties of their respective owners. StealthWatch is covered by U.S. Patent Nos. 7,290,283; 7,185,368; 7,475,426 and other U.S. and foreign patents pending.

Available Topic Expert(s): For information on the listed expert(s), click appropriate link.

Adam Powers


Jason Anderson


1 “Worms Invade Corporate Computers, Microsoft Finds,” Thomas Claburn, Information Week; Nov. 2, 2009; http://www.informationweek.com/news/global-cio/security/showArticle.jhtml?articleID=221400323

2 “Network Behavior Analysis: Protecting by Predicting and Preventing,” Aberdeen Group; Nov, 2009; http://www.aberdeen.com/launch/report/research_briefs/6421-RB-network-behavior-analysis.asp

SOURCE Lancope, Inc.

Source: newswire

comments powered by Disqus