Lancope has announced the launch of the next version of its StealthWatch technology to add application awareness.
According to the company, StealthWatch 6.0 now leverages NetFlow and other flow data to deliver end-to-end network visibility and greater forensic intelligence. It said that StealthWatch can analyse up to 1.5 million flows per second and by combining network and security capabilities into a single, unified platform and leveraging an organisation's existing infrastructure, the system eliminates network blind spots.
Speaking to SC Magazine, Lancope CTO Adam Powers said that this was the first major release for three years and it now had the capability to read packet contents regardless of the port number.
He said: “The router will read it in and see that instant messenger is running over the port and this uses Layer 7 to create a policy and help detect the applications that are trying to circumvent the layer control system. People are reliant on Ajax or HTTP, this gives the customer the ability to read Port 80 traffic and further dissect it. There is a lot of analysis on Port 80, so this gives deeper visibility into the web traffic.
“If your internet pipe is full you want to know why. Palo Alto says that you cannot trust the port number and that you have to protect at Layer 7 and we agree, you should inspect all traffic via HTTP and this will show all activity. It is an identity awareness thing, who can have access to what.”
Lancope said that the other key capabilities in StealthWatch 6.0 include: relational flow mapping to provide real-time graphical views of network traffic; grouping of related hosts to analyse traffic and the ability to quickly detect anomalies and assess performance; and advanced reporting capabilities to enable users to retrieve the exact and detailed information they need.