© 2006 Property of Lancope. Proprietary and Confidential.

Lancope and Emory University: Illuminating (and Securing) the Network

Andy Wilson

Senior Systems Engineer

awilson@lancope.com

© 2007 Property of Lancope. Proprietary and Confidential.

• Copyright Lancope Inc. 2007.• This work is the intellectual property of the author.

Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

© 2007 Property of Lancope. Proprietary and Confidential.

6 years focused research in flow-based(proprietary, NetFlow, sFlow) network security technologies

Based in Atlanta, GA. Holder of 8 Patents.

Founded in 2000 by Dr. John Copeland-Georgia Tech

$24M Venture funding by Canaan Partners, GMG Capital, HIG Ventures and Council Ventures

Experienced Management and Research teams

Flagship product, StealthWatch™, leading enterprise Network Behavior Analysis (NBA) solution

Mature product line (v5.6 – March 2007)

300 customers, protecting 35+ million hosts

About Lancope

IMSP Member

© 2007 Property of Lancope. Proprietary and Confidential.

Benefits of Flow-based Network Behavior Analysis

• Leverage existing flow data: the “Who, What, When,

Where and How” of network traffic– NetFlow – Cisco / Juniper

– sFlow - Foundry / Extreme / ProCurve

– cFlow - Juniper

• By turning all routers and switches into a virtual

surveillance system

• Provides valuable intelligence about:– Network Users and Applications

– Peak Usage Times

– Traffic Routing

– Security and Network Health

© 2007 Property of Lancope. Proprietary and Confidential.

The Solution: StealthWatch

StealthWatch is the flow-based, real-time, single data set for actionable intelligence for Security, Network and IT Operations.

Optimizing Security and Network Operations™

© 2007 Property of Lancope. Proprietary and Confidential.

Behavior Rather than Signatures

Analyze Flows… Establish baseline…

Alarm on changes in behavior…

Number of concurrent flows

Packets per sec

Bits per second

New flows created

Number of SYNs sent

Time of day

Number of SYNs received

Rate of connection resets

Duration of the flow

<Many others>

© 2007 Property of Lancope. Proprietary and Confidential.

StealthWatch: Functional Overview

Collect and Process 130 Unique Flow

Statistics

ApplyOver 130

StealthWatchAlgorithms

GenerateAlarms, Alerts,and Reports

Build Profile of 90+ Host Attributes Send SYSLOG,

SNMP, and Emails

Perform Mitigation Action

Display in UI

Mirror Port, SPAN, or Tap

Cisco (NetFlow)

Foundry (sFlow)

GenerateProfile-Enhanced

Alarms, Alerts,and Reports

Store Detailed Log of All Flows

© 2007 Property of Lancope. Proprietary and Confidential.

Gaining Visibility + Scalable Deployment

© 2007 Property of Lancope. Proprietary and Confidential.

StealthWatch: Optimizing Security & Network Operations

Flows

© 2007 Property of Lancope. Proprietary and Confidential.

StealthWatch Functional Benefits: Security Operations

© 2007 Property of Lancope. Proprietary and Confidential.

StealthWatch Functional Benefits: Network Operations

© 2007 Property of Lancope. Proprietary and Confidential.

Links

• http://www.lancope.com

• http://www.foundrynet.com/pdf/wp-lancope-sflow.pdf

• http://www.gartner.com/

• http://www.educause.edu/LancopeProductsandServices/12827

© 2007 Property of Lancope. Proprietary and Confidential.

Questions??