Features

The StealthWatch™ Management Console provides the following features to cost-effectively optimise security and network operations across the enterprise:

Insightful real-time reporting
The StealthWatch Management Console provides valuable insight into network usage via pre-defined, customisable XML-based reports that include source/destination IP address, services, time period, traffic protocol and bandwidth levels. Administrators use this information to perform essential security and network management tasks, such as creating and assessing security policies; ensuring proper configuration of firewalls, servers and other network devices; and identifying trends in order to anticipate and remedy potential problems.

Efficient centralised administration across distributed enterprise deployments
The Console simplifies remote administration for multiple StealthWatch sensors and collectors regardless of physical location. Administrators centrally define and implement hierarchical security zones, security and network usage policies and various appliance configuration parameters. Low bandwidth transmissions between StealthWatch appliances and the Console maximise performance with minimal impact on normal network operations. In addition, the Console provides streamlined integration between the StealthWatch system and standard network management applications.

Customisable and flexible graphical visualisation of security and network events and behavior
Advanced 3D graphics and customisable preferred views of network activity deliver unique insight into the security and usage of the network. Graphical displays of network traffic relationships and security intelligence help network and security teams understand traffic patterns and identify deviations from normal network behavior. This visualisation aids the detection of Denial of Service (DoS) and Distributed Denial of Service attacks, worms, pre-attack reconnaissance and network misuse. The StealthWatch Management Console also helps administrators identify network bottlenecks, spot malfunctioning network devices and perform capacity planning to optimise network performance.

Drill-down analyses of security and network events
The StealthWatch Management Console correlates data across the enterprise for in-depth root-cause analysis and rapid recognition of network and security trends. Drill-down analysis into alarms, host-level activity and suspicious network behavior enables administrators to quickly prioritise and respond to contain attacks and mitigate network damage. The Console's user-friendly UI intuitively guides administrators through the various layers of information provided by StealthWatch appliances across the network.

Point of View™ technology
StealthWatch proves equally valuable for network and security engineers. Point-of-View technology provided in the StealthWatch Management Console provides a unique, customised view of the network for each IT role. Network engineers see router interface statistics, top talkers, and trending reports. Security analysts receive reports detailing policy violations, worm outbreaks, and other malware traversing the network. StealthWatch Point-of-View technology brings flow-based analysis benefits to the entire IT organisation.

Correlation of external events from syslog sources
The StealthWatch Management Console employs a high-speed customisable syslog parser to facilitate integration with other network and security technologies such as firewalls, IDS/IPS appliances, and any other technology capable of exporting syslog messages. As events are received from external systems, they are decoded, correlated with StealthWatch events, and stored for later analysis in the StealthWatch Management Console database.