dfm covers
 
 

New Tool Launched to Improve Security Analytics and Accelerate Incident Response

Written by DFM Team

Lancope, Inc., a leader in network visibility and security intelligence, today unveiled its new ProxyWatch™ solution for enhanced security context at RSA Conference 2015. A key component of the StealthWatch® System 6.7 release, the ProxyWatch solution extends network visibility and provides more in-depth insight for enhanced threat detection, incident response and forensics. 

“Traditionally, traffic on either side of a web proxy is not tied together, and communications that traverse a proxy server appear as two separate conversations,” said Kerry Armistead, vice president of product management for Lancope. “This hinders network and security troubleshooting by associating an incident with the proxy address instead of the actual address causing the issue. In our continuous efforts to improve the way enterprises visualise and defend their networks, Lancope’s new ProxyWatch solution provides a key new layer of security awareness for faster, more precise threat protection.”

When deployed with the StealthWatch System, the ProxyWatch solution enables organisations to see the translated address associated with the other side of a proxy conversation, enhancing organisations’ ability to effectively pinpoint the source of threats and expedite Mean Time to Know (MTTK). The solution ingests proxy records and associates them with flow records, delivering the user, application and URL information for each flow to enable powerful, context-aware security analytics.

With the ProxyWatch solution, security analysts can see exactly who within their organisation went to a specific web site, and can also evaluate the URL data against Lancope’s StealthWatch Labs Intelligence Center (SLIC) Threat Feed to determine whether the site was malicious. ProxyWatch users can also see when a session began and ended and how much data was transferred between the host and destination address.

“Network visibility is a critical piece of the security puzzle, but it is even more effective when combined with contextual data,” added Armistead. “By providing visibility into proxy conversations, and also delivering important details such as user data, the ProxyWatch solution can greatly enhance an organisation’s ability to thwart sophisticated attacks and avoid damaging data breaches.”

Lancope has long been dedicated to providing in-depth network insight and security intelligence for large, distributed networks. Hundreds of enterprises around the world rely on Lancope and the StealthWatch System to collect and analyse massive amounts of security data for faster, more informed threat detection and investigation. By continuously monitoring communications inside the network, Lancope can detect both sophisticated external attacks that bypass perimeter defenses as well as stealthy insider threats.

The Lancope ProxyWatch solution will be available in May 2015 for Blue Coat, Squid, Cisco and McAfee proxy servers as part of the StealthWatch System 6.7 release.* Lancope is showcasing the solution this week at RSA Conference Booth #N4211. Those interested should stop by the booth or contact 
 This e-mail address is being protected from spambots. You need JavaScript enabled to view it
  for further details. Additional information on the ProxyWatch solution can also be found at https://www.lancope.com/resources/data-sheets/extend-network-visibility-and-security-context.

*Additional charges apply for the ProxyWatch solution. Please contact 
 This e-mail address is being protected from spambots. You need JavaScript enabled to view it
  for pricing.
 
Please make cache directory writable.
 

Submit an Article

Call for Articles

We are keen to publish new articles from all aspects of digital forensics. Click to contact us with your completed article or article ideas.

Featured Book

Learning iOS Forensics

A practical hands-on guide to acquire and analyse iOS devices with the latest forensic techniques and tools.

Meet the Authors

Noemi Kuncik

Noemi Kuncik is an IT Forensics Specialist at Grant Thornton

 

Coming up in the Next issue of Digital Forensics Magazine

Coming up in Issue 34 on sale from February 2018:


Device Forensics in the Internet of Things

As more businesses and consumers adopt IoT devices, privacy violations and cyber-attacks by malicious actors will become commonplace due to the insecure IoT infrastructure. Read More »

Data Destruction In Current Hard Disks & Data Destruction Techniques

Data destruction is a process traditionally applied using physical techniques, aiming at the completely destruction of the hard disk, however, there is an increasing interest in the use of logical techniques for data destruction, that allow reusing the physical device. Read More »

Subscribe today


Faster Searching For Known Illegal Content

Cryptographic (“MD5”) hash searching for known illegal material is one of the most thorough methods of digital forensic investigation. However, the technique is hampered by the ever-increasing size of media being examined, and the size of the hash list being searched. Read More »

Every Issue
Plus the usual Competition, Book Reviews, 360, IRQ, Legal

Click here to read more about the next issue