dfm covers
 
 

New Tool Launched to Improve Security Analytics and Accelerate Incident Response

Written by DFM Team

Lancope, Inc., a leader in network visibility and security intelligence, today unveiled its new ProxyWatch™ solution for enhanced security context at RSA Conference 2015. A key component of the StealthWatch® System 6.7 release, the ProxyWatch solution extends network visibility and provides more in-depth insight for enhanced threat detection, incident response and forensics. 

“Traditionally, traffic on either side of a web proxy is not tied together, and communications that traverse a proxy server appear as two separate conversations,” said Kerry Armistead, vice president of product management for Lancope. “This hinders network and security troubleshooting by associating an incident with the proxy address instead of the actual address causing the issue. In our continuous efforts to improve the way enterprises visualise and defend their networks, Lancope’s new ProxyWatch solution provides a key new layer of security awareness for faster, more precise threat protection.”

When deployed with the StealthWatch System, the ProxyWatch solution enables organisations to see the translated address associated with the other side of a proxy conversation, enhancing organisations’ ability to effectively pinpoint the source of threats and expedite Mean Time to Know (MTTK). The solution ingests proxy records and associates them with flow records, delivering the user, application and URL information for each flow to enable powerful, context-aware security analytics.

With the ProxyWatch solution, security analysts can see exactly who within their organisation went to a specific web site, and can also evaluate the URL data against Lancope’s StealthWatch Labs Intelligence Center (SLIC) Threat Feed to determine whether the site was malicious. ProxyWatch users can also see when a session began and ended and how much data was transferred between the host and destination address.

“Network visibility is a critical piece of the security puzzle, but it is even more effective when combined with contextual data,” added Armistead. “By providing visibility into proxy conversations, and also delivering important details such as user data, the ProxyWatch solution can greatly enhance an organisation’s ability to thwart sophisticated attacks and avoid damaging data breaches.”

Lancope has long been dedicated to providing in-depth network insight and security intelligence for large, distributed networks. Hundreds of enterprises around the world rely on Lancope and the StealthWatch System to collect and analyse massive amounts of security data for faster, more informed threat detection and investigation. By continuously monitoring communications inside the network, Lancope can detect both sophisticated external attacks that bypass perimeter defenses as well as stealthy insider threats.

The Lancope ProxyWatch solution will be available in May 2015 for Blue Coat, Squid, Cisco and McAfee proxy servers as part of the StealthWatch System 6.7 release.* Lancope is showcasing the solution this week at RSA Conference Booth #N4211. Those interested should stop by the booth or contact 
 This e-mail address is being protected from spambots. You need JavaScript enabled to view it
  for further details. Additional information on the ProxyWatch solution can also be found at https://www.lancope.com/resources/data-sheets/extend-network-visibility-and-security-context.

*Additional charges apply for the ProxyWatch solution. Please contact 
 This e-mail address is being protected from spambots. You need JavaScript enabled to view it
  for pricing.
 
Please make cache directory writable.
 

Submit an Article

Call for Articles

We are keen to publish new articles from all aspects of digital forensics. Click to contact us with your completed article or article ideas.

Featured Book

Learning iOS Forensics

A practical hands-on guide to acquire and analyse iOS devices with the latest forensic techniques and tools.

Meet the Authors

George Bailey

George Bailey is an IT security professional with over 15 years of experience

 

Coming up in the Next issue of Digital Forensics Magazine

Coming up in Issue 41 on sale from November 2019:


Forensic Syntactical & Linguistic Investigation

Mark Iwazko presents a case study regarding a Forensic Syntactical & Linguistic investigation: Instructed by the Moscow General Council of one of the actual big four accountants. Read More »

Forensic Readiness: A Proactive Approach to Support Forensic Digital Analysis

An increasing number of criminal actions are inflicting financial and brand damage to organizations around the globe. An impressive number of such cases do not reach the courts, mainly because of the organization’s inefficiency to produce robust digital evidences that are acceptable in the courts of law. Read More »

Subscribe today


Using Error-Patterns for Attribution: An Applied Linguistics Technique

Corpus Linguistics within Second Language Acquisition has developed models of error patterns made by defined groups of second language learners. This knowledge base can be leveraged by a knowledgeable analyst to attribute content to a subset of authors. Read More »

Every Issue
Plus the usual Competition, Book Reviews, 360, IRQ, Legal

Click here to read more about the next issue