Lancope has unveiled its new ProxyWatc solution for enhanced security context at RSA Conference 2015. A key component of the StealthWatch® System 6.7 release, the ProxyWatch solution extends network visibility and provides more in-depth insight for enhanced threat detection, incident response and forensics.
“Traditionally, traffic on either side of a web proxy is not tied together, and communications that traverse a proxy server appear as two separate conversations,” said Kerry Armistead, vice president of product management for Lancope. “This hinders network and security troubleshooting by associating an incident with the proxy address instead of the actual address causing the issue. In our continuous efforts to improve the way enterprises visualise and defend their networks, Lancope’s new ProxyWatch solution provides a key new layer of security awareness for faster, more precise threat protection.”
When deployed with the StealthWatch System, the ProxyWatch solution enables organisations to see the translated address associated with the other side of a proxy conversation, enhancing organisations’ ability to effectively pinpoint the source of threats and expedite Mean Time to Know (MTTK). The solution ingests proxy records and associates them with flow records, delivering the user, application and URL information for each flow to enable powerful, context-aware security analytics.
With the ProxyWatch solution, security analysts can see exactly who within their organisation went to a specific web site, and can also evaluate the URL data against Lancope’s StealthWatch Labs Intelligence Center (SLIC) Threat Feed to determine whether the site was malicious. ProxyWatch users can also see when a session began and ended and how much data was transferred between the host and destination address.
“Network visibility is a critical piece of the security puzzle, but it is even more effective when combined with contextual data,” added Armistead. “By providing visibility into proxy conversations, and also delivering important details such as user data, the ProxyWatch solution can greatly enhance an organisation’s ability to thwart sophisticated attacks and avoid damaging data breaches.”
Lancope has long been dedicated to providing in-depth network insight and security intelligence for large, distributed networks. Hundreds of enterprises around the world rely on Lancope and the StealthWatch System to collect and analyse massive amounts of security data for faster, more informed threat detection and investigation. By continuously monitoring communications inside the network, Lancope can detect both sophisticated external attacks that bypass perimeter defenses as well as stealthy insider threats.