Lancope, Inc. - Experts & Thought Leaders

PacketWatch solution allows large enterprises obtain deeper network visibility and more granular security context Lancope, Inc., a leader in network visibility and security intelligence, is unveiling its new PacketWatch™ solution for intelligent packet capture this week at Infosecurity Europe 2015. With the PacketWatch solution, large enterprises can obtain deeper network visibility and more granular security context for streamlined incident response and forensics – at a fraction of the cost of full packet capture.  “Full packet capture solutions create massive volumes of data, making it difficult and costly to store all of the information, and also challenging to find relevant security details amidst a deluge of innocuous traffic,” said Kerry Armistead, vice president of product management for Lancope. “PacketWatch alleviates these challenges by enabling organisations to conduct intelligent packet capture for select areas of the network where an issue is suspected – dramatically reducing storage requirements and costs while making it easier to extract actionable data for fending off sophisticated cyber-attacks.” StealthWatch provide critical metadata When collected and analysed with an advanced security analytics platform like Lancope’s StealthWatch® System, NetFlow and other types of network telemetry provide critical metadata for detecting dangerous cyber threats. However, there are instances when security and forensic analysts may want to obtain additional insight by analysing the corresponding packets from anomalous network conversations. The StealthWatch System for flow-based monitoring combined with PacketWatch for intelligent packet capture provides an ideal solution for obtaining comprehensive levels of network and security insight. With the PacketWatch solution, packets can be collected and stored for finite network segments and periods of time, and analysed to gain added threat intelligence for detecting and investigating specific network and security issues. “PacketWatch for the StealthWatch System provides the best of both worlds” Network Visibility from Lateral Movement to Packet-Level Inspection By conducting flow-based monitoring with Lancope’s StealthWatch System, operators can detect lateral (East-West) movement on the network to quickly identify suspicious behaviours associated with highly sophisticated threats that have already penetrated the network. Once an indicator of compromise has been identified, the operator can then easily and seamlessly pivot to PacketWatch right from the StealthWatch Management Console (SMC) to obtain additional insight. Lancope’s PacketWatch reduces the cost of ownership for packet capture by allowing users to trigger searches based on alarms generated in the StealthWatch System. This targeted approach enables organisations to store only packets of interest, reducing storage costs while providing a more detailed, context-rich record of what happened on the network. “PacketWatch for the StealthWatch System provides the best of both worlds,” added Armistead. “The pervasive visibility and security context provided by NetFlow is combined with a more precise and cost-effective means of obtaining packet-level data to further investigate a specific issue when necessary.” Availability Lancope PacketWatch will be available in the second half of 2015 as part of the StealthWatch System 6.8 release.* Lancope is showcasing the solution this week at Infosecurity Europe Stand F20. Those interested should stop by the stand for a demonstration or contact sales@lancope.com for further details. Additional information on the PacketWatch solution can be found here.

The new vice president of threat intelligence, Reid will oversee Lancope’s StealthWatch labs research team Lancope Inc., a leader in network visibility and security intelligence, recently announced that security research expert Gavin Reid has joined the company as vice president of threat intelligence. Reid brings more than two decades of intense security research expertise to his new role, including previous experience securing the networks of Fidelity Investments, Cisco Systems and NASA. Reid will oversee Lancope’s StealthWatch® Labs Research Team, which conducts both in-house research and leverages emerging threat information from around the world to help organisations better detect, analyse and remediate advanced security threats. “Having been responsible for securing some of the world’s largest and most sensitive network environments, I truly appreciate how critical it is to have access to strong, up-to-date research on today’s top threats,” said Gavin Reid, vice president of threat intelligence at Lancope. “Lancope is constantly leveraging new research to further enhance its security analytics tools, and I look forward to joining this innovative team and further expanding our research capabilities to provide our customers with an overwhelming advantage in cyber threat defense.”  Prior to joining Lancope Prior to joining Lancope, Reid served as vice president of threat intelligence for Fidelity Investments, where his team was responsible for proactively preventing, detecting and understanding past, present and future cyber incidents. Before that, he was the director of threat research for Cisco Systems Security Intelligence Operations (SIO), leading a team tasked with researching advanced cyber security threats and developing new data analytics technologies to help discover and remediate those threats. Having joined Cisco in 1999, Reid also created and led the company’s Computer Security Incident Response Team (CSIRT) and Threat Research, Analysis and Communications (TRAC) group. Cisco CSIRT is responsible for 24/7 monitoring, investigation and response to cyber security incidents, while the TRAC team works to continually enhance the quality of Cisco security products and also deliver actionable security intelligence to benefit all Internet users. Altogether, Reid spent over 10 years personally overseeing all major security incidents at Cisco and Cisco-owned corporations. Threat detection Before his work with Cisco, Reid spent nine years conducting information security for NASA. He regularly speaks on threat detection, computer forensics and incident response at security events around the world. As a former Lancope customer, he is well equipped to help large enterprises enhance their security posture with the StealthWatch System. “Gavin is deeply committed to leveraging cutting-edge security intelligence for the greater good,” said Mike Potts, president and CEO of Lancope. “His incomparable expertise in threat research will undoubtedly propel our customers’ incident response and risk management capabilities forward, while also further positioning Lancope as a key source of security intelligence and best practices for the industry as a whole.”  

The StealthWatch Labs research team delivers security updates to help better protect customers’ critical assets Lancope, Inc., a leader in network visibility and security intelligence, introduces new StealthWatch Labs security updates to help customers combat today’s chaotic and ever-changing threat landscape. Through this new feature, Lancope’s highly skilled StealthWatch Labs research team delivers security updates for major cyber-attacks targeting, lurking or pivoting stealthily inside enterprise networks to help better protect customers’ critical assets. “The new StealthWatch Labs security updates are one example of how the skills and expertise of our research team translate into immediate benefits for Lancope customers,” said Tom Cross, director of security research for Lancope. “StealthWatch Labs is engaged in ongoing research into advanced threats facing computer networks and how attacker behavior differs from legitimate network activity. Now, customers will have access to a regular stream of new detection capabilities based on that research, without having to wait to do a full product upgrade. These security updates provide yet another layer of assurance for defending networks from the latest threat vectors.” The mission of StealthWatch Labs is to protect Lancope customers by building innovative capabilities into the StealthWatch Systemto detect, analyse and remediate advanced security threats. Members of the StealthWatch Labs research team have decades of combined experience at the forefront of computer security as product developers, security researchers, authors and public speakers. The team conducts both in-house research and taps into a broad community of third-party experts and partners to aggregate emerging threat information from around the world. Through the StealthWatch Labs Intelligence Center (SLIC), Lancope delivers global intelligence on the Internet’s top threats to customers and the public at large. Lancope also offers a SLIC Threat Feed to provide enhanced detection capabilities for botnets and other advanced malware. “Fast, effective malware detection has become a critical component of any sound security strategy today,” said Javvad Malik, security analyst with 451 Research. “Lancope has a tried-and-tested, mature behavioral analysis offering that has been developed over a long period of time with a robust research team. Pairing its SLIC Threat Feed with new advances like StealthWatch Labs security updates further strengthens Lancope’s ability to assist customers in detecting malware and APTs as early as possible.” StealthWatch Labs security updates will be available as part of StealthWatch System Version 6.5. StealthWatch System Version 6.5 includes several powerful new security capabilities for improving organisations’ threat detection, forensics and incident response efforts. Through the collection and analysis of NetFlow, IPFIX and other types of flow data from existing infrastructure, the StealthWatch System enables organisations to efficiently detect and mitigate a wide variety of attacks including malware, APTs, insider threats and DDoS. Lancope will demonstrate the StealthWatch System Version 6.5 at Booth #3634 (North Expo) during the upcoming RSA Conference in San Francisco from February 24-28, 2014.