Cisco Secure Network Analytics: Lancope StealthWatch for Higher Education

Reduced Mean-Time-To-Know (MTTK)

By approximately what percentage did the Stealthwatch deployment reduce the time it took to mitigate a security incident?

Greater than 75%: 27%

50% to 74%: 9%

25% to 49%: 45%

10% to 24%: 9%

Less than 10%: 9%

Higher Edu. Orgs Improve Security Posture

84% of surveyed educational institutions enhanced network security posture with Stealthwatch by Cisco.

Stealthwatch for Addressing Higher Education Security & Network Challenges

What types of operational challenges did the use of Stealthwatch by Cisco solve?

Reduction in Mean-Time-to-Know (MTTK) root cause of network or security incidents	47%
Improved in network performance	26%
Improved network security posture	84%
Improved in application performance	5%
Improved efficiency in the identification of security threats	68%
Improved forensic analysis	79%
Increased correlation of user identity and activity	32%
Increased visibility of mobile devices	11%
Increased flow collection, monitoring and analysis	79%
Enhanced compliance posture	11%

Easily Audit Secure Zones

[Stealthwatch] allows us to gain internal network visibility… and easily audit our secure zones to ensure certain types of traffic are not leaving those networks.

— Ryan Laus, Network Administrator, Central Michigan University

Case Study: Stanford University

Introduction

This case study of Stanford University is based on a December 2012 survey of Cisco Stealthwatch customers by TechValidate, a 3rd-party research service.

“[Cisco’s Stealthwatch] validates the fact that when a system is compromised/virused – we have the network information to back it up in the form of flows.”

Challenges

Solved the following operational challenges with Stealthwatch by Cisco:
- Enhanced network security posture
- Improved forensic analysis
- Increased flow collection, monitoring and analysis

Use Case

Primarily uses Stealthwatch by Cisco in the following ways:
- Incident Response
- Network Forensics
- Security Forensics
Used Stealthwatch to detect or prevent the following security threats:
- Network malware or virus
- Suspicious user behavior
- External hacking attempt
- Compromised host
- Network reconnaissance
Is doing the following with Stealthwatch by Cisco deployment:
- Monitoring a centralized network with a large number of satellite or retail locations
- Operating in a classified network with strictly controlled access to specific segments

Results

Chose Stealthwatch by Cisco for the following capabilities:
- Behavior-based security monitoring
- Real-time flow monitoring capabilities
- Internal visibility
Selected Stealthwatch by Cisco over the following vendors:
- Q1 Labs / IBM
- Riverbed Cascade / Mazu Networks
- Arbor Networks
- In-house monitoring solution
- Open source solution
Meets enterprise requirements by utilizing the following Stealthwatch by Cisco benefits:
- Real-time threat detection and correlation with user identity data
- Enterprise-wide visibility into network activity
- Deployment and support simplicity
- Forensic analysis
Rated the following Stealthwatch by Cisco capabilities as compared to competing vendors:
- Network Security: Better
- Performance Monitoring: Better
- Scalability: Better
- Network Visibility: Better
- Innovation: Better

Stealthwatch Reduces Mitigation Time for Education Insitutions

91% of surveyed educational institutions reduced the time it took to mitigate a network security incident by 10% to 24% or more by deploying Stealthwatch.

Detecting/Preventing Security Threats

Which of the following security threats have you used Stealthwatch to detect and/or prevent?

Advanced Persistent Threats	21%
Network Malware or Virus	79%
Suspicious user behavior	84%
External hacking attempt	47%
Compromised host	84%
Data loss / Exfiltration	21%
Command and Control traffic / Botnets	47%
Network reconnaissance	58%

Lancope StealthWatch for Higher Education