StealthWatch Improves Network Availability and Security for University of Adelaide
(03/03/2008)

Lancope®, Inc. has announced that the University of Adelaide is using StealthWatch to gain 100 percent insight into routed network traffic in order to identify anomalies such as worms and interface congestion.

The University network is comprised of approximately 1,000 infrastructure devices with nearly 10,000 hosts active on the network at any given time. The StealthWatch System analyzes NetFlow traffic information from the University’s 25 Cisco routers to provide a detailed view of activity. With StealthWatch, the University is able to quickly and easily investigate potential issues related to security, network operations and applications.

“A NetFlow analysis tool of some sort is a ‘must have’ for any network and security operations team, and StealthWatch is the product to consider if you demand the best technology available,” said Lindsay Whitbread, network operation and information security team leader for the University of Adelaide. “Like using a mobile phone, once you’ve seen StealthWatch in action, you’ll wonder how you possibly lived without it.”

Currently, the University is relying on StealthWatch in the following capacities:
• Information Security – The University’s information security specialists use StealthWatch to detect network traffic anomalies and/or intrusion attempts. StealthWatch has enabled security staff to block hosts scanning the University network for vulnerabilities—preventing security breaches before damage can occur.
• Network Operations – Through NetFlow collection and SNMP polling, StealthWatch provides a single view of every network port on critical devices. The University’s network operations staff can detect interface congestion immediately and easily investigate the root causes behind network events.
• Application Administration – StealthWatch helps the University’s application administrators quickly investigate the network connections associated with a server, which is performing unexpectedly. Via StealthWatch, administrators use NetFlow data to fully understand the network behavior of a server before, during and after an incident.

“Before StealthWatch, we invested significant time and resources developing scripts to create NetFlow reports and to identify important network events,” said Whitbread. “Only one staff member could drive the system, which often meant missing important network incidents until some time after an event occurred. With StealthWatch in place, several people can effectively analyze NetFlow information in real time without requiring specialized training.”

The University imports Cisco PIX firewall logs into the StealthWatch Management Console to give operations staff additional network behavior data. It also uses the StealthWatch IDentity-1000 appliance to associate users with corresponding IP addresses to help network operations staff quickly identify individuals responsible for suspect network activity.

“StealthWatch has dramatically increased our network visibility,” said Whitbread. “We’ve gone from analyzing 10 percent of network connections to 95 percent or higher. Tasks, which we used to avoid because of the effort required, are now performed quickly and efficiently using StealthWatch.”

User interface was a key consideration in the University’s search for an NBA solution. “The tabbed layout in the StealthWatch GUI gives us an intuitive way to run several reports in parallel, so we can quickly and easily verify all aspects of a network incident, including the behavior of key hosts, historical incidents of a similar nature and other trends,” said Whitbread. “The StealthWatch GUI will always be a clear advantage over the competition.”

“The University of Adelaide already recognized the value of NetFlow data for improving security, network and application performance,” said David Schwickerath, VP International Field Operations for Lancope. “As a sophisticated user, the University has harnessed the power of the StealthWatch System to achieve real bottom-line benefits like decreased user downtime, better data security and greater IT staff efficiency.”