- ID managers
- Flow replicators
- Flow sensors
- Thick client
Provides easily identifiable anomalies that you can't see with signature detections.
NetFlow: The beginning of any security investigation starts with NetFlow data.
One update that I would like to see is an agent-based client. Currently, Stealthwatch is network-based. A local agent could help manage endpoints.
I have known these guys for a long time. They are completely familiar with their product.
We did not have a previous solution.
The initial setup is very straightforward.
The vendor helped in every step of the installation.
Licensing is done by flows per second, not including outside (in traffic).
I have tried the Sourcefire solution, but Stealthwatch won out through its ease of use.
There is nothing like it. It is a dream to operate. It is very intuitive. Go for it.
Also, it is great for a network segmentation project.