Dynamic Endpoint Modeling features and benefits

Now that you have seen how it works, please see the features and benefits of Stealthwatch Clouds product line.

Product feature/capability Feature benefits

Deeper security intelligence

  • Dynamic Endpoint Modeling (DEM) is a managed service system comprising real-time network flow data, advanced security analytics, and big-data methods to continuously model all network devices.
  • Fully automated, real-time analysis of device level network traffic and patterns of communication.
  • Provides high fidelity of security alerts, enabling smarter security actions.

Cloud platform

  • Limitless scalability
Greatly simplified deployment:
  • No specialized hardware to purchase
  • No software agents to deploy
  • No expertise required

Managed services agility

  • Save time and money from constantly hiring more expertise while attempting to maintain a continuous vigil to ensure the integrity of systems and data.
  • Attain a stronger security posture with a managed automated platform to rapidly identify compromised and misused devices, enable facilitate faster remediation, and reduce the risk and cost associated with breaches.

Software-as-a-Service subscription

  • Simplify threat detection and response with an advanced security capability available as a SaaS subscription.
  • Cost-effective monthly and annual subscription plans.

Dynamic Endpoint Modeling (DEM)

  • Rapidly identifies early stage and hidden indicators of compromise
  • 100% functionality in encrypted environments; no “man in the middle"
  • No signature lists to update
  • No software agents to deploy
Provides continuous modeling across multiple dimensions of analysis:
  • Forecast: This dimension supports algorithms that predict device behavior based on past activities, and assesses observed behavior against these predictions.
  • Group: This dimension supports algorithms that assess devices for consistency in behavior by comparison to similar devices.
  • Role: This dimension supports algorithms that use the dynamically recognized role of the network device to detect activities inconsistent with that role.
  • Rule: This dimension supports algorithms that detect when endpoints are breaking established network rules including protocol/port correctness, profile characteristics, and blacklist communication.
  • Consistency: This dimension supports algorithms that recognize when a device has critically deviated from its past behavior – both in data transmission and access characteristics.
Threat detection:
  • Dynamically scalable analytics engine capable of analyzing along multiple threat dimensions.
Intelligent correlation:
  • Analytics engine analyzes endpoint model data in real-time, quickly identifying tangible behavioral events and deviations while eliminating background noise and innocuous events to significantly reduce the number of false positives.
  • Configurable alert sensitivity

100% endpoint agnostic

  • Supports all IP-based endpoint types
  • Supports all endpoint hardware manufacturers
  • Supports all OS types
  • Supports physical and virtual endpoints

All networks sizes and types

  • From 50–500,000+ endpoints
  • Supports IT and operations technology (OT) networks

DEM passive network sensor

  • Available as a free virtual appliance
  • Hardened Linux distribution
  • Deployment onto physical and virtual hosts
  • Monitoring of both physical and virtual endpoints
  • Monitoring selectable by network subnets
  • Supports multiple port mirroring and monitoring standards such as SPAN, mirror, and TAP
  • Network flow collection up to 10 Gbps per NIC
  • Support for multiple NICs
  • Extended protocol flagging
  • Extended support for DNS
  • Supports third-party network flow protocols such as NetFlow, sFlow, and JFlow

Management dashboard

  • Provides unobstructed visibility into the behavior of all network endpoints and real-time alerts to clear behavioral anomalies and present indicators of compromise.
  • Customizable notifications providing flexible notification frequency and distributions.
Highly structured access to detailed security intelligence:
  • Simple data visualization and drill-down
  • Simple CSV upload to organize and simplify network subnet segmentation presentation
Intuitive end-user functionality to core service features:
  • Administration
  • Configuration
  • Alert notification and workflow
  • Forensics and reporting
Convenient configuration of alertable conditions:
  • abuse.ch is automatically updated and enforced on all devices
  • Custom blacklists and external threat intelligence upload support
  • Configurable geo blacklist violations
  • Easy accountability for known scanners and SNMP managers

OmniView Visibility

Unified functionality for multiple DEM sensors:
  • All traffic directions: 360 degrees of network coverage including north/ south and east/west traffic flows
  • All periods of time: Real-time through 6 months of history (standard); longer retention periods available
  • All devices: coverage across entire network of devices
  • All network perimeters

Robust system security

  • All persistent data stored in compressed, encrypted form in key-based systems
  • All network communications utilize strong encryption and two-factor authentication

Flexible integration stack

  • Integration with existing security tools and dashboards via syslog and API
  • STIX integration (coming soon)

Sign up for a free trial now to see how your security will never be the same.