United Auto Insurance Company

UAIC primarily uses Stealthwatch for incident response, network forensics, security forensics, application performance monitoring, PCI compliance and network performance monitoring.

Challenges

UAIC solved the following operational challenges with Stealthwatch:

  • Reduced mean-time-to-know (MTTK) for root causes of network or security incidents
  • Improved in network performance, forensic analysis
  • Enhanced network security posture
  • Increased efficiency in the identification of security threats, correlation of user identity and activity, flow collection, monitoring and analysis
  • Enhanced compliance posture

Use Case

Primarily uses Stealthwatch in the following ways:

  • Incident response
  • Network forensics
  • Security forensics
  • Application performance monitoring
  • PCI compliance
  • Network performance monitoring

Used Stealthwatch to detect or prevent the following security threats:

  • Advanced persistent threats
  • Network malware or virus
  • Suspicious user behavior
  • External hacking attempt
  • Compromised host
  • Command and control traffic/ botnets
  • Network reconnaissance

Is doing the following with Stealthwatch deployment:

  • Operating in a classified network with strictly controlled access to specific segments
  • Monitoring traffic within a data center, physical and virtual

Results

Chose Stealthwatch for the following capabilities:

  • Behavior-based security monitoring
  • Real-time flow monitoring capabilities
  • Forensics
  • Advanced persistent threat (APT) detection
  • Auditing and compliance requirements
  • Identity awareness
  • Application-aware network performance monitoring

Selected Stealthwatch over the following vendors:

  • Arbor Networks
  • NetQoS / CA
  • Open source solution

Meets enterprise requirements by utilizing the following Stealthwatch benefits:

  • Scalability and flexibility
  • Real-time threat detection and correlation with user identity data
  • Improved incident response and threat management
  • Regulatory compliance
  • Enterprise-wide visibility into network activity
  • Deployment and support simplicity
  • Enterprise-wide user monitoring
  • Forensic analysis
  • Improved time to mitigation of a security incident by more than 75 percent by deploying Stealthwatch.

Rated the following Stealthwatch capabilities as compared to competing vendors:

  • Network Security: Much Better
  • Performance Monitoring: Much Better
  • Network Visibility: Better
  • Innovation: Better

[Lancope's] anomaly-based protection has been very instrumental in identifying both internal and external security threats.

M. Smith, Engineer