12:58 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
Repost This

Lancope Unveils Threat Feed To Provide Enhanced Detection For Botnets And Advanced Malware

StealthWatch Labs Intelligence Center Threat Feed draws on global threat intelligence to reduce enterprise risk

ATLANTA, Feb. 11, 2013 /PRNewswire/ -- Lancope, Inc., a leader in network visibility and security intelligence, has unveiled its new StealthWatch Labs Intelligence Center(TM) (SLIC) Threat Feed to provide enhanced detection capabilities for advanced malware. The SLIC Threat Feed draws upon global threat intelligence to provide an additional layer of protection from botnets and other sophisticated attacks. Combined with the in-depth, internal network visibility and security context inherent in the Lancope StealthWatch® System, the new threat feed enables Lancope to uniquely provide information around the full security incident for dramatically improved risk management.

"Using covert command-and-control techniques, criminals are using infected internal systems as a launch point for conducting reconnaissance, spreading malware and stealing data to exploit and compromise entire enterprises," said Joe Yeager, director of product management for Lancope. "With StealthWatch now correlating suspicious network activity with intelligence from our global threat feed in real time, an organization has a more complete picture for early threat detection and fast, effective incident response."

The StealthWatch Labs security research team conducts both in-house research and taps into a wide variety of third-party experts and partners to aggregate emerging threat information from around the world. The StealthWatch Labs Intelligence Center (SLIC) is Lancope's research initiative through which global intelligence on the Internet's top threats is shared with the public and leveraged internally to enhance the StealthWatch System.

The SLIC Threat Feed offers advanced botnet detection, continuously monitoring customer networks for thousands of known command-and-control (C&C) servers and adding new botnets to its radar as they are identified in the wild. From there, StealthWatch generates alarms and Concern Index(TM) events to flag these communications for administrators so they can be swiftly mitigated.

By collecting and analyzing flow data from existing infrastructure, StealthWatch provides a comprehensive picture of network activity for combating the full spectrum of security issues facing today's enterprises, from botnets and other malware to APTs and insider threats. The system can also identify the exact users and devices responsible for network and security issues, holding individuals accountable and helping to address BYOD challenges.

Using existing StealthWatch appliances, customers can choose to add the SLIC Threat Feed license to their deployments. The threat feed is currently available with the StealthWatch 6.3 release, and existing customers are offered a 30-day trial upon upgrade.*

For more details, go to:

*Internet connection required and acceptance of additional terms and conditions may apply.

About Lancope

Lancope, Inc. is a leading provider of network visibility and security intelligence to defend enterprises against today's top threats. By collecting and analyzing NetFlow, IPFIX and other types of flow data, Lancope's StealthWatch®System helps organizations quickly detect a wide range of attacks from APTs and DDoS to zero-day malware and insider threats. Through pervasive insight across distributed networks, including mobile, identity and application awareness, Lancope accelerates incident response, improves forensic investigations and reduces enterprise risk. Lancope's security capabilities are continuously enhanced with threat intelligence from the StealthWatch Labs research team. For more information, visit

©2013 Lancope, Inc. All rights reserved. Lancope, StealthWatch, and other trademarks are registered or unregistered trademarks of Lancope, Inc. All other trademarks are properties of their respective owners.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web