World Top 75 University Relies on Lancope's StealthWatch to Secure and Monitor High-Speed Campus Traffic and Regional Network

StealthWatch Brings Real-time Network Awareness to University Network Administrators

ATLANTA-Lancope, Inc., the provider of StealthWatch(TM), the most widely used network behavior analysis (NBA) and response solution, today announced that the University of Nottingham deployed the StealthWatch System to protect its complex and demanding network from internal and external threats.

The University of Nottingham, ranked 74th in the Newsweek Top 100 Global Universities, will use StealthWatch to protect its own network as well as the East Midlands Metropolitan Area Network (EMMAN), which it jointly manages. The system is monitoring the EMMAN backbone connecting eight Universities and 40 colleges to the UK Joint Academic Network (JANET) and also the campus activity at Nottingham. Used primarily to identify malicious activity inside the network perimeter, Nottingham's Security and Compliance Group and Operations Team also rely on StealthWatch as a forensic tool for incident response and network abuse investigations.

"StealthWatch met all 37 essential and desirable requirements set by our selection panel," said Paul Kennedy, Security and Compliance Group leader for the University of Nottingham. "We've been particularly impressed with how StealthWatch succinctly summarizes a large quantity of network intelligence into a few key data points. Immediately, upon installation we could spot trouble on our network just by tracking the information provided by the StealthWatch Concern Index. We can learn exactly what a machine is up to from a quick look at the Concern Index followed by a more detailed report of host behavior called the Host Snapshot."

StealthWatch's network behavior analysis technology provides valuable protection for Nottingham, which must allow unknown and previously unseen machines onto its network to support visiting academics, conference attendees and student laptops. The University also supports some untrusted legacy PCs which run essential lab equipment and modern printers with embedded but often unpatched operating systems. Even with sound security policies in place, Nottingham's Security and Compliance Group recognizes that some student and academic network users may inadvertently attempt to bend the rules.

"The wide range of research activity occurring on the network makes intrusion detection and prevention systems a difficult proposition," said Kennedy. "A competitive technology evaluation was generating 1.2 million events per day from a single sensor, which was too much data for us to meaningfully assess and prioritize."

Richard Smeeton, Information Services Head of Network and Systems at the University of Nottingham added, "The StealthWatch System proactively manages the utilization of our network, identifying and removing sources of inappropriate traffic. As a result, more bandwidth is available for productive use by the organizations connected to EMMAN. As StealthWatch alerts us in real-time to areas of high concern, the reliability and availability of our network is also enhanced."

StealthWatch is currently tracking up to 24,000 hosts active across the EMMAN backbone at any one time and monitoring peak throughput of more than 1Gbps. On the Nottingham campus network, StealthWatch is tracking network activity for 18,000 hosts. Prior to StealthWatch, a NetFlow reporting tool was used to identify worm-like activity. These reports had to be run manually to see any suspicious activity, and there was no monitoring or alerting capability. Often, the reports would only be run after users reported slowness or other problems with the network, which made it difficult to spot worm outbreaks as they happened. Now the instant feedback from StealthWatch identifies security problems within minutes of an incident.

"Higher education institutions like the University of Nottingham support massive network environments with multiple hardware and software platforms and varied user requirements," said Harland LaVigne, president and CEO of Lancope. "With their own blend of network security needs, universities and research institutions like Nottingham rely on StealthWatch's cost-effective detection and response to worms, viruses, spyware and other malicious activity across the internal campus-wide network."

The University is also using the StealthWatch zoning capability to secure key resources. The Security and Compliance Group is beginning to create virtual firewalls through the StealthWatch zone locking feature and is using StealthWatch's Trapped Host alerting as a potential mechanism to spot hackers performing slow or covert scans to avoid detection.

In the future, Nottingham may link StealthWatch to its perimeter firewall to block malicious activity at the gateway, and link StealthWatch to the network management system which controls student PC access to the network in residential halls.

About the University of Nottingham

The University of Nottingham undertakes world-changing research, provides innovative teaching and a student experience of the highest quality. Ranked by Newsweek in the world's Top 75 universities, its academics have won two Nobel Prizes since 2003. An international institution, the University has campuses in the United Kingdom, Malaysia and China.

About East Midlands Metropolitan Area Network

East Midlands Metropolitan Area Network (EMMAN) Limited is a company jointly owned by its members, eight Universities in the East Midlands region of the United Kingdom. EMMAN owns and runs a high bandwidth Regional Network whose primary purpose is to deliver connectivity to the SuperJANET network and the Internet for the Higher Education Institutions, Further Education Institutions, Specialist Colleges and other institutions across the East Midlands region.

About Lancope

Lancope is the provider of StealthWatch, the most widely used network behavior analysis (NBA) and response solution that unifies behavior-based anomaly detection and network optimization capabilities to protect critical information assets and ensure network performance by preventing costly downtime, repair and loss of reputation. StealthWatch streamlines security and network operations into one process, reduces time and resources, and eliminates the costs and complexity associated with non-integrated point products. Both OPSEC and Common Criteria-certified, StealthWatch was named Best of Show at Interop2006 and InfoWorld 2005 Technology of the Year. Defending the networks of Global 2000 organizations, academic institutions and government entities, StealthWatch protects over 230 enterprise customers, more than all direct competitors combined. Lancope's Technology Alliance Partners include Cisco Systems, Foundry Networks, ArcSight, IBM Tivoli, LURHQ, CheckPoint and A10 Networks. Lancope is a privately held, venture-backed company headquartered in Atlanta, Georgia. For more information, call 888-419-1462 or visit

For Lancope
Dana Mark, 404-214-0722 x. 113

More from Materials

All Topics