Concord Hospital Improves Network Visibility Using Lancope's StealthWatch to Analyze NetFlow From Nortel Devices
Recognized as one of the 100 most wired hospitals in the U.S., the ConcordHospital campus includes the main hospital plus many remote physicianpractices and clinics. The hospital IT network extends to 5,000 endpoints andincludes many 10 gigabit and 1 gigabit links to facilitate the transfer ofinformation. Concord Hospital has focused on business continuity for the pasttwo years and built two new datacenters for high redundancy. With its highlysophisticated network, the network team had no way to mirror all trafficactivity for analysis and troubleshooting. The only option was to utilizeNetFlow data from its Nortel core switches.
After learning about Lancope's StealthWatch at a security conference,Concord Hospital selected StealthWatch Xe for NetFlow to capture traffic datafrom its existing Nortel infrastructure, while the StealthWatch ManagementConsole (SMC) provides a flexible dashboard for presenting customizable viewsof actionable information for a variety of users, roles and needs. Sincedeploying StealthWatch, Concord Hospital pinpoints sources of network andsecurity incidents much faster and more accurately than ever before.
"StealthWatch has saved us a great deal of time, especially with extremelycomplex troubleshooting," said Mark Starry, manager of enterprise architectureand security for Concord Hospital. "In one incident, we suspected spyware hadbeen installed on some of our devices based on strange traffic patterns on anunused port. Immediately, StealthWatch detected the anomalous activity andrevealed that misconfigured devices were the underlying issue."
Similarly, StealthWatch has helped Concord's security team uncover somepeer-to-peer (P2P) applications that its intrusion detection and preventionsystem was supposed to block. By finding the prohibited P2P activity,StealthWatch helped Concord restore much-needed bandwidth, remove potentialsecurity issues and improve its Intrusion Prevention System (IPS) policy.
"Troubleshooting is almost effortless with StealthWatch," added Starry."Previously, when there was an incident, we would add mirrors and sniffers totrack and replicate the event, and then manually comb through logs. We can nowsort, analyze and baseline traffic with ease. In addition, we are usingStealthWatch to gain application awareness, which enables us to quicklyidentify and respond to unauthorized application usage."
Since Concord maintains several different office locations, the networksecurity team must manage operations remotely. StealthWatch has provided theteam with detailed visibility so that security resources can drill down tofind the source of slow spots or performance issues without having tophysically visit a specific location.
"Concord Hospital consistently embraces technology to ultimately improveits operations and its patient care," said Harland LaVigne, president and CEOof Lancope. "StealthWatch improves network performance management andstrengthens the security posture for Concord Hospital, which joins more than30 healthcare institutions worldwide in recognizing the value of StealthWatchand the complete visibility it delivers across the enterprise."
Lancope(R), Inc. is the provider of the StealthWatch(R) System, the mostwidely used network behavior analysis (NBA) and response solution that unifiesflow-based anomaly detection and network performance monitoring to protectcritical informat
You May Also Like