There are hundreds of vendors in the security market, and the bulk of them are focused on the edge, but some newer entrants are looking inside.There are hundreds of vendors in the security market, and the bulk of them are focused on the edge. But some of the newer entrants are looking inside because they recognize that 1) despite all of our perimeter defenses, bogeys still get through, and 2) compliance, acceptable use and other new requirements demand more stringent controls.Lancope is targeting the first concern, and Reconnex, which we will look at next week, is focused on the latter.Lancope offers an appliance called StealthWatch that constantly compares network activity against a normal baseline. That baseline is achieved by placing sensor appliances at critical points in the network – for example, at Web servers, VPN access points and core routers – and starting an auto-learn process. Once the baseline has been achieved, the watching begins, says Chris Hovis, vice president of marketing and business development. Each packet that goes by is collected, organized into flows, and then analyzed and mapped to policies.Policies, Hovis says, can address everything from who can talk to whom, what ports and services can be accessed, and minimum and maximum traffic thresholds. Customers then use StealthWatch to establish a behavior concern index for each host, with things like syn floods and scanning activity ranking high. When nefarious activity is noticed, StealthWatch can sound an alarm, automatically mitigate the situation on a zone-by-zone basis (it is integrated with Cisco routers, Cisco’s PIX firewall and Check Point firewalls), or suggest a course of action that must be approved by an administrator.On the face of it, the StealthWatch approach makes sense because studies have shown that up to 50% of today’s security events go undetected by signature-based systems such as firewalls.The problem with signature-based systems, Hovis says, is you’re using prior knowledge to look for bad stuff that is always changing. “With StealthWatch, we are constantly aware of what is happening vis-à-vis a baseline of what should be happening.“Customers are saying, ‘I’m not going to prevent everything, but when stuff does happen, I want to quarantine it to as small a part of the net as possible.’ When someone breaks in, we lock all the doors and windows in that room,” he says.Prices for StealthWatch start at about $20,000. The company, which has 65 employees and 75 customers, is privately funded and just raised $12.5 million in the first quarter.Next week, a look at Reconnex’s approach to security. Related content news End of road for VMware’s end-user computing and security units: Broadcom Broadcom is refocusing VMWare on creating private and hybrid cloud environments for large enterprises and divesting its non-core assets. By Sam Reynolds Dec 08, 2023 3 mins Mergers and Acquisitions news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Cloud Computing Networking news Gartner: Just 12% of IT infrastructure pros outpace CIO expectations Budget constraints, security concerns, and lack of talent can hamstring infrastructure and operations (I&O) professionals. By Denise Dubie Dec 07, 2023 4 mins Network Security Data Center Industry feature Data centers unprepared for new European energy efficiency regulations Regulatory pressure is driving IT teams to invest in more efficient servers and storage and improve their data-center reporting capabilities. By Maria Korolov Dec 07, 2023 7 mins Enterprise Storage Green IT Servers Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe