Validated Product - Lancope StealthWatch

PRODUCT DESCRIPTION

Lancope StealthWatch approaches intrusion detection and network management through a behavior-based architecture that provides protection from unknown threats, network policy management, activity tracking, and forensics tools for a proactive approach to managing threats. StealthWatch characterizes, and analyzes the data flow between Internet Protocol (IP) devices to differentiate abnormal network behavior from normal behavior. StealthWatch should not be confused with signature, or protocol anomaly products.

The Target of Evaluation (TOE) is defined as the Lancope StealthWatch and StealthWatch + Therminator appliances containing StealthWatch version 3.3.0 – Build 4140 intrusion detection software. The TOE consists of applications and data files that provide the intrusion detection related functions and associated security management functions, an Intel CPU-based Dell 1750 hardware platform, and a Linux operating system (Red Hat distribution v9.0).

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Lancope StealthWatch TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1 and International Interpretations effective on 29 September 2003. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0 and Common Methodology for Information Technology Security Evaluation, Supplement: ALC_FLR - Flaw Remediation, Version 1.1. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 2 family of assurance requirements augmented with ALC_FLR.2. The product, when configured as specified in the configuration guide and release notes, satisfies all of the security functional requirements stated in the Lancope StealthWatch Security Target. Two validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in June 2004. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for Lancope StealthWatch, prepared by CCEVS.

ENVIRONMENTAL STRENGTHS

The Lancope StealthWatch is a commercial intrusion detection product that provides intrusion detection, identification and authentication, audit, protection of security functions and security management.