Network Threat Detection and Response with Cisco Stealthwatch

Today’s enterprise network is expanding rapidly. It connects multiple branches, mobile users, the cloud, and data centers. Organizations are moving away from traditional IT infrastructure and towards a digital ready network infrastructure to change the way business is done. From streamlining operations and inventory management to offering new value-added services, many businesses are realizing significant benefits from digitization. But as companies change to digital businesses and adopt new practices and technologies, they require increased visibility to maintain security.

With the recent transition in the way employees are connecting to the network, it's more important than ever to use visibility and security analytics to secure organizations and implement capacity planning for uptime.

Achieve scalable visibility and security analytics with Cisco Stealthwatch

Cisco Stealthwatch provides enterprise-wide visibility, from the private network to the public cloud, and applies advanced security analytics to detect and respond to threats in real-time. With a single, agentless solution, you get comprehensive threat monitoring across the data center, branch, endpoint and cloud, regardless of the presence of network encryption.

Cisco Stealthwatch provides continuous real-time monitoring of, and pervasive views into, all network traffic. It dramatically improves visibility across the extended network and accelerates response times for suspicious incidents. It creates a baseline of normal web and network activity for a network host, and applies context-aware analysis to automatically detect anomalous behaviors. Stealthwatch can identify a wide range of attacks, including malware, zero-day attacks, distributed denial-of-service (DDoS) attempts, advanced persistent threats (APTs), and insider threats. Now, with Cognitive Analytics, a cloud-based threat detection and analytics capability, Cisco Stealthwatch can get additional contextual information to identify and prioritize new and emerging threats across the extended network. Stealthwatch with Cognitive Analytics has additional visibility and context into global and local traffic, and utilizes machine learning for continuous analysis and detection of command and control communications. Now, you can detect threats that have bypassed existing security controls and identify data exfiltration to legitimate cloud services.

Analyzing Encrypted Traffic for Improved Security

Encryption is important in security. But although you may use encryption to protect data and privacy, attackers use it to conceal malware and evade detection by network security products. With Cisco Stealthwatch and its enhanced analytics capabilities, you can better understand whether encrypted traffic on the network is malicious. Stealthwatch applies machine learning and statistical modelling for intraflow metadata or Encrypted Traffic Analytics to enhance NetFlow analysis. Cognitive Analytics can learn from what it sees and adapt to changing network behaviour over time. Stealthwatch with Cognitive Analytics improves visibility into traffic flows by centralizing the management of network and web traffic within the Management Console. Rather than decrypt the traffic, Stealthwatch with Cognitive Analytics

Pinpoints malicious patterns in encrypted traffic to identify threats and accelerate the appropriate response. Using Encrypted Traffic Analytics, Stealthwatch also ensures enterprise compliance with cryptographic protocols and visibility into and knowledge of what is being encrypted and what is not being encrypted on your network.

Extending Visibility into the Cloud

Workloads are increasingly moving off premises and into cloud environments. This gives your organization more flexibility, but it also hinders your ability to view traffic flows within these virtual instances. However, with Stealthwatch, you have all the network visibility, threat detection, and analytics capabilities in public, private, and hybrid cloud environments. You gain real-time situational awareness and enhanced security across your entire infrastructure.

Extending Visibility to the Endpoints

In our connected world, mobility is king. More users are connecting to corporate networks with more devices, from more places than ever before. But to truly monitor all network activity, security professionals need the ability to look into the applications and processes that occur at the network edge, down to remote devices. With Cisco Stealthwatch Endpoint License, security professionals can conduct more efficient, context-rich investigations into user machines that exhibit suspicious behavior, accelerate incident response, and remediate policy violations quickly


• Gain visibility across all network conversations, including east-west and northsouth traffic, to detect both internal and external threats

• Conduct advanced security analytics and obtain in-depth context to detect a wide range of anomalous behaviors that may signify an attack

 • Accelerate and improve threat detection, incident response, and forensics across the entire network, including encrypted traffic

 • Enable deeper forensic investigations with audit histories of network activity

• Simplify network segmentation, performance monitoring, and capacity planning

• Ensure enterprise compliance by identifying the extent as well as the quality of encryption in the network

• Achieve greater visibility and anomaly detection with global and local traffic correlation

• Identify insider threats by obtaining contextual information from cloud services

Locuz and Cisco provides security everywhere you need it, Cisco Stealthwatch is the only solution that detects threats across your private network, public clouds, and even in encrypted traffic.

Mounika Raghavarapu

Comments (0)

Leave a Comment