Cisco Secure Network Analytics (formerly Stealthwatch)
Cisco Secure Network Analytics (formerly Stealthwatch)
Todays, there’s more types of devices than ever stretch farther than ever. So finding and stopping the latest threats is like looking for a needle in a haystack. Cisco Secure Network Analytics or Cisco StealthWatch can monitor itself for threats and analyze those billions of networked sessions to determine when something looks suspicious and generate prioritized alerts with context so you can respond to the most urgent threats first. Cisco Secure Network Analytics closely monitors the activity of every connected device and uses multiple analytical techniques like behavioral modeling and machine learning to establish a baseline of normal behavior. Then it finds anomalies and suspicious activities and correlates them to surface alerts that are further enriched by global threat intelligence from Cisco TALOS. By out in the context of user, time and place the most critical alerts are prioritized automatically. It all adds up to quickly finding threats you wouldn’t know to look for in places you couldn’t see. Empowers from the Cisco secure X platform built-in, added critical insights from the network and cloud to enhance investigation and response. Cisco Stealthwatch is agentless, so it can scale to any size network is easier to manage and more cost-effective to maintain. You can deploy it on premises or as a SaaS solution and if your network lives entirely or partially on public clouds it has that covered too.
Cisco Secure Network Analytics dramatically improves Real-time threat detection, Incident response and forensics, Network segmentation and Network performance and capacity planning.
Furthermore, by using the innovative and revolutionary
Encrypted Traffic Analytics (ETA) technology, help you to cover the dark corners in encrypted traffic without any decryption by using new types of data elements or telemetry that are independent of protocol details. This enhanced encrypted traffic telemetry is generated by the next-generation Cisco routers, switches, and wireless controllers, as well as the Secure Network Analytics Flow Sensor.
For Cisco Secure Network Analytics deployment in the network, three key components are required: Flow Rate License, Flow Collector and Manager.
The Secure Network Analytics Manager
The Secure Network Analytics Manager aggregates, organizes, and presents analysis from up to 25 Flow Collectors, Cisco Secure Network Access (formerly Cisco ISE), and other sources. It summarizes the network traffic, identity information, customized summary reports, and integrated security and network intelligence for comprehensive analysis into graphical interfaces.
Currently, Secure Network Analytics Manager 2210 (Part number: ST-SMC2210-K9) can be deployed as a physical solution with 1U form factor on UCSC-C220-M5SX platform.
Also, Secure Network Analytics Manager Virtual Edition can be configured as either SMC VE or SMC VE 2000 (Part number: L-ST-SMC-VE-K9) for private cloud deployment purposes.
Secure Network Analytics Flow Rate License
For the collection, management, and analysis of flow telemetry and aggregates flows at the Manager the Flow Rate License is required. The Flow Rate License also defines the volume of flows that may be collected and is licensed on the basis of flows per second (fps). Licenses may be combined in any permutation to achieve the desired level of flow capacity.
Secure Network Analytics Flow Collector
The Flow Collector leverages enterprise telemetry such as NetFlow, IPFIX (Internet Protocol Flow Information Export), and other types of flow data from existing infrastructure such as routers, switches, firewalls, endpoints, and other network infrastructure devices.
Customers can deploy Cisco Flow Collector using the following options:
Flow Collector 4210 is 1RU physical appliance (Part number: ST-FC4210-K9) which supports up to 65535 Interfaces, up to 4096 Exporters and up to 250,000-500,000 Flows per Second(fps).
Flow Collector 5210 is 1RU physical appliance (Part number: ST-FC5210-K9) which supports up to 65535 Interfaces, up to 4096 Exporters and up to 300,000 Flows per Second(fps).
Secure Network Analytics Flow Collector Virtual Edition can be configured as either FCVE-1000, FCVE-2000, or FCVE-4000—Part number: L-ST-FC-VE-K9.
Also customers can deploy the Cisco Flow Sensor and UDP Director as optional components.
Secure Network Analytics Flow Sensor
The Cisco Flow Sensor is an optional component and provides telemetry for segments of the switching and routing infrastructure that is not able to generate NetFlow natively. Plus, it enables visibility into the application layer data and additional security context to enhance the security analytics.
Customers can deploy Cisco Flow Collector using the following choices:
Cisco Flow Sensor 1210 is a 1U physical appliance (Part number: ST-FS1210-K9) which provides true Layer 7 application visibility by gathering application information and generates alarms with contextual intelligence.
Cisco Flow Sensor 3210 is a 1U physical appliance (Part number: ST-FS3210-K9) which provides true Layer 7 application visibility by gathering application information and generates alarms with contextual intelligence.
Cisco Flow Sensor 4210 is a 1U physical appliance (Part number: ST-FS4210-K9) which provides true Layer 7 application visibility by gathering application information and generates alarms with contextual intelligence.
Cisco Flow Sensor 4240 is a 1U physical appliance (Part number: ST-FS4240-K9) which provides true Layer 7 application visibility by gathering application information and generates alarms with contextual intelligence.
Secure Network Analytics Flow Sensor Virtual Edition (Part number: L-ST-FS-VE-K9) can be deployed on private cloud such as KVM and VMware.
Secure Network Analytics UDP Director
The UDP Director eases the collection and distribution of network and security data across the enterprise. It helps reduce the processing power on network routers and switches by receiving essential network and security information from multiple locations and then forwarding it to a single data stream to one or more destinations.
The Cisco UDP Director 2210 is a 1RU physical appliance (Part number: ST-UDP2210-K9) on Cisco UCSC-C220-M5SX which aggregates and provides a single standardized destination for NetFlow, sFlow, syslog, and Simple Network Management Protocol (SNMP) information.
The Cisco UDP Director Virtual Edition (Part number: L-ST-UDP-VE-K9) is a virtual solution for private cloud deployment.
Secure Network Analytics Data Store
The Data Store facilitates flow data storage and keeps all your network telemetry in one centralized location as opposed to having it spread across multiple Flow Collectors in a distributed model. This new centralized model offers greater storage capacity, flow rate ingestion, and increased resiliency versus the distributed model. Customers can deploy Data Store 6200 with ST-DS6200-K9 part number.
Secure Network Analytics SaaS (formerly Stealthwatch Cloud Private Network Monitoring)
Secure Network Analytics provides the ability to enable visibility and threat detection for the on-premises network, as a cloud-based SaaS solution. It is the robust solution for organizations that aim to better awareness and security in their on-premises environments while reducing capital expenditure and operational overhead.
Secure Cloud Analytics (formerly Stealthwatch Cloud Public Cloud Monitoring)
Secure Cloud Analytics provides visibility and threat detection in Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure infrastructures. It is a cloud-delivered, SaaS-based solution that can be deployed easily and quickly.
The solution can be deployed without software agents, instead relying on native sources of telemetry such as its Virtual Private Cloud (VPC) flow logs. Secure Cloud Analytics models all IP traffic generated by an organization’s resources and functions whether they are inside the VPC, between VPCs, or to external IP addresses. It integrates with additional Cloud Service Provider APIs like Cloud Trail, Cloud Watch, Config, Inspector, Identity and Access Management (IAM), Lambda, and many more.
Cisco StealthWatch PLR License
In recent versions, Cisco has introduced Cisco StealthWatch permanent license reservation feature which is suitable for highly secure environments where any inbound and outbound connections are restricted. These licenses can enable all the features on the SMC permanently.