Scalable Visibility and Security Analytics
Have You Been Compromised? How Would You Know?
You have already invested heavily in the IT infrastructure and security for your organization. Yet, attacks are getting through and hostile internal actors operate with impunity. Moreover, it takes months or even years to detect threats. This lack of threat visibility is a function of growing network complexity as well as constantly evolving attacks. And security teams, with their limited resources and disjointed tools, can only do so much. How do you know if your current security controls are working, managed, and configured properly? And how do you know these tools are doing the job that you need them to do?
Benefits of Cisco Secure Network Analytics
Know every host. See every conversation. Understand what is normal. Be alerted to change. Respond to threats quickly.
Continuously monitor and detect advanced threats that have either bypassed existing security controls or originate from within
Focus on critical incidents, not noise with contextual, high-fidelity alarms prioritized by threat severity
Respond quickly and effectively with complete knowledge of threat activity, network audit trails for forensic investigations, and integrations with existing security controls
Scale security with growing business needs whether you are adding a new branch or a data center, moving workloads to the cloud, or simply adding more devices
Ensure compliance with policy violation alarms that can be tuned to the business logic
Integrate security ecosystem with Secure to eliminate the complexity and make security simpler with a built-in security platform
The Solution: Network + Security
Network packet metadata can provide useful insights about who is connecting to the organization and what they are up to. Everything touches the network, so these insights can extend from the HQ to the branch, public cloud and private data centers, roaming users, and even Internet of Things (IoT). Analyzing this data can help detect threats that may have found a way to bypass your existing controls, before they are able to have a major impact. It can also detect questionable behavior undertaken by hostile insiders. And, importantly, properly functioning analytics can lessen the burden on your security team and provide them with more opportunity to concentrate on high probability threats. This approach to advanced threat detection is:
Gain Confidence in Your Security Effectiveness
Cisco Secure Network Analytics (formerly Stealthwatch) provides enterprise-wide visibility, from the private network to the public cloud to detect and respond to threats in real-time. It continuously analyzes network activities and creates a baseline of normal network behavior and then uses this baseline, along with advanced machine learning algorithms, to detect anomalies. However, not everything weird is malicious and Secure Network Analytics can quickly and with high confidence correlate anomalies to threats such as C&C attacks, ransomware, DDoS attacks, illicit crypto-mining, unknown malware, as well as insider threats. With a single, agentless solution, you get comprehensive threat monitoring across the data center, branch, endpoint and cloud, regardless of the presence of network encryption.
Contextual Network-Wide Visibility
Cisco Secure Network Analytics provides agentless enterprise-wide visibility, across on-premises, as well as in all public cloud environments. With knowledge of who is on the network and what they are doing, it also helps organizations to implement smarter segmentation customized to the business logic. And it provides actionable intelligence enriched with context such as user, device, location, time-stamp, application, etc.
Continuous Threat Analytics
Cisco Secure Network Analytics uses a pipeline of analytical techniques to detect advanced threats before they can turn into a breach. Using network behavior analysis, it can pinpoint anomalies, which are further analyzed using a combination of supervised and unsupervised machine learning for high-fidelity threat detection. This allows your security team to focus on the most critical threats.
Automated Detection and Response
The combination of this context-driven enterprise-wide visibility and the application of advanced analytical techniques helps organizations to detect threats like unknown or encrypted malware, insider threats, policy violations, anything that “hits the wire”.
Security teams can see alarms that are prioritized by threat severity, and have additional information to take actions easily. Cisco Secure Network Analytics also has the capability to store telemetry at scale, and provides network audit trails for forensic investigations into past events and for compliance monitoring.
Finally, it integrates with your existing security controls in order to respond to the threat, without any business shutdown. Cisco Secure Network Analytics also integrates with the Cisco SecureX platform to unify visibility, simplify threat response and enable automation across every threat vector and access point.
“[Cisco Secure Network Analytics] has helped us gain visibility into the internal traffic by 100% which has resulted in the identification of threats that were extremely difficult to detect previously.”
-IT Architect, Large Enterprise Industrial Manufacturing Company
Analyzing Encrypted Traffic for Improved Security
The rapid rise of encrypted traffic is changing the threat landscape. While encryption is great for data privacy and security, it has also become an opportunity for cyber criminals to conceal malware and evade detection. Today, more than 80% of all web traffic is encrypted. Cisco has introduced a revolutionary technology that is enabled by the next-generation Cisco network and Cisco Secure Network Analytics, to analyze encrypted traffic without any decryption. This allows organizations to 1) detect threats in encrypted traffic, and 2) perform cryptographic compliance to know how much of their digital business uses strong encryption and to audit for policy violations.