Cisco Stealthwatch Endpoint License with Cisco AnyConnect NVM

Size: px
Start display at page:

Download "Cisco Stealthwatch Endpoint License with Cisco AnyConnect NVM"

Transcription

1 Cisco Stealthwatch Endpoint License with Cisco AnyConnect NVM How to implement the Cisco Stealthwatch Endpoint License with the Cisco AnyConnect Network Visibility Module

2 Table of Contents About This Document... 3 Cisco Stealthwatch Overview... 4 Cisco AnyConnect Network Visibility Module Overview... 5 Cisco Stealthwatch Endpoint License Overview... 6 Designing the Stealthwatch Endpoint License Solution... 8 Deployment Model 1: Trusted Network... 8 Deployment Model 2: Full Tunnel VPN... 8 Sizing the Stealthwatch Endpoint License Solution... 9 Implementing the Stealthwatch Endpoint License Step 1: Deploy the Endpoint Concentrator Step 2: Ensure the Stealthwatch Deployment is at the latest patch level Step 3: Apply the Endpoint License on the SMC Step 4: Configure AnyConnect NVM to export the Endpoint Concentrator Step 5: Verify Collection of Endpoint Fields Working with Endpoint Data in Stealthwatch More Information Cisco Systems 2016 Page 2

3 About This Document This document is intended for network or security engineers who wish to enhance their Cisco Stealthwatch System deployment with endpoint data leveraging the Stealthwatch Endpoint License solution with the AnyConnect Network Visibility Module (NVM). This document will cover design, implementation and best practices in implementing the Cisco Stealthwatch Endpoint License with the Cisco AnyConnect NVM. Software Versions used in this Document: Cisco Stealthwatch Version Cisco AnyConnect with NVM version 4.2 and 4.3 Cisco Systems 2016 Page 3

4 Cisco Stealthwatch Overview Cisco Stealthwatch goes beyond conventional threat detection and harnesses the power of network telemetry such as NetFlow and Internet Protocol Flow Information Export (IPFIX). Facilitating visibility into all traffic flows across the campus, branch and data center Stealthwatch provides advanced network visibility and analytics to help to uncover attacks that bypass the perimeter and infiltrate the network interior. The many things Stealthwatch can help with include: Real-time threat detection Incident response and forensics Network segmentation Network performance and capacity planning Regulatory compliance For more information about the Cisco Stealthwatch System please visit: Cisco Systems 2016 Page 4

5 Cisco AnyConnect Network Visibility Module Overview The Network Visibility Module was introduced with the release of AnyConnect 4.2, and is intended to help solve the loss of network visibility issue. As users gain the ability to do their work anywhere outside of the office, administrators find it harder and harder to plan for capacity and service, and to provide auditing, and ensure compliance. This new model of work can cause blind spots for the administrator as security implementations become more complex and difficult. AnyConnect with NVM is the solution to overcome these blind spots and provides even more visibility including application visibility. NVM is essentially NetFlow for the endpoint and under the hood is the new Cisco nvzflow protocol which is an add-on to the IPFIX protocol which itself is based on Cisco NetFlow version 9. Cisco nvzflow allows NVM to give the administrator information based on the following 5 key visibility categories; User Device Application Destination Location NVM is available on both Mac OS X and Windows and can be provisioned by the ASA or ISE just like any other AnyConnect module. NVM has its own XML profile which instructs AnyConnect at a minimum where to collect the data and the IPFIX Collector to export the data to. The new NVM profile works in conjunction with the core VPN module to take advantage of AnyConnect Trusted Network Detection capabilities. For more information about AnyConnect and the NVM module please visit: Cisco Systems 2016 Page 5

6 Cisco Stealthwatch Endpoint License Overview The Cisco Stealthwatch Endpoint License solution enhances the network visibility provided by the Cisco Stealthwatch System with endpoint data provided by the Cisco AnyConnect Network Visibility Module. The below figure provides a high level overview of the Stealthwatch Endpoint License solution and its components. AnyConnect with NVM: The Cisco AnyConnect NVM installed on network attached endpoints sending nvzflow records to the Stealthwatch Endpoint Concentrator Stealthwatch Endpoint Concentrator: A purpose built appliance that will receive nvzflow records from multiple endpoints and forward endpoint flow records to the Stealthwatch Flow Collector. The Stealthwatch Endpoint Concentrator will appear as a single exporter to the Stealthwatch System and is a required component of the Endpoint License. Stealthwatch Flow Collector: Serves as a central collector for flow data generated by NetFlowenabled devices. The Stealthwatch Flow Collector monitors, categorizes, and analyzes network traffic to create comprehensive security intelligence at both the network and host level. Stealthwatch Management Console: Manages, coordinates, and configures all Stealthwatch appliances to correlate security and network intelligence across the enterprise. The Stealthwatch Endpoint License solution enables the Flow Collector to extract endpoint specific fields from the flow records forwarded to it by the Endpoint Concentrator and through its process of stitching and de-duplication insert the endpoint fields into the conversational flow record maintained in the database. In the initial release the following fields will be attributed to flows where the host with the AnyConnect NVM is the initiator of the flow: Process name Process hash Process account Cisco Systems 2016 Page 6

7 Parent process name Parent process hash Note: It is important to note that in the initial release of the Stealthwatch Endpoint License it is necessary that the Stealthwatch Flow Collector receive corresponding flow records a network device. Cisco Systems 2016 Page 7

8 Designing the Stealthwatch Endpoint License Solution The initial release of the Stealthwatch Endpoint Solution will facilitate the attribution of endpoint data to network flow data in two deployment models: Trusted network and Full Tunnel VPN. In both these models the Stealthwatch Flow Collector receiving the endpoint data from the Endpoint Concentrator will need to have an entry in its database for the flow, created from NetFlow or IPFIX records received from another network device. Deployment Model 1: Trusted Network In this first deployment scenario the Stealthwatch Endpoint License solution relies on the Trusted Network Detection (TND) feature of Cisco AnyConnect. When the Cisco AnyConnect NVM detects that it is on a Trusted Network the Cisco AnyConnect NVM will begin to send nvzflow records for flows that are initiated by the endpoint to the Endpoint Concentrator. If the Stealthwatch Flow Collector has an entry in its database for a corresponding flow record the endpoint specific fields will be stitched into the conversational flow record in the Flow Collector database. This process is illustrated in the below figure. Deployment Model 2: Full Tunnel VPN In this deployment scenario when a full tunnel VPN is created and the Cisco AnyConnect NVM detects that it is on a Trusted Network it will begin exporting nvzflow records for flows that are initiated by the endpoint to the Endpoint Concentrator. The Cisco ASA, which is acting as the full tunnel VPN gateway, has NSEL export configured for all traffic traversing the ASA and as such will Cisco Systems 2016 Page 8

9 export an NSEL record to the Stealthwatch Flow Collector for all flows initiated or terminated by the endpoint. If the Stealthwatch Flow Collector has an entry in its database for a corresponding flow record the endpoint specific fields will be stitched into the conversational flow record in the Flow Collector database. This process is illustrated in the below figure. Sizing the Stealthwatch Endpoint License Solution Similar to the AnyConnect APEX license the Stealthwatch Endpoint License solution is licensed on the number of AnyConnect Users. While the flow records forwarded from the Endpoint Concentrator to the Flow Collector will not count against the overall Flows Per Second (FPS) system license, the Flow Collector does still need to process the flow records and the rate of flow records exported must be taken into consideration. A good rule of thumb in sizing the solution and gauging the impact on the Flow Collector is to assume two devices per user at an average of 1.5 FPS per device, totaling 3 FPS per user. The below Endpoint Concentrator VE specifications are useful in determining the number of Endpoint Concentrators in a solution. DESCRIPTION Memory vcpu Max Users Max Endpoints Max Flows Per Second Output Endpoint Concentrator VE 8GB 2 8,888 13,333 20,000 Cisco Systems 2016 Page 9

10 Implementing the Stealthwatch Endpoint License The Cisco Stealthwatch Endpoint License solution enhances the network visibility provided by the Cisco Stealthwatch System with endpoint data provided by the Cisco AnyConnect Network Visibility Module. This section assumes that there is already an operational Stealthwatch deployment in place fulfilling the network sourced NetFlow requirements in at least one of the two above deployment models. This section will walk through the solution implementation to enhance the existing deployment with endpoint data from the Anyconnect NVM module. Step 1: Deploy the Endpoint Concentrator The first step in implementing the Stealthwatch Endpoint License solution is to deploy the Stealthwatch Endpoint Concentrator. Please refer to the Stealthwatch Endpoint Concentrator Virtual Edition Installation and Configuration Guide in the Stealthwatch Documentation Library to ensure correct deployment of the Virtual Machine. Once the Virtual Machine is deployed, the appliance setup wizard completed and the device license applied configure the listening port that the Endpoint Concentrator will be receiving IPFIX records from NVM enabled endpoints and configure the Flow Collector and port that the Endpoint Concentrator will be forwarding IPFIX data to. Best Practice: Use a different listening port on the Endpoint Concentrator than on the Flow Collector. This is to assist in the management of any UDP Director rules if a UDP Director is present in the Stealthwatch Deployment. Step 2: Ensure the Stealthwatch Deployment is at the latest patch level Before proceeding it is important that the Stealthwatch deployment (including the Endpoint Concentrator, Flow Collector and SMC appliances) be updated to the latest patch level. Rollup patches can be accessed in the Stealthwatch Download and License Center under each individual appliance. The figure below shows an example of the v6.8 Updates for the FlowCollector NetFlow Series: Step 3: Apply the Endpoint License on the SMC Log in to the SMC Java client and click Help > License Management to launch the License Manager window. Ensure that the EndpointLicenseAgents feature is present in the deployment. If not click Activate License to add it to the deployment. Cisco Systems 2016 Page 10

11 Step 4: Configure AnyConnect NVM to export the Endpoint Concentrator Now that the Endpoint Concentrator is deployed and the Endpoint License applied in the SMC the Stealthwatch system is ready to receive and process records from NVM agents. The next step is to deploy the AnyConnect NVM module onto the endpoints to begin sending nvzflow Records to the Stealthwatch Endpoint Concentrator. Refer to the How to Implement the AnyConnect Network Visibility Module Implementation Guide available in the Cisco Security Community for best practices on the implementation of the AnyConnect Network Visibility module. Important: Use the IP Address and port of the Endpoint Concentrator configured in Step 1 as the destination when configuring the NVM module. Do not use the IP Address and port of the Flow Collector. The Flow Collector will not process the IPFIX records directly from the endpoint. Step 5: Verify Collection of Endpoint Fields At this point the Stealthwatch Flow Collector should be receiving NetFlow or IPFIX records from network devices and the Endpoint Concentrator receiving nvzflow records from hosts with the NVM module configured and forwarding IPFIX records to the Flow Collector. The last step in the implementation is to ensure that endpoint fields are being collected. First open the SMC Java Client and verify that the Endpoint Concentrator appears as an Exporter in the Enterprise Tree. If the IP Addresses of any endpoints are showing up in the Enterprise Tree return to Step 3 and ensure that the Endpoint Concentrator is configured as the destination IP Address in the NVM configuration. The next step is to view endpoint data in the SMC. Log into the SMC Web interface and click Analyze > Flow Query. In the Flow Query window build a advanced flow query for an NVM-enabled host that is known to be connected. Click Review Query and in the next screen click Run. At this point there are two different ways to view the endpoint data: 1. Using the tabular view of the Flow Query Results. a. In the Flow Query Results widget, click the icon to switch to Tabular View. b. In the Actions widget click Manage Columns Cisco Systems 2016 Page 11

12 c. Under Search Subject select Parent File Hash, Parent File Name, Process Account, Process Name and click Set. d. Endpoint fields should now be visible for flows where the search subject was the client in the Flow Query Results. Cisco Systems 2016 Page 12

13 2. Endpoint fields can also be viewed in the Details area of the Conversational View of the Flow Query Results a. Click the icon to return to the Conversational view. b. Click the ellipse next to an IP Address in the Flow Query Results and click View Details. c. Endpoint fields can be viewed in the Detailed Summary for the flow. Cisco Systems 2016 Page 13

14 Cisco Systems 2016 Page 14

15 Working with Endpoint Data in Stealthwatch In the initial release of the Stealthwatch Endpoint Solution it is also possible to execute a flow query using the endpoint data. In the previous section a process of searching on other attributes of a flow was described facilitating the attribution of a flow and behavior to a process - this section will describe a process in which an analyst is able to use endpoint data to identify flows and hosts using known process identifiers. Step 1 Step 2 Log into the SMC Web Interface and click Analyze > Flow Query In the Flow Query window click the Advanced tab and build a flow query leveraging endpoint data. For example search for all flows initiated by firefox.exe; alternatively a search could be performed using the file hash values. This search will search both the process and parent process fields. Click Review Query and in the next screen click Run. Step 3 View the results to locate all flows and hosts using the process in question. Cisco Systems 2016 Page 15

16 More Information For more Information on the Cisco Stealthwatch System and please visit: Cisco.com: Cisco Security Communities: Cisco Systems 2016 Page 16

Contents. Introduction

Contents. Introduction Contents Introduction Prerequisites Requirements Components Used Background Information Cisco Anyconnect Secure Mobility Client Internet Protocol Flow Information Export (IPFIX) IPFIX Collector Splunk

More information

Cisco Stealthwatch Endpoint License

Cisco Stealthwatch Endpoint License Data Sheet Cisco Stealthwatch Endpoint License With the Cisco Stealthwatch Endpoint License you can conduct in-depth, context-rich investigations into endpoints that exhibit suspicious behavior. In our

More information

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics Solution Overview Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics BENEFITS Gain visibility across all network conversations, including east-west and north-south

More information

Subscriber Data Correlation

Subscriber Data Correlation Subscriber Data Correlation Application of Cisco Stealthwatch to Service Provider mobility environment Introduction With the prevalence of smart mobile devices and the increase of application usage, Service

More information

Stealthwatch ülevaade + demo ja kasutusvõimalused. Leo Lähteenmäki

Stealthwatch ülevaade + demo ja kasutusvõimalused. Leo Lähteenmäki Stealthwatch ülevaade + demo ja kasutusvõimalused Leo Lähteenmäki 09:00-9:30 Hommikukohv ja registreerimine 09:30 11:15 Stealthwatch ülevaade + demo ja kasutusvõimalused 11:00 11:15 Kohvipaus 11:15 12:00

More information

Monitoring and Threat Detection

Monitoring and Threat Detection Monitoring and Threat Detection with Netflow Michael Belan Consulting Systems Engineer Cisco GSSO January 2017 AGENDA What is SW? Where does it fit in overall Cisco Security framework? What is SW? What

More information

Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0

Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0 Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Comments and errata should be directed to: cyber- tm@cisco.com Introduction One of the most common network

More information

Cisco dan Hotel Crowne Plaza Beograd, Srbija.

Cisco dan Hotel Crowne Plaza Beograd, Srbija. Cisco dan 31. 3. 2016. Hotel Crowne Plaza Beograd, Srbija www.ciscoday.com Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting

More information

Cisco Day Hotel Mons Wednesday

Cisco Day Hotel Mons Wednesday Cisco Day 2016 20.4.2016 Hotel Mons Wednesday Three Friends in Security : Identity, Visibility and Enforcement Stop the bad guys immediately György Ács IT Security Consulting Systems Engineer 20 April

More information

Compare Security Analytics Solutions

Compare Security Analytics Solutions Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch

More information

UDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)

UDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0) UDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0) Installation and Configuration Guide: UDP Director VE v6.9.0 2016 Cisco Systems, Inc. All rights reserved.

More information

Cisco Secure Access Control

Cisco Secure Access Control Cisco Secure Access Control Delivering Deeper Visibility, Centralized Control, and Superior Protection Martin Briand - Security Escalation VSE Global Virtual Engineering Oriol Madriles Soriano Security

More information

Yes, You can protect your endpoints! Szilard Csordas, Security Consultant scsordas [at] cisco.com

Yes, You can protect your endpoints! Szilard Csordas, Security Consultant scsordas [at] cisco.com Yes, You can protect your endpoints! Szilard Csordas, Security Consultant scsordas [at] cisco.com Endpoint Footprint Problem: TOO MANY AGENTS! Anti-Virus/Anti-Spyware agent IPSec/SSLVPN agent Host IPS/FW

More information

Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0

Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0 Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Introduction One of the earliest indicators of an impending network attack is the presence of network reconnaissance.

More information

Enhanced Threat Detection, Investigation, and Response

Enhanced Threat Detection, Investigation, and Response Enhanced Threat Detection, Investigation, and Response What s new in Cisco Stealthwatch Enterprise Release 6.10.2 Cisco Stealthwatch Enterprise is a comprehensive visibility and security analytics solution

More information

Stealthwatch Flow Sensor Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)

Stealthwatch Flow Sensor Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0) Stealthwatch Flow Sensor Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0) Installation and Configuration Guide: Flow Sensor VE v6.9.0 2017 Cisco Systems, Inc. All rights

More information

Cisco Cyber Threat Defense Solution 1.0

Cisco Cyber Threat Defense Solution 1.0 Cisco Cyber Threat Defense Solution 1.0 Contents 1. Introduction to the Cisco Cyber Threat Defense Solution 1.0 2. Technical overview of the Cisco Cyber Threat Defense Solution 1.0 3. Using the Cisco Cyber

More information

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Cisco Cloud Security. How to Protect Business to Support Digital Transformation Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,

More information

Cisco Network Admission Control (NAC) Solution

Cisco Network Admission Control (NAC) Solution Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,

More information

Cisco Stealthwatch. Installation and Configuration Guide 7.0

Cisco Stealthwatch. Installation and Configuration Guide 7.0 Cisco Stealthwatch Installation and Configuration Guide 7.0 Table of Contents Introduction 7 Overview 7 Virtual Edition (VE) 7 Hardware 7 Audience 7 New Process 7 Terminology 8 Abbreviations 8 Before You

More information

Always-on Endpoint Remote Access and Protection with Cisco AnyConnect

Always-on Endpoint Remote Access and Protection with Cisco AnyConnect Always-on Endpoint Remote Access and Protection with Cisco AnyConnect Dan Stotts, Security Product Marketing Manager PSOSEC-1900 Agenda Introduction Works Everywhere Expanded Visibility User Experience

More information

Stealthwatch System Version 6.10.x to Update Guide

Stealthwatch System Version 6.10.x to Update Guide Stealthwatch System Version 6.10.x to 6.10.5 Update Guide Use this guide to update the following Stealthwatch appliances from v6.10.x to v6.10.5: UDP Director (also known as FlowReplicator) Endpoint Concentrator

More information

STEALTHWATCH SYSTEM VERSION RELEASE NOTES

STEALTHWATCH SYSTEM VERSION RELEASE NOTES STEALTHWATCH SYSTEM VERSION 6.9.1 RELEASE NOTES This document provides the following information: What's New Fixes for issues reported by customers including previous releases o Version 6.9.1 o Version

More information

Stealthwatch System Version Update Guide

Stealthwatch System Version Update Guide Stealthwatch System Version 6.9.5 Update Guide Use this guide to update the following Stealthwatch appliances from v6.8.x to v6.9.5: UDP Director (also known as FlowReplicator ) Endpoint Concentrator Stealthwatch

More information

UDP Director Virtual Edition

UDP Director Virtual Edition UDP Director Virtual Edition (also known as FlowReplicator VE) Installation and Configuration Guide (for StealthWatch System v6.7.0) Installation and Configuration Guide: UDP Director VE v6.7.0 2015 Lancope,

More information

Stonesoft Management Center. Release Notes Revision A

Stonesoft Management Center. Release Notes Revision A Stonesoft Management Center Release Notes 5.10.2 Revision A Table of contents 1 About this release...3 System requirements... 3 Build version...4 Compatibility... 5 2 New features...6 3 Enhancements...

More information

Cisco Stealthwatch. Installation and Configuration Guide 7.0

Cisco Stealthwatch. Installation and Configuration Guide 7.0 Cisco Stealthwatch Installation and Configuration Guide 7.0 Table of Contents Introduction 7 Overview 7 Virtual Edition (VE) 7 Hardware 7 Audience 7 New Process 7 Terminology 8 Abbreviations 8 Before You

More information

ForeScout CounterACT. Configuration Guide. Version 1.2

ForeScout CounterACT. Configuration Guide. Version 1.2 ForeScout CounterACT Core Extensions Module: NetFlow Plugin Version 1.2 Table of Contents About NetFlow Integration... 3 How it Works... 3 Supported NetFlow Versions... 3 What to Do... 3 Requirements...

More information

AppDefense Cb Defense Configuration Guide. AppDefense Appendix Cb Defense Integration Configuration Guide

AppDefense Cb Defense Configuration Guide. AppDefense Appendix Cb Defense Integration Configuration Guide AppDefense Appendix Cb Defense Integration Configuration Guide Table of Contents Overview 3 Requirements 3 Provision API Key for Cb Defense Integration 3 Figure 1 Integration Type 4 Figure 2 API Key Provisioning

More information

Cisco ASA Software Release 8.2

Cisco ASA Software Release 8.2 Cisco ASA Software Release 8.2 Q. When will the Cisco ASA Software Release 8.2 be available? A. Cisco ASA Software Release 8.2 has a targeted release date of April 13, 2009. Q. How do I obtain Cisco ASA

More information

Cisco AnyConnect. Ordering Guide. June For further information, questions, and comments, please contact

Cisco AnyConnect. Ordering Guide. June For further information, questions, and comments, please contact Ordering Guide Cisco AnyConnect Ordering Guide June 2016 For further information, questions, and comments, please contact anyconnect-pricing@cisco.com. 2016 Cisco and/or its affiliates. All rights reserved.

More information

Cisco ISR G2 Management Overview

Cisco ISR G2 Management Overview Cisco ISR G2 Management Overview Introduction The new Cisco Integrated Services Routers Generation 2 (ISR G2) Family of routers delivers the borderless network that can transform the branch office and

More information

Stonesoft Management Center. Release Notes Revision A

Stonesoft Management Center. Release Notes Revision A Stonesoft Management Center Release Notes 5.10.5 Revision A Table of contents 1 About this release...3 System requirements... 3 Build version...4 Compatibility... 5 2 New features...6 3 Enhancements...

More information

Stealthwatch Flow Sensor Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.10.1)

Stealthwatch Flow Sensor Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.10.1) Stealthwatch Flow Sensor Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.10.1) Copyrights and Trademarks 2018 Cisco Systems, Inc. All rights reserved. NOTICE THE SPECIFICATIONS

More information

Cisco Stealthwatch. Update Guide 7.0

Cisco Stealthwatch. Update Guide 7.0 Cisco Stealthwatch Update Guide 7.0 Table of Contents Introduction 5 Overview 5 Audience 5 Terminology 5 New Update Process 6 Before You Begin 7 Software Version 7 Java 7 TLS 7 Default Credentials 8 Third

More information

IMC Network Traffic Analyzer 7.3 (E0504) Copyright 2015, 2017 Hewlett Packard Enterprise Development LP

IMC Network Traffic Analyzer 7.3 (E0504) Copyright 2015, 2017 Hewlett Packard Enterprise Development LP Network Traffic Analyzer 7.3 (E0504) Copyright 2015, 2017 Hewlett Packard Enterprise Development LP Table of Contents 1. What's New in this Release 2. Problems Fixed in this Release 3. Software Distribution

More information

Symantec Network Access Control Starter Edition

Symantec Network Access Control Starter Edition Symantec Network Access Control Starter Edition Simplified endpoint compliance Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access

More information

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to

More information

Seceon s Open Threat Management software

Seceon s Open Threat Management software Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real

More information

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric

More information

Cisco Encrypted Traffic Analytics Security Performance Validation

Cisco Encrypted Traffic Analytics Security Performance Validation Cisco Encrypted Traffic Analytics Security Performance Validation March 2018 DR180222D Miercom.com www.miercom.com Contents 1.0 Executive Summary... 3 2.0 About the Product Tested... 5 3.0 How We Did It...

More information

SOLUTION BRIEF RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD

SOLUTION BRIEF RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD THE CLOUD MAKES THREAT HUNTING HARDER The explosion in cloud workloads is driving real, substantial business value.

More information

The following describes an example Learning Network License deployment and example use cases.

The following describes an example Learning Network License deployment and example use cases. The following describes an example Learning Network License deployment and example use cases. Example Deployment, page 2 Example Learning Network License Deployment, page 3 Example Deployment Use Cases,

More information

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist April 2018 New

More information

AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment

AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment BRKPAR-2488 AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment Edy Almer How to Secure and Automate Your Heterogeneous Cisco Environment Yogesh Kaushik, Senior Director Cisco Doug

More information

Stealthwatch Management Console VE and Flow Collector VE Installation and Configuration Guide (for Stealthwatch System v6.10.1)

Stealthwatch Management Console VE and Flow Collector VE Installation and Configuration Guide (for Stealthwatch System v6.10.1) Stealthwatch Management Console VE and Flow Collector VE Installation and Configuration Guide (for Stealthwatch System v6.10.1) Copyrights and Trademarks 2018 Cisco Systems, Inc. All rights reserved. NOTICE

More information

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement Simplified endpoint enforcement Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access Control functionality that can be completely

More information

Rethinking Security: The Need For A Security Delivery Platform

Rethinking Security: The Need For A Security Delivery Platform Rethinking Security: The Need For A Security Delivery Platform Cybercrime In Asia: A Changing Environment & Shifting Focus Asia, more vulnerable to cybercrime because of diversity and breadth of countries

More information

SteelCentral NPM. NetProfiler, NetShark, Flow Gateway & Packet Analyzer. December 2015

SteelCentral NPM. NetProfiler, NetShark, Flow Gateway & Packet Analyzer. December 2015 SteelCentral NPM NetProfiler, NetShark, Flow Gateway & Packet Analyzer December 2015 IT Ops Network Ops App Ops DevOps LOB Unified Performance Visibility Single Performance Management Interface Real-Time,

More information

CounterACT NetFlow Plugin

CounterACT NetFlow Plugin Version 1.1.0 and Above Table of Contents About NetFlow Integration... 3 How it Works... 3 Supported NetFlow Versions... 3 What to Do... 3 Requirements... 4 CounterACT Requirements... 4 Networking Requirements...

More information

Symantec Network Access Control Starter Edition

Symantec Network Access Control Starter Edition Simplified endpoint compliance Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access Control functionality that can be completely

More information

Cisco Identity Services Engine

Cisco Identity Services Engine 164 CISCO Cisco Identity Services Engine Configuration overview The Cisco Identity Services Engine (ISE) DSM for QRadar accepts syslog events from Cisco ISE appliances with log sources configured to use

More information

Hidden Figures: Securing what you cannot see

Hidden Figures: Securing what you cannot see Hidden Figures: Securing what you cannot see TK Keanini, Distinguished Engineer Stealthwatch, Advanced Threat Solutions CID-0006 Hello My Name is TK Keanini Keanini (Pronounced Kay-Ah-Nee-Nee) TK: The

More information

PANORAMA. Figure 1: Panorama deployment

PANORAMA. Figure 1: Panorama deployment PANORAMA Security deployments are complex and can overload IT teams with complex security rules and mountains of data from multiple sources. Panorama network security management empowers you with easy-to-implement,

More information

NGFW Security Management Center

NGFW Security Management Center NGFW Security Management Center Release Notes 6.4.3 Revision A Contents About this release on page 2 System requirements on page 2 Build version on page 3 Compatibility on page 4 New features on page 5

More information

Downloading and Licensing. (for Stealthwatch System v6.9.1)

Downloading and Licensing. (for Stealthwatch System v6.9.1) Downloading and Licensing (for Stealthwatch System v6.9.1) Contents Contents 2 Introduction 5 Purpose 5 Audience 5 Preparation 5 Trial Licenses 5 Download and License Center 6 Contacting Support 6 Registering

More information

Symantec Network Access Control Starter Edition

Symantec Network Access Control Starter Edition Simplified endpoint compliance Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access Control functionality that can be completely

More information

New Features and Functionality

New Features and Functionality This section describes the new and updated features and functionality included in Version 6.2.1. Note that only the Firepower 2100 series devices support Version 6.2.1, so new features deployed to devices

More information

Simplify Technology Deployments

Simplify Technology Deployments Cisco Security Enterprise License Agreement: Simplify Technology Deployments The need for Pervasive Security Coverage Security measures can t be limited to certain areas of your business. Mobility has

More information

Features and Functionality

Features and Functionality Features and functionality introduced in previous versions may be superseded by new features and functionality in later versions. New or Changed Functionality in Version 6.2.2.x, page 1 Features Introduced

More information

Gigamon Metadata Application for IBM QRadar Deployment Guide

Gigamon Metadata Application for IBM QRadar Deployment Guide Gigamon Metadata Application for IBM QRadar Deployment Guide COPYRIGHT Copyright 2018 Gigamon. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a

More information

NGFW Security Management Center

NGFW Security Management Center NGFW Security Management Center Release Notes 6.5.3 Revision A Contents About this release on page 2 System requirements on page 2 Build number and checksums on page 4 Compatibility on page 5 New features

More information

PANORAMA. Key Security Features

PANORAMA. Key Security Features PANORAMA Security deployments are complex and can overload IT teams with complex security rules and mountains of data from multiple sources. Panorama network security management empowers you with easy-to-implement,

More information

Identity Based Network Access

Identity Based Network Access Identity Based Network Access Identity Based Network Access - Agenda What are my issues Cisco ISE Power training What have I achieved What do I want to do What are the issues? Guest Student Staff Contractor

More information

Comodo Dome Shield - Admin Guide

Comodo Dome Shield - Admin Guide rat Comodo Dome Shield Software Version 1.12 Administrator Guide Guide Version 1.12.111717 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1 Introduction to Comodo Dome

More information

Securing Containers Using a PNSC and a Cisco VSG

Securing Containers Using a PNSC and a Cisco VSG Securing Containers Using a PNSC and a Cisco VSG This chapter contains the following sections: About Prime Network Service Controllers, page 1 Integrating a VSG into an Application Container, page 4 About

More information

Hollins University VPN

Hollins University VPN Hollins University VPN Hollins is now using Palo Alto for its network security and VPN gateway. You will need to install the new VPN client called GlobalProtect to gain access to the Hollins network remotely.

More information

Securing Containers Using a PNSC and a Cisco VSG

Securing Containers Using a PNSC and a Cisco VSG Securing Containers Using a PNSC and a Cisco VSG This chapter contains the following sections: About Prime Network Service Controllers, page 1 Integrating a VSG into an Application Container, page 3 About

More information

Juniper Sky Advanced Threat Prevention

Juniper Sky Advanced Threat Prevention Juniper Sky Advanced Threat Prevention The evolution of malware threat mitigation Nguyễn Tiến Đức ntduc@juniper.net 1 Most network security strategies focus on security at the perimeter only outside in.

More information

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more

More information

Stealthwatch and Cognitive Analytics Configuration Guide (for Stealthwatch System v6.10.x)

Stealthwatch and Cognitive Analytics Configuration Guide (for Stealthwatch System v6.10.x) Stealthwatch and Cognitive Analytics Configuration Guide (for Stealthwatch System v6.10.x) Copyrights and Trademarks 2018 Cisco Systems, Inc. All rights reserved. NOTICE THE SPECIFICATIONS AND INFORMATION

More information

Software-Defined Secure Networks. Sergei Gotchev April 2016

Software-Defined Secure Networks. Sergei Gotchev April 2016 Software-Defined Secure Networks Sergei Gotchev April 2016 Security Trends Today Network security landscape has changed. CISOs Treading Water Pouring money into security, yet not any more secure - Average

More information

Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions

Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions Data Sheet Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions Security Operations Challenges Businesses are facing daunting new challenges in security

More information

IMC Network Traffic Analyzer 7.2 (E0401P04) Copyright 2016 Hewlett Packard Enterprise Development LP

IMC Network Traffic Analyzer 7.2 (E0401P04) Copyright 2016 Hewlett Packard Enterprise Development LP Network Traffic Analyzer 7.2 (E0401P04) Copyright 2016 Hewlett Packard Enterprise Development LP Table of Contents 1. What's New in this Release 2. Problems Fixed in this Release 3. Software Distribution

More information

Get Started with Cisco DNA Center

Get Started with Cisco DNA Center About Cisco DNA Center, on page 1 Log In, on page 1 Log In for the First Time as a Network Administrator, on page 2 Default Home Page, on page 3 Use Global Search, on page 5 Where to Start, on page 6 About

More information

Cisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1

Cisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1 Cisco ISE Overview, page 2 Key Functions, page 2 Identity-Based Network Access, page 2 Support for Multiple Deployment Scenarios, page 3 Support for UCS Hardware, page 3 Basic User Authentication and Authorization,

More information

Symantec Advanced Threat Protection: Endpoint

Symantec Advanced Threat Protection: Endpoint Symantec Advanced Threat Protection: Endpoint Data Sheet: Advanced Threat Protection The Problem Virtually all of today's advanced persistent threats leverage endpoint systems in order to infiltrate their

More information

Using Lancope StealthWatch for Information Security Monitoring

Using Lancope StealthWatch for Information Security Monitoring Cisco IT Case Study February 2014 How CSIRT uses StealthWatch Using Lancope StealthWatch for Information Security Monitoring How the Cisco Computer Security Incident Response Team (CSIRT) uses Lancope

More information

SYMANTEC DATA CENTER SECURITY

SYMANTEC DATA CENTER SECURITY SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information

More information

Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC)

Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC) Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC) COURSE OVERVIEW: Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent

More information

Threat Defense with Full NetFlow

Threat Defense with Full NetFlow White Paper Network as a Security Sensor Threat Defense with Full NetFlow Network Security and Netflow Historically IT organizations focused heavily on perimeter network security to protect their networks

More information

CISCO EXAM QUESTIONS & ANSWERS

CISCO EXAM QUESTIONS & ANSWERS CISCO 650-377 EXAM QUESTIONS & ANSWERS Number: 650-377 Passing Score: 800 Time Limit: 120 min File Version: 45.5 http://www.gratisexam.com/ CISCO 650-377 EXAM QUESTIONS & ANSWERS Exam Name: ABNAME Advanced

More information

CIH

CIH mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer

More information

securing your network perimeter with SIEM

securing your network perimeter with SIEM The basics of auditing and securing your network perimeter with SIEM Introduction To thwart network attacks, you first need to be on top of critical security events occurring in your network. While monitoring

More information

IBM Internet Security Systems Proventia Management SiteProtector

IBM Internet Security Systems Proventia Management SiteProtector Supporting compliance and mitigating risk through centralized management of enterprise security devices IBM Internet Security Systems Proventia Management SiteProtector Highlights Reduces the costs and

More information

Cisco Network Visibility Flow Protocol Specification

Cisco Network Visibility Flow Protocol Specification Cisco Network Visibility low Protocol Specification This document contains the protocol specification for the Cisco Network Visibility low (nvzlow for short). This document is property of Cisco Systems,

More information

Stealthwatch System Hardware Installation Guide. (for Stealthwatch System v6.9.1)

Stealthwatch System Hardware Installation Guide. (for Stealthwatch System v6.9.1) Stealthwatch System Hardware Installation Guide (for Stealthwatch System v6.9.1) CONTENTS Introduction 5 Overview 5 Audience 5 How to Use This Guide 5 Common Abbreviations 6 Pre-Configuration Considerations

More information

Traditional Security Solutions Have Reached Their Limit

Traditional Security Solutions Have Reached Their Limit Traditional Security Solutions Have Reached Their Limit CHALLENGE #1 They are reactive They force you to deal only with symptoms, rather than root causes. CHALLENGE #2 256 DAYS TO IDENTIFY A BREACH TRADITIONAL

More information

Wireless and Network Security Integration Solution Overview

Wireless and Network Security Integration Solution Overview Wireless and Network Security Integration Solution Overview Solution Overview Introduction Enterprise businesses are being transformed to meet the evolving challenges of today's global business economy.

More information

Scrutinizer Flow Analytics

Scrutinizer Flow Analytics Scrutinizer Flow Analytics TM Scrutinizer Flow Analytics Scrutinizer Flow Analytics is an expert system that highlights characteristics about the network. It uses flow data across dozens or several hundred

More information

Comodo Dome Shield - Admin Guide

Comodo Dome Shield - Admin Guide rat Comodo Dome Shield Software Version 1.16 Administrator Guide Guide Version 1.16.062718 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1 Introduction to Comodo Dome

More information

SQL Server Solutions GETTING STARTED WITH. SQL Secure

SQL Server Solutions GETTING STARTED WITH. SQL Secure SQL Server Solutions GETTING STARTED WITH SQL Secure Purpose of this document This document is intended to be a helpful guide to installing, using, and getting the most value from the Idera SQL Secure

More information

Cisco NAC Network Module for Integrated Services Routers

Cisco NAC Network Module for Integrated Services Routers Cisco NAC Network Module for Integrated Services Routers The Cisco NAC Network Module for Integrated Services Routers (NME-NAC-K9) brings the feature-rich Cisco NAC Appliance Server capabilities to Cisco

More information

Cisco Stealthwatch. Proxy Log Configuration Guide 7.0

Cisco Stealthwatch. Proxy Log Configuration Guide 7.0 Cisco Stealthwatch Proxy Log Configuration Guide 7.0 Table of Contents Introduction 3 Overview 3 Important Configuration Guidelines 3 Contacting Support 3 Configuring the Blue Coat Proxy Logs 5 Creating

More information

SIEM Product Comparison

SIEM Product Comparison SIEM Product Comparison SIEM Technology Space SIEM market analysis of the last 3 years suggest: Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013) Only products with technology

More information

Exam Questions Demo Cisco. Exam Questions

Exam Questions Demo   Cisco. Exam Questions Cisco Exam Questions 300-208 SISAS Implementing Cisco Secure Access Solutions (SISAS) Version:Demo 1. Which functionality does the Cisco ISE self-provisioning flow provide? A. It provides support for native

More information

SIEM Solutions from McAfee

SIEM Solutions from McAfee SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an

More information

Cisco Tetration Analytics

Cisco Tetration Analytics Cisco Tetration Analytics Real-time application visibility and policy management using advanced analytics Yogesh Kaushik, Sr. Director Product Management PSOACI-2100 Agenda Market context Introduction:

More information

Firewalls for Secure Unified Communications

Firewalls for Secure Unified Communications Firewalls for Secure Unified Communications Positioning Guide 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 12 Firewall protection for call control

More information

Integration Framework. Architecture

Integration Framework. Architecture Integration Framework 2 Architecture Anyone involved in the implementation or day-to-day administration of the integration framework applications must be familiarized with the integration framework architecture.

More information