Trends and Challenges We now live in a data-driven economy A recent Gartner report discussing NetOps 2.0 stated, NetOps teams must embrace practices a

Similar documents
Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video

Manufacturing security: Bridging the gap between IT and OT

The Why, What, and How of Cisco Tetration

The Business Case for Network Segmentation

Trends and challenges Managing the performance of a large-scale network was challenging enough when the infrastructure was fairly static. Now, with Ci

The Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an

Cisco Tetration Analytics

Architectural overview Turbonomic accesses Cisco Tetration Analytics data through Representational State Transfer (REST) APIs. It uses telemetry data

Office 365 Buyers Guide: Best Practices for Securing Office 365

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

The S in IoT is for Security Owning all the Things

Cisco Cloud Application Centric Infrastructure

Deception: Deceiving the Attackers Step by Step

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Network Visibility and Segmentation

Symantec Security Monitoring Services

Segment Your Network for Stronger Security

Cisco Tetration Analytics

Why Converged Infrastructure?

Cisco Crosswork Network Automation

Privileged Account Security: A Balanced Approach to Securing Unix Environments

SIEM Solutions from McAfee

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

OPTIMIZE. MONETIZE. SECURE. Agile, scalable network solutions for service providers.

Enhanced Threat Detection, Investigation, and Response

Cisco Learning Partner Toolkit CCNA and CCNP Data Center Training. Updated July 2017

SIEM: Five Requirements that Solve the Bigger Business Issues

Rethink the Network It is more than just transport

Title DC Automation: It s a MARVEL!

FOR FINANCIAL SERVICES ORGANIZATIONS

Best Practices in Securing a Multicloud World

Strategies for a Successful Security and Digital Transformation

ForeScout Extended Module for Splunk

McAfee epolicy Orchestrator

Cisco Application Centric Infrastructure

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment

align security instill confidence

A10 HARMONY CONTROLLER

CyberArk Privileged Threat Analytics

Cisco CloudCenter Use Case Summary

Cisco Stealthwatch Endpoint License

Compare Security Analytics Solutions

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

Security in India: Enabling a New Connected Era

Subscriber Data Correlation

with Advanced Protection

THE ACCENTURE CYBER DEFENSE SOLUTION

Digital Network Architecture

Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales

CloudSOC and Security.cloud for Microsoft Office 365

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Build Your Zero Trust Security Strategy With Microsegmentation

Cisco SAN Analytics and SAN Telemetry Streaming

Monitoring and Troubleshooting Smaller Office Networks with Savvius Insight

The threat landscape is constantly

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

THE EVOLUTION OF SIEM

Empower stakeholders with single-pane visibility and insights Enrich firewall security data

RSA NetWitness Suite Respond in Minutes, Not Months

Security. Made Smarter.

SIEMLESS THREAT DETECTION FOR AWS

Accelerate Your Enterprise Private Cloud Initiative

SYMANTEC DATA CENTER SECURITY

THE JOURNEY OVERVIEW THREE PHASES TO A SUCCESSFUL MIGRATION ADOPTION ACCENTURE IS 80% IN THE CLOUD

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

Automating the Top 20 CIS Critical Security Controls

Cisco Technical Services Advantage

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

A Data-Centric Approach to Endpoint Security

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Cisco Software-Defined Access

Prestigious hospital. Outdated network.

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

The SD-WAN security guide

RSA INCIDENT RESPONSE SERVICES

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

TechValidate Survey Report: SaaS Application Trends and Challenges

Tetration Hands-on Lab from Deployment to Operations Support

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

F5 Reference Architecture for Cisco ACI

Video AI Alerts An Artificial Intelligence-Based Approach to Anomaly Detection and Root Cause Analysis for OTT Video Publishers

McAfee Advanced Threat Defense

May the (IBM) X-Force Be With You

Build application-centric data centers to meet modern business user needs

Unlocking the Power of the Cloud

Deploying a Next-Generation IPS Infrastructure

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

Deploying a Next-Generation IPS Infrastructure

SaaS Providers. ThousandEyes for. Summary

Cisco Start. IT solutions designed to propel your business

Transcription:

Solution Overview Cisco Tetration Analytics and ExtraHop: Real-Time Analytics for Security Policy Enforcement Take fast action against threats like ransomware and brute-force login attempts by combining real-time application (Layer 7) visibility from ExtraHop with powerful Cisco Tetration Analytics security-policy enforcement. The Cisco Tetration Analytics and ExtraHop Open Data Stream integration combines realtime application-layer visibility from ExtraHop with automated Cisco Tetration Analytics policy enforcement to simplify zero-trust implementations, detect anomalous network behavior, and automatically trigger enforcement policies. The result is a new layer of valuable context information through real-time applicationlevel visibility that reveals the specific activities behind abnormal network traffic patterns. This combined solution allows you to analyze and create baselines for traffic behavior so that you can solidify your security policies and microsegmentation plans. Segment your application servers from your database servers and external clients. Apply appropriate firewall policies at your endpoints immediately and automatically. And thwart major threats like ransomware with the industry s most targeted, accurate, and rapid security-policy enforcement. Benefits The Cisco Tetration Analytics and ExtraHop integrated solution delivers essential threatdetection and security-policy enforcement from the data center to the cloud and the network edge. The Cisco Tetration Analytics and ExtraHop combined solution gives you the power to easily and rapidly address the following scenarios, and more: Brute-force logins: Detect spikes in database traffic, determine whether spikes are due to brute-force login attempts, and locate attempts down to the specific table queries. Ransomware attacks: Examine Common Internet File System (CIFS) traffic to identify ransomware and automatically tag compromised hosts to stop the spread of the attack. Expired certificates: The Cisco Tetration Analytics platform helps customers identify expired certificates. ExtraHop takes this visibility one step further, identifying the specific server or servers on which the certificate has expired.

Trends and Challenges We now live in a data-driven economy A recent Gartner report discussing NetOps 2.0 stated, NetOps teams must embrace practices and skill sets that include intent- and policy-driven methodologies that are proactive and businesscentric, and that have a strong foundation in automation and analytics. In reality, 71 percent of network teams have difficulty balancing innovation, efficiency, and security which is why 70 percent of projects are delivered late1. This leaves networking teams stuck playing catch-up, unable to focus on the strategic data necessary to achieve digital transformation and promote growth. Data friction Eight out of 10 IT professionals rely on users to notify them of problems, and teams spend up to 60 days per year troubleshooting performance issues. Organizations around the world face this challenge of data friction, and it s time to start talking about it. Too many obstacles are standing between IT teams and the data they need to rapidly find and fix problems. 1 A new approach: Rethink the network as the main data source By combining the Cisco Tetration Analytics platform and ExtraHop, operations teams can overcome these challenges and more. Many operations teams are beginning to understand the true value of an asset they already own: the network. Using the network as a real-time data source enables these teams to address the data friction problem and run their operations with timeliness and confidence. By adding the power of Cisco Tetration Analytics trafficflow visibility, operations teams get a view into data center clients, servers, and applications, resulting in an extensive application-dependency map. This integration of ExtraHop s analytics-first approach with Cisco Tetration Analytics analysis empowers operations teams to handle an increasing influx of data and address both tactical and strategic data challenges. 2016 State of the CIO survey conducted by CIO.com: http://www.cio.com/article/3022833/cio-role/state-of-the-cio-2016-its-complicated.html NetOps teams must embrace practices and skill sets that include intent- and policy-driven methodologies that are proactive and business-centric, and that have a strong foundation in automation and analytics. 2

The integration with ExtraHop and Cisco Tetration combines real-time application-layer visibility from ExtraHop with Cisco s application dependency mapping, real-time flow analysis, and automated policy enforcement delivered via Tetration. How It Works/Key Features/Components How the solution works The integration of ExtraHop and the Cisco Tetration Analytics platform combines real-time applicationlayer visibility from ExtraHop with automated policy enforcement delivered through the Cisco platform. This integration delivers both powerful insight and the capability to detect incidents such as brute-force logins, ransomware attacks, and expired certificates. Deep analysis of packets flowing between applications helps ensure the detection of security challenges in real time. For example, the combined solution can both detect ransomware attacks and tag a compromised host. The Cisco Tetration Analytics platform can then enforce a restricted security policy on that host. This integration can be achieved by having an ExtraHop ransomware-detection trigger a call to the Cisco Tetration Analytics representational state transfer (REST) API to apply the custom tag. Main features: The Cisco Tetration Analytics platform can apply security policies at endpoint sensors, the Cisco Application Centric Infrastructure (Cisco ACI ) Application Policy Infrastructure Controller (APIC), or other third-party devices such as application delivery controllers (ADCs). These security policies can be enhanced with custom tagging to provide additional context. Cisco Tetration Analytics endpoint sensor device metrics (Layer 2 through Layer 4) in combination with ExtraHop Layer 7 applicationlayer visibility can provide much deeper context information for better custom tagging for securitypolicy enforcement. Components The ExtraHop Discover appliance provides realtime application-layer visibility to enhance securitypolicy enforcement. The Discover appliance can also detect security issues and then apply security tags or annotations in the Cisco Tetration Analytics platform to enforce security policies at endpoints. Additionally, an ExtraHop Explore and Trace appliance can be added for security forensics. Model sizing depends on the environment, but not the integration. 3

Use cases Table 1 provides use cases for the combined Cisco Tetration Analytics and ExtraHop solution. Use Case Application-level attacks (for example, ransomware) Description ExtraHop tags a compromised host. Cisco Tetration Analytics enforces a restricted security policy on that host. The ExtraHop ransomware-detection trigger calls the Cisco Tetration Analytics REST API to apply the custom tag. Both detect a spike in database traffic and determine whether the traffic spike is due to brute-force login attempts. See which specific tables are being queried. Identify the specific server or servers on which the certificate has expired. Identify rogue certificates. Cipher audits Identify the specific server or servers with weak cipher suites. Network forensics Brute-force logins Certificate audits Access detailed application transactions and packets to determine the circumstances of an incident. Visibility and enforcement Analytics engine Software agent REST API (monitoring and enforcement) Embedded network agent (monitoring) Third-party sources (configuration data) Ecosystem Cisco Tetration Analytics appliance Publish events Cisco Tetration Analytics applications 4

5

Why Cisco? Cisco customers can now gain the benefits of network traffic analysis for security. By adding the real-time application-layer visibility delivered by ExtraHop to Cisco Tetration Analytics behavioral analytics and machine learning, we offer the industry s most targeted, accurate, and rapid security-policy enforcement, helping customers thwart major threats like ransomware. For more information For more information about the Cisco Tetration Analytics and ExtraHop integration, please visit ExtraHop s Cisco partner page. To contact the ExtraHop sales team directly, email us at sales@extrahop.com. 2017 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) 2017 ExtraHop Networks, Inc. All rights reserved. No portion of this work may be reproduced in any form or by any electronic or mechanical means including information storage and retrieval systems without written permission from ExtraHop Networks, Inc. C22-739271-00 06/17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback