Cisco Stealthwatch Endpoint License

Similar documents
Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Compare Security Analytics Solutions

Enhanced Threat Detection, Investigation, and Response

SIEM Solutions from McAfee

Subscriber Data Correlation

Figures 1 to 3 show the Instant Connect system, the Express system, and the mobile client, respectively. Figure 1. Instant Connect system Figure 2. In

Cisco Stealthwatch Endpoint License with Cisco AnyConnect NVM

TALK. agalaxy FOR THUNDER TPS REAL-TIME GLOBAL DDOS DEFENSE MANAGEMENT WITH A10 DATA SHEET DDOS DEFENSE MONITORING AND MANAGEMENT

Data Sheet Instant Connect Mobile Client When your business is on the line, Instant Connect is here for your most critical communications needs. Welco

2 to 4 Intel Xeon Processor E v3 Family CPUs. Up to 12 SFF Disk Drives for Appliance Model. Up to 6 TB of Main Memory (with GB LRDIMMs)

User-to-Data-Center Access Control Using TrustSec Design Guide

Cisco Firepower 9300 Security Appliance

PANORAMA. Key Security Features

Symantec Security Monitoring Services

PANORAMA. Figure 1: Panorama deployment

Cisco Secure Network Server

by Cisco Intercloud Fabric and the Cisco

Symantec Network Security 7100 Series

Cisco Service Control Service Security: Outgoing Spam Mitigation Solution Guide, Release 4.1.x

Cisco Secure Network Server

How to Get Started with Cisco SBA

Features and benefits Easy group communications is an important part of operational communications because incidents can occur anywhere, anytime. Resp

SIEM: Five Requirements that Solve the Bigger Business Issues

Prestigious hospital. Outdated network.

How to Get Started with Cisco SBA

Deploying Cisco SD-WAN on AWS

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

Cisco Collaborative Knowledge

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

ING DIRECT turns ideas into revenue faster with Cisco UCS.

OSSIR. 8 Novembre 2005

IPS-1 Robust and accurate intrusion prevention

Cisco Identity Services Engine

Cisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY

Symantec Advanced Threat Protection: Endpoint

Snort: The World s Most Widely Deployed IPS Technology

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

How can we gain the insights and control we need to optimize the performance of applications running on our network?

Observer Probe Family

Cisco Smart Business Communications Systems. Cisco Small Business Unified Communications 300 Series

The Cisco HyperFlex Dynamic Data Fabric Advantage

Empower stakeholders with single-pane visibility and insights Enrich firewall security data

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

A10 HARMONY CONTROLLER

Kennisnet: A lesson in data center success

IBM Proventia Network Anomaly Detection System

Cisco Industrial Network Director

Scrutinizer Flow Analytics

Increase Efficiency with VMware Software and Cisco UCS

Cisco Service Control Traffic Optimization: Capacity Control Solution Guide, Release 3.6.x

Maximize Network Visibility with NetFlow Technology. Adam Powers Chief Technology Officer Lancope

Water Provider Relocates, Modernizes Data Center

Cisco Industrial Network Director

Cisco Service Control Usage Analysis and Reporting Solution Guide,

Driving Network Visibility

Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions

Cisco Network Admission Control (NAC) Solution

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Best Practices in Securing a Multicloud World

Stealthwatch System Hardware

Networks with Cisco NAC Appliance primarily benefit from:

Asynchronous Terminal Server Interface Modules for Cisco 4000 Series Integrated Services Routers

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

Cisco Advanced Malware Protection for Endpoints

Cisco Universal Small Cell 8050 Enterprise Management System

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Cisco Payment Card Industry Compliance Services

Segment Your Network for Stronger Security

Cisco 4000 Series Integrated Services Router Packet-over-T3/E3 Service Module

Cisco Connected Factory Accelerator Bundles

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

SIEMLESS THREAT DETECTION FOR AWS

McAfee Network Security Platform

CyberArk Privileged Threat Analytics

RSA NetWitness Suite Respond in Minutes, Not Months

McAfee Network Security Platform

Stealthwatch System Hardware Installation Guide. (for Stealthwatch System v6.9.1)

Sustainable Security Operations

Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video

Cisco Tetration Platform: Network Performance Monitoring and Diagnostics

The Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an

Logistics Company Improves IT Uptime and Management

Cisco Spark Hybrid Media Service

Extending Enterprise Security to Public and Hybrid Clouds

Cisco Collaboration Optimization Services: Tune-Up for Peak Performance

Cisco NAC Network Module for Integrated Services Routers

Cisco ACI Simulator VM Installation Guide

Cisco Kinetic for Cities Safety and Security Law Enforcement Dashboard (GeoShield)

Cisco Cloud Web Security

The threat landscape is constantly

SEVONE DATA APPLIANCE FOR EUE

Behavior-Based IDS: StealthWatch Overview and Deployment Methodology

McAfee Endpoint Threat Defense and Response Family

Security Analytics Appliances

SteelCentral NPM. NetProfiler, NetShark, Flow Gateway & Packet Analyzer. December 2015

Cisco HyperFlex HX220c Edge M5

All Events. One Platform.

OVERVIEW BROCHURE GRC. When you have to be right

Smart Data Center From Hitachi Vantara: Transform to an Agile, Learning Data Center

Transcription:

Data Sheet Cisco Stealthwatch Endpoint License With the Cisco Stealthwatch Endpoint License you can conduct in-depth, context-rich investigations into endpoints that exhibit suspicious behavior. In our connected world, mobility is king. More users are connecting to corporate networks with more devices, from more places than ever before. The average worker uses three personal devices for work purposes. That s more than 15 billion mobile devices worldwide with access to enterprise networks. And the reality is that many of those devices could already be compromised. Security professionals need to see into the applications and processes that occur at the network edge, down to remote devices. The Cisco Stealthwatch endpoint solution permits security professionals to conduct more efficient, context-rich investigations into user machines that are exhibiting suspicious behavior. Tightly integrated with the Cisco AnyConnect Network Visibility Module, the Stealthwatch Endpoint solution provides greater network visibility while enhancing the investigation of endpoints. It offers easy access to endpoint applications and information that security analysts need to speed incident response and remediate policy violations. How It Works The Endpoint License delivers support for the Cisco Network Visibility Flow (nvzflow) protocol introduced with the Cisco AnyConnect 4.2 Network Visibility Module (NVM). The AnyConnect NVM collects high-value endpoint contextual data. It exports that telemetry using the nvzflow protocol, an extension of the standards-based IP Flow Information Export (IPFIX) protocol, to the Endpoint Concentrator. The Endpoint Concentrator collects this telemetry from multiple endpoints and forwards it to the Flow Collector. There, through a process of stitching and deduplication, the endpoint-specific fields are inserted into the conversational flow records maintained in the Flow Collector database. The endpoint data is then analyzed and displayed in the Stealthwatch console for a single view into activity across the network. Generating telemetry from the endpoint provides context and awareness. It is a critical step in gaining the visibility needed to secure the endpoint. 1

Components & Architecture Figure 1 illustrates the components and architecture of this solution. Table 1 lists its major benefits. Table 2 provides ordering information, and Table 3 gives specifications for the virtual edition. Figure 1. Cisco Stealthwatch Endpoints Architecture nvzflow Stealthwatch Endpoint License Stealthwatch Flow Collector Stealthwatch Management Console Components AnyConnect Network Visibility Module Endpoint License: The Endpoint License allows telemetry data to be captured from endpoint devices that connect to your network, such as desktop computers, laptops, smartphones, and tablets. The license permits the high-value endpoint contextual data collected by the AnyConnect NVM to be exported to the Endpoint Concentrator for further analysis in the Management Console. Endpoint Concentrator: The Endpoint Concentrator collects IPFIX data from the Cisco AnyConnect Network Visibility Module. Data is collected from all endpoint devices and is passed through the Endpoint Concentrator to the Flow Collector. A Flow Collector is required for an Endpoint solution deployment. Table 1. Major s of the Endpoint License Increased visibility Enhanced security Accelerated response Improve compliance Extends your network as a sensor to personal devices such as laptops, tablets, and smart phones. Delivers enhanced security with real-time threat detection on suspicious activity and potential attacks Provides superior forensic investigations with sophisticated security analytics Offers real-time situational awareness and network visibility to help you meet compliance regulations across your entire network. Table 2. Endpoint License Ordering Information Product Part Number* L-SW-EL-XY-S1 L-SW-EL-XY-S2 L-SW-EL-XY-S3 L-SW-EL-XY-S4 L-SW-EL-XY-S5 Tiering Cisco Stealthwatch Endpoint License XYR, 1 99 Users Cisco Stealthwatch Endpoint License XYR, 100 249 Users Cisco Stealthwatch Endpoint License XYR, 250 499 Users Cisco Stealthwatch Endpoint License XYR, 500 999 Users Cisco Stealthwatch Endpoint License XYR, 1000 2499 Users 2

Table 2. Endpoint License Ordering Information (continued) Product Part Number* L-SW-EL-XY-S6 L-SW-EL-XY-S7 L-SW-EL-XY-S8 L-SW-EL-XY-S9 L-SW-EL-XY-S10 L-SW-EL-XY-S11 Tiering Cisco Stealthwatch Endpoint License XYR, 2500 4999 Users Cisco Stealthwatch Endpoint License XYR, 5000 9999 Users Cisco Stealthwatch Endpoint License XYR, 10000 24999 Users Cisco Stealthwatch Endpoint License XYR, 25000 49999 Users Cisco Stealthwatch Endpoint License XYR, 50000 9999 Users Cisco Stealthwatch Endpoint License XYR, 100000 249999 Users *X = 1 year, 3 years or 5 years Table 3. Endpoint License Specification for Virtual Edition Reserved CPU Reserved Memory Maximum FPS Rate Maximum Exporters 2 8 GB 20,000 13,333 Stealthwatch Flow Collector: The Flow Collector provides network visibility and security intelligence across physical and virtual environments to help improve incident response. The volume of NetFlow telemetry collected from the network is determined by the capacity of the deployed Flow Collectors. Multiple Flow Collectors may be installed. Flow Collectors are available as hardware appliances or as virtual machines. The capacity of the Flow Collector must be taken into consideration for the deployment of the Endpoint solution. Table 4 outlines the Flow Collector s benefits. Table 4. Major s of the Stealthwatch Flow Collector Increased flow context Better traffic visibility Threat Intelligence monitoring Investigation enablement Greater accuracy Correlation of proxy and flow data Visibility Threat detection Incident response Real-time traffic analysis Flow-traffic monitoring Identification of security root cause Ingests URL and proxy user data from proxy servers and associates it with the corresponding network flow data. Improves visibility for the Cisco Stealthwatch system, given network conversations that pass through web proxies. Automatically compares URL data from proxy records with the Threat Intelligence feed. Manually investigates data within the console. Provides context data to the Cisco Stealthwatch system to increase the accuracy of security events. Ingests URL and proxy user data from proxy servers and associates it with the corresponding network flow data. This information is automatically compared with the Threat Intelligence feed. It is also used to support manual investigation within the console. Eliminates blind spots on the network by allowing organizations to see the translated address associated with the other side of a proxy conversation Ingests proxy records and associates them with flow records, delivering the user application and URL information for each flow, to increase contextual awareness. This process enhances your organization s ability to pinpoint threats and shortens your mean time to know (MTTK). Provides additional context around web traffic traversing through a proxy server for more accurate troubleshooting, incident response, and forensics. Delivers real-time traffic analysis for billing, bandwidth accounting, and network performance troubleshooting. Monitors flow traffic across hundreds of network segments simultaneously, so you can spot suspicious network behavior. This capability is especially valuable at the enterprise level. Isolates the root cause in seconds for faster security incident response. 3

Table 4. Major s of the Stealthwatch Flow Collector (continued) Actionable insight Extended data retention Multiple types of flow data Scalability Deduplication and stitching End-to-end visibility Choice of delivery methods Provides actionable insight into performance without using expensive probes. Allows organizations and agencies to retain large amounts of data for long periods. Uses multiple types of flow data (Netflow, IPFIX, and sflow) to provide cost- effective, behavior-based network protection. Performs well in extremely high-speed environments and can protect every part of the network that is IP reachable, regardless of size. Performs deduplication so that any flows that might have traversed more than one router are counted only once. It then stitches the flow information together for full visibility of a network transaction. Aggregates high-speed network behavior data from multiple networks or network segments to deliver endto-end protection and improve performance across geographically dispersed networks. You can order the Appliance Edition, a scalable device suitable for any size organization. Or you can order the Virtual Edition, designed to perform the same functions as the appliance edition, but in a VMware environment. This solution scales dynamically according to the resources allocated to it. The Flow Collector should be used as a guide when determining the number of supported hosts for the Endpoint License, because the Flow Collector will experience degradation before the Endpoint Concentrator. The maximum endpoint traffic impact on Flow Collectors is 50,000 fps; standard performance considerations for flows per second (fps) still apply. Management Console: The Management Console manages, coordinates, and configures Cisco Stealthwatch appliances deployed at critical segments throughout the enterprise. With the Management Console, administrators can easily view, understand, and act upon a plethora of network and security data, all through a single interface. Snapshot views and sophisticated drill-down capabilities provide the exact level of information you need exactly when you need it. Advanced graphics and customizable views of network activity deliver unique insight to help network and security teams understand traffic patterns and identify deviations from normal network behavior. Administrators can view high-level details, or choose to drill down into alarms, security event details, host-level views, and more for fast, efficient troubleshooting and root cause analysis. Dynamic querying, customized reports, and intuitive visualizations of network data help to decrease the time between problem onset and resolution. Major benefits of the Management Console are shown in Table 5. Specifications of the various models are given in Tables 6 and 7. 4

Table 5. Major s of the Management Console Real-time up-to-theminute data Capability to detect and prioritize security threats Network groupings Graphical representation Quick assessments of the security posture Management of Cisco Stealthwatch appliances Use of multiple types of flow data Scalability Choice of delivery methods Enhanced network management Handling of APTs, malware, and insider threats Audit trails for network transactions Real-time, customizable relational flow maps Delivers data flow for monitoring traffic across hundreds of network segments simultaneously, so you can spot suspicious network behavior. This capability is especially valuable at the enterprise level. Rapidly detects and prioritizes security threats, pinpoints network misuse and suboptimal performance, and manages event response across the enterprise - all from a single control center. Creates network groupings and relationship maps for an easy view of the state of your organization s traffic. Within seconds, operation and security teams can see exactly where to focus their attention. Provides a representation of the state of the network in a clean, easy-to-understand format. Displays multiple alarm categories on the home dashboard, so operators can quickly assess the security posture of the organization. Configures, coordinates and manages appliances, including the Flow Collector and Flow Sensor appliances. Consumes multiple types of flow data, including Netflow, IPFIX, and sflow. The result: Cost-effective, behaviorbased network protection. Supports even the largest of network demands. Performs well in extremely high-speed environments and can protect every part of the network that is IP reachable, regardless of size. You can order the Appliance Edition, a scalable device suitable for any size organization. Or you can order the Virtual Edition, designed to perform the same functions as the appliance edition, but in a VMware environment. Enhances network management through trend analysis, firewall and capacity planning, and performance monitoring. Provides the in-depth visibility and context needed to thwart evolving threats. This includes everything from worms, viruses, and other malware to targeted attacks, DDoS attempts, insider threats, and APTs. Provides alerts with the contextual information necessary for security personnel to take quick, decisive action to mitigate potential damage. Provides a full audit trail of all network transactions for more effective forensic investigations. Provides graphical views of the current state of the organization s traffic. Administrators can easily construct maps of their network based on any criteria, such as location, function, or virtual environment. By creating a connection between two groups of hosts, operators can quickly analyze the traffic traveling between them. Then, simply by selecting a data point in question, they can gain even deeper insight into what is happening at any point in time. Table 6. Management Console Models Model Maximum Number of Flow Collectors Supported Management Console VE Up to 5 1 TB Management Console 1000 5 1 TB Management Console 2000 25 2 TB Flow Storage Capacity 5

Table 7. Management Console Specifications, by Model Management Console 500 and 1010 Management Console 2010 Network 1 management port: 10/100/1000BASE-TX, copper Database capacity 1 TB (RAID 6 redundant) 2 TB (RAID 6 redundant) Hardware platform R630 Hardware generation 13G Rack unit (mountable) 1RU Power Redundant 750W AC, 50/60 Hz, auto-ranging (100V to 240V) Heat dissipation 2891 Btus per hour maximum Dimensions Height: 1.68 in. (4.3 cm) Width: 17.08 in. (43.4 cm) Depth: 27.25 in. (69.2 cm) Unit weight 41 lb (18.6 kg) Rails Sliding Ready Rails with cable management arm FCC (U.S. only) Class A DOC (Canada) Class A Regulatory CE Mark (EN 55022 Class A, EN55024, EN61000-3-2, EN61000-3-3, EN60950) VCCI Class A UL 1950 CSA 950 Service and Support A number of service programs are available for Cisco Stealthwatch. These innovative programs are delivered through a combination of people, processes, tools, and partners to provide high levels of customer satisfaction. These services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Professional Services, see the Technical Support home page. Cisco Capital Cisco Capital financing can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce CapEx. Accelerate your growth. Optimize your investment dollars and ROI. Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary thirdparty equipment. And there s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more. For More Information For more information about Cisco Stealthwatch visit www.cisco.com/go/stealthwatch. To place an order, contact your account representative or email stealthwatch-interest@cisco.com. 6

Americas Headquarters Cisco Systems, Inc. San Jose, CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd. Singapore Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) (01/17) 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback