Enhanced Threat Detection, Investigation, and Response

Similar documents
Compare Security Analytics Solutions

Cisco Stealthwatch Endpoint License

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Best Practices in Securing a Multicloud World

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

McAfee Endpoint Threat Defense and Response Family

The Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an

SIEMLESS THREAT DETECTION FOR AWS

Subscriber Data Correlation

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

FireMon Security manager

Cisco Cloud Application Centric Infrastructure

Monitoring Serverless Architectures in AWS

SIEM Solutions from McAfee

Network Visibility and Segmentation

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

ACTIONABLE SECURITY INTELLIGENCE

Security. Made Smarter.

TALK. agalaxy FOR THUNDER TPS REAL-TIME GLOBAL DDOS DEFENSE MANAGEMENT WITH A10 DATA SHEET DDOS DEFENSE MONITORING AND MANAGEMENT

Encrypted Traffic Analytics

CloudSOC and Security.cloud for Microsoft Office 365

Everything visible. Everything secure.

A10 HARMONY CONTROLLER

Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

Segment Your Network for Stronger Security

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Managing Microsoft 365 Identity and Access

Securing Your Amazon Web Services Virtual Networks

Sustainable Security Operations

Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions

Empower stakeholders with single-pane visibility and insights Enrich firewall security data

Snort: The World s Most Widely Deployed IPS Technology

SONICWALL GLOBAL MANAGEMENT SYSTEM Comprehensive security management, monitoring, reporting and analytics

USM Anywhere AlienApps Guide

<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

Trends and challenges Managing the performance of a large-scale network was challenging enough when the infrastructure was fairly static. Now, with Ci

HIPAA Compliance and Auditing in the Public Cloud

AKAMAI CLOUD SECURITY SOLUTIONS

ALIENVAULT USM FOR AWS SOLUTION GUIDE

SIEM: Five Requirements that Solve the Bigger Business Issues

Securing Your Microsoft Azure Virtual Networks

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

SONICWALL GLOBAL MANAGEMENT SYSTEM

Cisco Stealthwatch Endpoint License with Cisco AnyConnect NVM

Getting Started with AWS Security

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

SYMANTEC DATA CENTER SECURITY

Hidden Figures: Securing what you cannot see

Office 365 Buyers Guide: Best Practices for Securing Office 365

AppDefense Cb Defense Configuration Guide. AppDefense Appendix Cb Defense Integration Configuration Guide

SoftLayer Security and Compliance:

ForeScout ControlFabric TM Architecture

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

Symantec Security Monitoring Services

McAfee epolicy Orchestrator

You Can See Everything From Our Windows

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

PANORAMA. Figure 1: Panorama deployment

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

McAfee Public Cloud Server Security Suite

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Cisco Start. IT solutions designed to propel your business

Evolved Backup and Recovery for the Enterprise

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Netwrix Auditor. Visibility platform for user behavior analysis and risk mitigation. Mason Takacs Systems Engineer

How to Secure Your Cloud with...a Cloud?

Cisco SAN Analytics and SAN Telemetry Streaming

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template

ForeScout Extended Module for Splunk

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Fabrizio Patriarca. Come creare valore dalla GDPR

Asset Discovery with Symantec Control Compliance Suite WHITE PAPER

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

PROTECT AND AUDIT SENSITIVE DATA

Cisco Encrypted Traffic Analytics Security Performance Validation

Netwrix Auditor for SQL Server

Cisco DNA Center FAQ

Cisco Network Assurance Engine with ServiceNow Cisco Network Assurance Engine, the industry s first SDN-ready intent assurance suite, integrates with

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

What s New in Netwrix Auditor 9.5

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE


RSA NetWitness Suite Respond in Minutes, Not Months

Manufacturing security: Bridging the gap between IT and OT

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

ENTERPRISE-GRADE MANAGEMENT FOR OPENSTACK WITH RED HAT CLOUDFORMS

Cisco Wide Area Application Services: Secure, Scalable, and Simple Central Management

Alcatel-Lucent OmniVista Cirrus Simple, secure cloud-based network management as a service

RSA INCIDENT RESPONSE SERVICES

Getting started with AWS security

Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow

Stealthwatch and Cognitive Analytics Configuration Guide (for Stealthwatch System v6.10.x)

Transcription:

Enhanced Threat Detection, Investigation, and Response What s new in Cisco Stealthwatch Enterprise Release 6.10.2 Cisco Stealthwatch Enterprise is a comprehensive visibility and security analytics solution that takes full advantage of enterprise telemetry from the existing network infrastructure. It provides advanced threat detection, accelerated threat response, and simplified network segmentation by using multilayer machine learning and entity modeling across the extended network. Now we are introducing enhanced features that will help resource-strapped security teams address the challenges of protecting the network infrastructure more comprehensively. Your team will be able to detect advanced threats faster and investigate them using intuitive workflows, without getting overwhelmed by the large number of security alerts received on a typical day. 44% Source: Cisco 2017 Security Capabilities Benchmark Study of security alerts are NOT investigated New features Stealthwatch Management Console web interface updates Investigate incidents faster with optimized, more granular telemetry search and contextual results management Prioritize risks and respond to threats in real time with access to top security events Get deeper visibility into the traffic and application patterns within the digital business Enjoy better user experience through enhancements for more intuitive workflows Integration with Stealthwatch Cloud to easily monitor the public cloud infrastructure Convenient management, better support, and product compliance features Enhanced security analytics to stay ahead of evolving threats (Global Threat Analytics, formerly Cognitive Threat Analytics updates)

More search parameters make it easier to perform granular investigations that return comprehensive results (Figure 1) Most common search parameters are organized for easy access Filter search results in place based on contextual information, without running a new query, to narrow down the problem quickly (Figure 2) Set the maximum number of records to be returned and easily export results in common (CSV) format for further analysis Stealthwatch Management Console web interface updates Investigate incidents faster with optimized, more granular telemetry search and contextual results management Cisco Stealthwatch Enterprise helps teams troubleshoot security events faster by providing a comprehensive set of search parameters for a more flexible and controlled telemetry search. Figure 1. More granular and logical advanced search With Release 6.9.2, we introduced the ability to analyze encrypted traffic to help ensure compliance. You can determine the quality of encrypted traffic using Cisco Encrypted Traffic Analytics, a revolutionary technology within Cisco Stealthwatch Enterprise and the next-generation Cisco network. With Release 6.10.2, you can perform an advanced search on encrypted traffic based on parameters such as encryption key exchange, encryption algorithm, key length, TLS/SSL version, and more to help ensure cryptographic compliance (Figure 3)

Figure 2. Narrow down investigations faster by filtering query results in place. Figure 3. Cisco Stealthwatch Enterprise is the only solution that uses the network to help ensure policy compliance without the need for additional tools.

Immediately view the top security events for a specific host, and easily determine if the host is the source or target of an attack using the Top Security Events widget in the Host report dashboard (Figure 4) Get additional security event details, such as the policies that were violated, to understand exactly why the event was triggered (Figure 4) Drill down into telemetry associated with a security event with a single click for deeper investigations (Figure 4) Visualize traffic destinations from specific host groups, both inside and outside the organization, to assess security risks using the Top Host Groups by Traffic widget in the Host Group report dashboard Prioritize risks and respond to threats in real time with access to top security events With Cisco Stealthwatch Enterprise, you can easily tie a security event within your digital business to a specific host so you can immediately identify the source or the target of the threat and take steps to mitigate it. Figure 4. Top Security Events widget in host report

Monitor traffic passing through all the exporters in the network and view their current and maximum usage, bandwidth, speed, etc., using the Interface dashboard under the Monitor menu Easily analyze the type of applications passing through the exporters (Figure 5) Investigate alarms triggered by exporters. Filter the traffic view by time, and drill down into telemetry associated with the event Get deeper visibility into traffic and application patterns Cisco Stealthwatch Enterprise is a highly scalable visibility and security analytics solution because it uses telemetry from your existing network infrastructure to strengthen security. And the comprehensive visibility makes it easy to monitor the overall health of network devices. Figure 5. Deeper visibility into traffic and applications Flow Collector 5200 is now included in the Update Manager KVM Hypervisor environment is supported on all Cisco Stealthwatch Enterprise virtual appliances Load Balancer that provides stitched communication that traverses load balancers is supported Cisco Stealthwatch Enterprise meets the FIPS 140-2 compliance requirements, which is a key federal government requirement for encryption (Certification details can be found here) Release 6.10.2 features integration with new REST API calls Enhancements for a better user experience Improved performance of Host List view Ability to Select All/Deselect All on chart legends Cisco Stealthwatch About page and Help page Multiple language support User interface consistencies Support for new tabs in context search menu Simplified management, with improved support and compliance Cisco Stealthwatch Enterprise is a highly mature solution built to scale with your growing business. It integrates with other security products to boost your confidence in your security posture and is compliant with major industry standards such as PCI and HIPAA.

Stealthwatch administrators can easily sign up for Stealthwatch Cloud accounts with a free 60-day trial Stealthwatch users can turn on the integration after the administrator activates the Stealthwatch Cloud account (Figure 6) You can view alerts that are open and who they are assigned to in the Alerts widget. Clicking the alert name pivots to the Stealthwatch Cloud portal for more details The Network Activity graph provides a view of the traffic and the number of endpoints along with any open and closed alerts. Clicking the alert indicator pivots to the Stealthwatch Cloud portal for more details The Highlighted Observation Summary widget shows a count of observations in critical categories such as Bad Protocol, Heartbeat, etc. Observations are facts about the network automatically recognized by Stealthwatch Cloud endpoint modeling. Clicking the observation name pivots to the Stealthwatch Cloud portal for more details Integration with Cisco Stealthwatch Cloud Cisco Stealthwatch Cloud is a cloud-native solution that provides visibility and threat detection in your Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure environments. With Release 6.10.2, you can easily sign up for and perform public cloud monitoring with Stealthwatch Cloud from the Stealthwatch Enterprise dashboard (Figure 6). And this integration comes with a free, no-risk, 60-day trial. Figure 6. Cisco Stealthwatch Cloud dashboard

Improved classifiers that apply machine learning to more effectively detect advanced threats such as: Command and control communication Domain Generation Algorithms (DGA) or data tunneling (Figure 7) Malicious Server Message Block (SMB) service discovery associated with zero-day attacks BitTorrent clients Cryptomining More contextual information for incidents and increased efficacy of the detection engine Option to send additional data to Global Threat Analytics to monitor specific host groups, such as internal servers, for increased protection and visibility into data exposure Enhanced security analytics to stay ahead of evolving threats With Release 6.9.1, we introduced the integration of Cisco Stealthwatch Enterprise with Global Threat Analytics. This cloud-based threat detection and analytics capability uses the power of multilayer machine learning and global threat intelligence to detect advanced threats. The attacks are getting smarter, and security analytics techniques need to adapt to detect those threats. Release 6.10.2 brings many enhancements to the capabilities of the machine learning cloud engine. Please note that you need to enable the integration. Figure 7. Detection of unexpected DNS usage, caused by DGA-based malware or data tunneling Next steps To learn more, visit https://www.cisco.com/ go/stealthwatchenterprise or contact your local Cisco account representative. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) C45-739978-01 04/18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback