{"id":727,"date":"2018-07-15T23:09:36","date_gmt":"2018-07-15T22:09:36","guid":{"rendered":"http:\/\/www.balajibandi.com\/?p=727"},"modified":"2023-01-14T19:13:42","modified_gmt":"2023-01-14T19:13:42","slug":"cisco-stealthwatch-understanding-my-way","status":"publish","type":"post","link":"https:\/\/www.balajibandi.com\/?p=727","title":{"rendered":"Cisco Stealthwatch Understanding My way"},"content":{"rendered":"

Cisco Stealthwatch Understanding My way<\/strong><\/span><\/h1>\n

Cisco Stealthwatch drastically enhances threat defence by giving detailed network visibility and security analytics. It helps you know every host, record every conversation, understand what is normal, it alerts you to change, and enables you to respond to threats quickly.<\/p>\n

With Cisco Stealthwatch and its enhanced analytics capabilities, you can better understand whether encrypted traffic on the network is malicious. The enhanced network telemetry from the latest Cisco routers and switches is collected by Cisco\u00a0Stealthwatch Enterprise. It uses advanced entity modeling and multilayered machine learning, constantly identifying who is on the network and what they are doing, and can detect anomalous behavior in real time to identify threats.<\/p>\n

\"\"<\/p>\n

Various connection with port information :<\/strong><\/p>\n

<\/p>\n

\n

These are the primary features of Stealthwatch:<\/strong><\/p>\n

Deep visibility across the network perimeter, interior, data center, and private and public cloud
\nSimplified understanding of normal network behavior through the use of NetFlow
\nContinuous monitoring of devices, applications, and users throughout your distributed networks
\nIn-depth forensic investigations and post-incident response with contextual threat intelligence and detailed, historic audit trails of NetFlow data
\nEasy integration with your existing network infrastructure (compatible with non-Cisco telemetry), Cisco Security Packet Analyzer, Cisco ASA Firewalls, Cisco ISE, Cisco TrustSec technology-supported hardware, and a variety of other security solutions, all available through Cloud Network Solutions .<\/p>\n

Cisco Stealthwatch Enterprise Components<\/p>\n

Cisco Stealthwatch Management Console
\nThe console coordinates, manages, and configures Stealthwatch appliances deployed at various segments throughout your enterprise. The management console can also collect data from other types of technologies, including firewalls, web proxies, network access control (NAC) systems, and more. Disparate IT teams can easily obtain pervasive network visibility and actionable security intelligence to detect and prioritize security threats through a single viewpoint. The console is available as a hardware appliance or a virtual machine.
\nFeatures include:
\n\u2022 In-depth visibility and behavior-based context defends against APTs, malware, insider threats, worms, viruses, targeted attacks, DDoS attempts, and evolving attacks. Advanced detection capabilities decrease the time between threat onset and resolution.
\n\u2022 Real-time telemetry delivers data flow for monitoring traffic across hundreds of network segments simultaneously to detect suspicious network behavior.
\n\u2022 Robust network intelligence facilitates performance monitoring, capacity planning, and enhances network management. It also reduces time-consuming and resource-intensive manual analysis often associated with other vendors.
\n\u2022 Network groupings, graphical representations, and relationship maps deliver simple views of your organization\u2019s traffic within seconds, illustrating where to focus your attention.
\n\u2022 Multiple alarm categories and context-based alerts on the home dashboard provide quick assessments of your organization\u2019s security posture. This allows for decisive action to mitigate potential damage.
\n\u2022 Scalable functionality performs well in high-speed environments and can protect every part of the network that is accessible by IPs, regardless of size.<\/p>\n

Cisco Stealthwatch Flow Collector
\nThe flow collector collects and analyzes massive amounts of network data from your current devices. The result is visibility and security intelligence across physical and virtual environments, improving incident response. Flow Collector provides cost-effective behavioral analytics and advanced security context. This enables early anomaly detection, quick root-cause determination, and enhanced protection for a wide range of threats, including APTs, insider threats, DDoS, and zero-day malware. The solution is available as a hardware appliance or a virtual machine.
\nFeatures include:
\n\u2022 Flow-based anomaly detection pinpoints unusual behavior and immediately sends an alarm with actionable intelligence, promoting quick and decisive mitigation.
\n\u2022 Stitched, duplicated, and 1:1 flows simplify network and security monitoring. In addition to detecting anomalies in real time, the solution can store years of data, creating a complete audit trail to improve forensic investigations and compliance.
\n\u2022 Easy upgrading allows you to start small and expand as your capacity needs change. At full scale, Flow Collector can process data from as many as 50,000 flow sources at up to 6 million flows per second (fps).<\/p>\n

Cisco Stealthwatch Flow Sensor<\/p>\n

This component provides robust visibility of network, application, and server performance metrics. The flow sensor gives you a cost-effective method of troubleshooting both security incidents and application performance problems, while eliminating dangerous network blind spots. It can provide Layer 7 application information for environments where Cisco Network-Based Application Recognition (NBAR) is disabled. The solution is available as hardware appliances or as software for monitoring virtual machine environments.
\nFeatures include:
\n\u2022 Network anomaly alerts pinpoint unusual behavior and immediately send alarms with contextual intelligence, allowing you to act quickly and mitigate damage.
\n\u2022 URL data allows administrators to see exactly which websites users are going to, including the file path. This improves the identification of applications causing performance or security problems.
\n\u2022 Enhanced operational efficiency reduces costs by identifying and isolating the root cause of an issue or incident within seconds.<\/p>\n

UDP Director<\/p>\n

The UDP Director simplifies the collection and distribution of network and security data across the enterprise. It helps reduce the processing power on network routers and switches by receiving essential network and security information from multiple locations and then forwarding it to a single data stream to one or more destinations.
\nFeatures include:
\n\u2022 Reduces unplanned downtime and service disruption on the high availability UDP Director 2200 appliance.
\n\u2022 Simplifies network security and monitoring by providing a single standard destination for NetFlow, SFlow, syslog, and SNMP information.
\n\u2022 Directs UDP data from any UDP application to one or more destinations, duplicating the data if required.<\/p>\n

StealthwatchSystem Components<\/p>\n

-StealthwatchManagement Console<\/p>\n

. Management and reporting
\n\u2022Up to 25 Flow Collectors
\n\u2022Up 6 million fps globally
\n\u20222 physical and virtual models
\n\u2022High Availability<\/p>\n

Cisco Security Packet Analyzer
\n\u2022Rolling full packet capture
\n\u20222 physical models<\/p>\n

– StealthwatchFlow Collector<\/p>\n

. Collect and analyze
\n\u2022Up to 4000 exporters
\n\u2022Up to sustained 240,000 fps
\n\u20224 physical and 3 virtual models<\/p>\n

–\u00a0StealthwatchFlow Sensor
\n\u2022Generate IPFIX from SPAN\/TAP
\n\u2022Contextual fields (ex. App,URL,SRT,RTT)
\n\u2022Physical and virtual models<\/p>\n

UDP Director
\n\u2022UDP Packet copier
\n\u2022Forward to multiple destinations
\n\u2022High Availability
\n\u20222 physical and virtual models<\/p>\n

Endpoint License Concentrator
\n\u2022Collect AnyConectNVM flow data and forward to Flow Collector
\n\u2022Virtual Appliance<\/p>\n

Cloud License Concentrator
\n\u2022Collect flow data from Cloud License Agents and forward<\/p>\n

Here are a few more of the many benefits you will gain when you implement Cisco Stealthwatch.<\/p>\n

    \n
  1. Gain visibility across all network conversations, including east-west and north-south traffic, to detect both internal and external threats<\/li>\n
  2. \u00a0 \u00a0Drastically simplify your network segmentation, performance monitoring, and your capacity planning<\/li>\n
  3. Conduct advanced security analytics and obtain in-depth context to detect a wide range of anomalous behaviors that may signify an attack<\/span><\/li>\n
  4. Ensure enterprise compliance by identifying the extent as well as the quality of encryption in the network<\/span><\/li>\n
  5. Accelerate and improve threat detection, forensics, and incident response across your entire network, including encrypted traffic<\/span><\/li>\n
  6. Achieve far greater visibility and and anomaly detection with advanced and accurate global and local traffic correlation<\/span><\/li>\n
  7. Enable deeper forensic investigations with audit histories of network activity<\/span><\/li>\n
  8. Identify insider threats by obtaining contextual information from cloud services<\/span><\/li>\n<\/ol>\n

    Dashboard :<\/p>\n

    \"\"<\/p>\n

    I will be soon going to make my hands dirty with stealth watch in my lab environment soon and real time example post soon..happy labbbing……………………….!!!!!!!<\/p>\n","protected":false},"excerpt":{"rendered":"

    Cisco Stealthwatch Understanding My way Cisco Stealthwatch drastically enhances threat defence by giving detailed network visibility and security analytics. It helps you know every host, record every conversation, understand what is normal, it alerts you to change, and enables you to respond to threats quickly. With Cisco Stealthwatch and its enhanced analytics capabilities, you can […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,2],"tags":[],"class_list":["post-727","post","type-post","status-publish","format-standard","hentry","category-ccie-sec","category-cisco"],"_links":{"self":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/727","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=727"}],"version-history":[{"count":3,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/727\/revisions"}],"predecessor-version":[{"id":1820,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/727\/revisions\/1820"}],"wp:attachment":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=727"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=727"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=727"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}