Cisco StealthWatch
Scalable visibility and security analytics across your business
“Cisco Stealthwatch has helped us gain visibility into the internal traffic by 100% which has resulted in the identification of threats that were extremely difficult to detect previously.”
IT Architect, Large Enterprise
Industrial Manufacturing Company
Have you been compromised? How would you know?
You have already invested heavily in the IT infrastructure and security for your organization. Yet, attacks are getting through and hostile internal actors operate with impunity. Moreover, it takes months or even years to detect threats. This lack of threat visibility is a function of growing network complexity as well as constantly evolving attacks. And security teams, with their limited resources and disjointed tools, can only do so much. How do you know if your current security controls are working, managed, and configured properly? And how do you know these tools are doing the job that you need them to do?
The solution: Network + Security
Network packet metadata can provide useful insights about who is connecting to the organization and what they are up to. Everything touches the network, so these insights can extend from the HQ to the branch, public cloud and private data centers, roaming users, and even Internet of Things (IoT). Analyzing this data can help detect threats that may have found a way to bypass your existing controls, before they are able to have a major impact. It can also detect questionable behavior undertaken by hostile insiders. And, importantly, properly functioning analytics can lessen the burden on your security team and provide them with more opportunity to concentrate on high probability threats. This approach to advanced threat detection is:
Effective security is dependent on the ability to see everything in your network
Benefits:
Know every host. See every conversation. Understand what is normal. Be alerted to change. Respond to threats quickly.
Continuously monitor and detect
advanced threats that have either bypassed existing security controls or originate from within
Focus on critical incidents, not noise
with contextual, high-fidelity alarms prioritized by threat severity
Respond quickly and effectively
with complete knowledge of threat activity, network audit trails for forensic investigations, and integrations with existing security controls
Leverage existing investments
into the IT infrastructure and use the rich network telemetry for better security
Scale security with growing business needs
whether you are adding a new branch or a data center, moving workloads to the cloud, or simply adding more devices
Ensure compliance
with policy violation alarms that can be tuned to the business logic
Secure your cloud in Microsoft Azure
Reduce costs and complexity while securing your cloud environment in Azure.
A new approach to AWS security
Dynamic environments such as Amazon Web Services (AWS) need a rethinking of security.
Security for Google Cloud
In as little as 10 minutes, secure your Google Cloud Platform environments
Contextual network-wide visibility
Stealthwatch provides agent-less enterprise-wide visibility, across on-premises, as well as in all public cloud environments. With knowledge of who is on the network and what they are doing, it also helps organizations to implement smarter segmentation customized to the business logic. And it provides actionable intelligence enriched with context such as user, device, location, time-stamp, application, etc.
Predictive threat analytics
Stealthwatch uses a pipeline of analytical techniques to detect advanced threats before they can turn into a breach. Using network behavior analysis, it can pinpoint anomalies, which are further analyzed using a combination of supervised and unsupervised machine learning for high-fidelity threat detection. This allows your security team to focus on the most critical threats. The Stealthwatch security analytics engine is also powered by the industry-leading Cisco Talos threat intelligence, that has the most up-to-date information for local-to-global threat correlation.
Automated detection and response
The combination of this context-driven enterprise-wide visibility and the application of advanced analytical techniques helps organizations to detect threats like unknown or encrypted malware, insider threats, policy violations, anything that “hits the wire”. Security teams can see alarms that are prioritized by threat severity, and have additional information to take actions easily. Stealthwatch also has the capability to store telemetry at scale, and provides network audit trails for forensic investigations into past events and for compliance monitoring. Finally, it integrates with your existing security controls in order to respond to the threat, without any business shutdown.
Sample use cases