Call us: +44 020 7183 2002

Cisco Stealthwatch 7.0 Update

Cisco Stealthwatch is one of security professionals favourite security tools. Recently version 7.0 has been released and here we shall cover the best updates.

 

 

Enhanced Security Analysis

 

The Cloud-based machine learning engine or Cognitive Intelligence includes:

 

    • More efficient detection of Botnets
    • The ability to correlate and analyse proxy logs to network telemetry for greater efficiency
    • Optional analytics for internal servers
    • Auto-Updates for cryptomining classifier to detect new and unusual cryptomining pools

 

Stealthwatch1

 

Context-aware mitigation

 

Working alongside Cisco ISE (Identity Services Engine), additional threat detection including context and information on specific users has been integrated. The network administrator now also has the ability to terminate a threat directly from within Stealthwatch.

    • TrustSec Security Group Tags or (SGTs) can be pulled by Stealthwatch from ISE and be mapped to IP addresses, this increases efficiency implementing network segmentation through the use of STGs to create Custom Security Events from inside Stealthwatch.
    • The ability to take selective mitigation actions based on individual threat severity utilising ISE and Adaptive Network Control policies (ANC).
    • Scalable user sessions for larger customers with improvements to performance and support for ISE clusters.

 

Better Control

 

Every business has their way of operating so threat detection between two separate enterprises may be completely different. Not all security teams can afford to spend their time investigating every possible threat notification which can actually mean that important threats get missed. Cisco Stealthwatch 7.0 is widely customisable so that businesses can define the sort of activity which is considered normal and activity which could pose a risk.

    • Add Stealthwatch users and configure access to data based on their roles
    • Classify hosts into groups so that anomalies and threats can be monitored based on workflows

 

Policy Manager enhancements

 

    • Security policies, core, custom and relationship events can be managed through stealthwatch’s web interface
    • Create, edit and delete events easily
    • Control over relevant alerts that are customised to individual businesses

 

Easier Management

 

With the centralized appliance and update manager through the web interface you are able to configure, update and manage each Stealthwatch appliance such as the SMC and Flow Collector from the same place.

 

Stealthwatch Apps

 

    • Easy– added functionality outside of the normal update process
    • Dynamic– Fast adaptation of app features based on customer feedback
    • Flexible-With each organisations release schedule
    • Secure– Apps are vetted through CSDL (Cisco Secure Development Lifecycle)

 

 

Three new apps

 

Host Classifier

Allows for dynamic classification and discovery of core assets within a network. The app is useful for continuously maintaining host classification as well as for initially configuring a system. Host groups lead to contextual as well as accurate alarms, enabling on site analysis.

 

 

Visibility Assessment

Gain quick insight into areas of risk within your network as well as traffic to high risk countries and key network metrics. This app requires very little alteration or host configuration saving time. Printable Summary Reports are available through Stealthwatch for executives to interpret.

 

 

ETA Cryptographic Audit

Encrypted traffic for cryptographic compliance can be easily analysed through this app using ETA (Encrypted Traffic Analysis) technology. It provides a quality of encryption assessment which helps to audit cryptographic compliance. Using SSL or early TLS for example violates PCI compliance. The app also helps to understand trends and change the amount and type of encryption.

 

 

Conclusion

 

The threat landscape is changing. Cyber-attacks are more common than ever, and SMB’s must invest serious time and money into identifying, investigating and protecting against threats.

Cisco Stealthwatch can help. Understand and manage your data and information, and detect real threats in real time, with complete, automated visibility into your network. Cisco Stealthwatch Cloud also offers incredible benefits such as:

    • Automatic configuration and threat detection
    • Key alert updates
    • Easy to manage regulatory compliance.

 

Find the link for the Cisco Official release: Cisco StealthWatch Release 7.0

 

If you liked this article, follow us on Linkedin, Facebook, Twitter and YouTube. Also why not read some of our related blog posts?

Connect with an Expert Today Contact us

Avatar
Ruben Cocheno

Ruben Cocheno is the Founder of Pxosys who has been working in the Networking & Security Industry since 2004. Having a CCIE amongst other top certifications in the industry, he had the privilege to work with World-class clients. His vast experience across different Large Organizations gave him a set of tools that allows him to design, implement and support solutions within many diverse network technologies becoming more agnostic driven. When he is not working you can find him Blogging (www.cocheno.com), mentoring young pupils on networking/security subjects, practicing outdoor sports, or reading.