Cisco Stealthwatch is one of security professionals favourite security tools. Recently version 7.0 has been released and here we shall cover the best updates.
Enhanced Security Analysis
The Cloud-based machine learning engine or Cognitive Intelligence includes:
- More efficient detection of Botnets
- The ability to correlate and analyse proxy logs to network telemetry for greater efficiency
- Optional analytics for internal servers
- Auto-Updates for cryptomining classifier to detect new and unusual cryptomining pools
Context-aware mitigation
Working alongside Cisco ISE (Identity Services Engine), additional threat detection including context and information on specific users has been integrated. The network administrator now also has the ability to terminate a threat directly from within Stealthwatch.
- TrustSec Security Group Tags or (SGTs) can be pulled by Stealthwatch from ISE and be mapped to IP addresses, this increases efficiency implementing network segmentation through the use of STGs to create Custom Security Events from inside Stealthwatch.
- The ability to take selective mitigation actions based on individual threat severity utilising ISE and Adaptive Network Control policies (ANC).
- Scalable user sessions for larger customers with improvements to performance and support for ISE clusters.
Better Control
Every business has their way of operating so threat detection between two separate enterprises may be completely different. Not all security teams can afford to spend their time investigating every possible threat notification which can actually mean that important threats get missed. Cisco Stealthwatch 7.0 is widely customisable so that businesses can define the sort of activity which is considered normal and activity which could pose a risk.
- Add Stealthwatch users and configure access to data based on their roles
- Classify hosts into groups so that anomalies and threats can be monitored based on workflows
Policy Manager enhancements
- Security policies, core, custom and relationship events can be managed through stealthwatch’s web interface
- Create, edit and delete events easily
- Control over relevant alerts that are customised to individual businesses
Easier Management
With the centralized appliance and update manager through the web interface you are able to configure, update and manage each Stealthwatch appliance such as the SMC and Flow Collector from the same place.
Stealthwatch Apps
- Easy– added functionality outside of the normal update process
- Dynamic– Fast adaptation of app features based on customer feedback
- Flexible-With each organisations release schedule
- Secure– Apps are vetted through CSDL (Cisco Secure Development Lifecycle)
Host Classifier
Allows for dynamic classification and discovery of core assets within a network. The app is useful for continuously maintaining host classification as well as for initially configuring a system. Host groups lead to contextual as well as accurate alarms, enabling on site analysis.
Visibility Assessment
Gain quick insight into areas of risk within your network as well as traffic to high risk countries and key network metrics. This app requires very little alteration or host configuration saving time. Printable Summary Reports are available through Stealthwatch for executives to interpret.
ETA Cryptographic Audit
Encrypted traffic for cryptographic compliance can be easily analysed through this app using ETA (Encrypted Traffic Analysis) technology. It provides a quality of encryption assessment which helps to audit cryptographic compliance. Using SSL or early TLS for example violates PCI compliance. The app also helps to understand trends and change the amount and type of encryption.
Stealthwatch + ISE = Visibility and Control
When integrated, Cisco Stealthwatch and ISE deliver unmatched network visibility and control for thwarting advanced attacks.
Scalable visibility and security analytics across your business
Outsmart emerging threats in your digital business with industry-leading machine learning and behavioral modeling. Know who is on the network and what they are doing using telemetry from your network infrastructure. Detect advanced threats and respond to them quickly. Protect critical data with smarter network segmentation. And do it all with a solution that grows with your business.
Conclusion
The threat landscape is changing. Cyber-attacks are more common than ever, and SMB’s must invest serious time and money into identifying, investigating and protecting against threats.
Cisco Stealthwatch can help. Understand and manage your data and information, and detect real threats in real time, with complete, automated visibility into your network. Cisco Stealthwatch Cloud also offers incredible benefits such as:
- Automatic configuration and threat detection
- Key alert updates
- Easy to manage regulatory compliance.
Find the link for the Cisco Official release: Cisco StealthWatch Release 7.0
If you liked this article, follow us on Linkedin, Facebook, Twitter and YouTube. Also why not read some of our related blog posts?
