Cisco Stealthwatch: Network Visibility and Security Analytics

Combining their expertise in security and data center networking, Cisco Stealthwatch brings pervasive security to your entire environment. All traffic, both benign and malicious, must traverse your network in order to carry out its function. With Cisco Stealthwatch, your NetFlow data is leveraged along with advanced security analytics to help detect both user-based threats and malicious software.

Stealthwatch helps with:

• Real-time threat detection
• Incident response and forensics
• Network performance and capacity planning
• Regulatory compliance

Some of the threats that Stealthwatch can detect are malware, distributed denial-of-service (DDoS) attacks, advanced persistent threats (APTs), and insider threats. It has visibility into both north-south and east-west traffic to detect different attack vectors. Stealthwatch also creates a normalized baseline so it can detect anomalies in user behavior that may be an intentional or accidental insider threat.

Most organizations keep their logs for a short period of time in order to troubleshoot problems and help with forensics in the event of a breach; however, combing through these logs can be tedious and prone to user-error. Stealthwatch’s ability to store network data for months or years (depending on storage) provides a historical audit trail of all network activity.

Cisco Stealthwatch:

• Collect NetFlow data from Cisco switches and other types of networking devices
• Supports up to 6 million flows per second (fps)
• Conducts flow stitching and deduplication to eliminate redundant flows and reduce storage
• Delivers application, identity, device, virtual, proxy, and other context
• Stores terabytes of data for long-term forensics
• Works with Cisco ISE, Cisco TrustSec, and Network as a Sensor and Enforcer
• Available as both a physical and virtual appliance

Network visibility is a huge part of maintaining the security and performance of your environment. With Cisco Stealthwatch, you gain a level of real-time analytics of traffic flows, user-based attacks, and malicious software to better plan and secure your environment.