Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating

Keegan Uchacz – Systems Engineer

Cisco Stealthwatch Cloud

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

Effective security is dependent on the ability to see everything in your network

Network

Users

HQ

Data Center

Admin

Branch

SEE every conversation

Understand what is NORMAL

Be alerted toCHANGE

KNOWevery host

Respond to THREATS quickly

Roaming Users

Cloud


Stealthwatch Cloud Stealthwatch Enterprise

Stealthwatch provides the security visibility you need

Private network monitoringEnterprise network

monitoringPublic cloud monitoring

Suitable for enterprises & commercial businesses using public cloud services

On-premises virtual or hardware appliance

On-premises network monitoring On-premises network monitoringPublic cloud monitoring

Suitable for SMBs & commercial businesses

Suitable for enterprises & large businesses

Software as a Service (SaaS) Software as a Service (SaaS)


Quick and easy security for dynamic environments

Stealthwatch Cloud

Public Cloud

• VPC Flow Logs• Other data sources

• NetFlow• Mirror port• Other data sources


Using modeling to detect security events

Dynamic Entity Modeling

Collect Input Draw ConclusionsPerform Analysis

System Logs

Security Events

Passive DNS

External Intel

Config Changes

Vulnerability Scans

IP Meta Data

Dynamic Entity

Modeling

Group

Consistency

Rules

Forecast

Role

What ports/protocols does the device continually access?

What connections does itcontinually make?

Does it communicate internally only?What countries does it talk to?

How much data does the device normally send/receive?

What is the role of the device?


Identify every entity in your network automatically

Automated Endpoint Discovery

Detecthttp://www.cisco.obsrvbl.com/instances X

Track

Profile


Detailed visibility of every entity

Automated Entity Discovery

Time of Day Usagehttp://www.cisco.obsrvbl.com/instances X

Traffic Statistics

Active Traffic Profiles


Traffic profiling on every entity

Automated Entity Discovery

Connections by profilehttp://www.cisco.obsrvbl.com/instances X

Traffic Statistics by profile


Profile entity behavior


Roles include:

Android

AWS Resource

Wireless LAN Controller

Citrix PVS Server

Database Server

Kerberos Node

Mail Server

Medical Imaging Client

Remote Desktop Server

Terminal Server

DNS Server VolP Client

Domain Controller

Apple iOS

Legacy Windows Device

Web Server

…and 20+ more

http://www.cisco.obsrvbl.com/roles X


Detecting Observations

View observations for aa specific host

Automatic event detection

See Observation details


36 Day BaselineMonitor and modelbehavior

Classify roles Dynamically

assign roles to entities

Alert Triggers for Database Exfiltration

Database server identified

IP address detected

Data access from regular location

Detect abnormal activity using entity modeling

New ExternalConnection osbservation

New High Throughput Connection

Existing IP accessesdatabase server

Communicateswith set of IPs

Data stays withinenvironment

?


Alerts reference Observations

High throughput to new host

Automatic event detection

Russia identified as suspicious country


Excessive failed access attempts

Low-noise alerts help you solve problems


DDoS and amplification attacks

Potential data exfiltration

Geographically unusual remote access

Suspected botnet interaction

ALERT: Anomaly detected

96% of customers rated the alerts generated by

Stealthwatch Cloud’s entity modeling solutions as “helpful”


Integrate easily with all your current systems

SaaS Management Portal

Web Platforms

Email

SIEM AWS

And Other Platforms

S3SQS

Stealthwatch Cloud

SNS


Cisco Stealthwatch Cloud: Public Cloud Monitoring


Microsoft Azure

Amazon Web

Services

Google Cloud Platform

Cloud security is a shared responsibility

Server-side encryption

Customer data

Applications

Operating system, network & firewall configuration

Identity & access management

Client-side data encryption & data integrity authentication

CustomerResponsible for security “IN” the cloud

Hardware

Storage

Database

Networking

Regions

Cloud software

Availability zones

Cloud ProviderResponsible for security “OF” the cloud

Platforms


Public cloud security challenges

Detect & Prevent Data

Loss

Am I compliant?

Gaps in security Do I have application

vulnerabilities?

What are users doing in the account?


Stealthwatch Cloud makes it easy to address cloud security challenges

Get complete visibility of activity in the public cloud

Detect threats automatically

Deploy and manage easily


Cover your entire cloud attack surface with ease

AWS Flow Logs

Additional AWS Data Sources

Config Lambda

Inspector IAM

Cloud Trail Cloud Watch

Stealthwatch Cloud

AWSVPC Flow

Logs


Track resource behavior

AWS Lambda

Combined traffic view


Additional Alerts for AWS

Cloudtrail & IAM

Lambda

Account Issues

API Access


Cisco Stealthwatch Cloud: Private Network Monitoring


Achieve accurate threat detection with the benefits of SaaS

Get complete visibility into your network

Detect threats automatically

Deploy and manage easily


Detect threats and see network activity using existing telemetry sourcesVirtual Sensors

Collect from all these sources

NetFlow

SIEM

IPFIX

DNS

Active Directory

Gigamon

Any Mirror/SPAN

Switches FirewallsApplication

Servers

DNS Lookup

IP Traffic Data

Threat Detection

Other Security Data

Use DNS Lookupsto link dynamics IPs

to a host name

Stealthwatch Cloud

Mirror/Span Ports

Load Balancers


Data Center Segment

Accounting Segment

Core Switching

Stealthwatch Cloud fits seamlessly into your existing network architecture with no messy reorganizationVirtual Sensors

SIEM

SyslogSNMP

SW Cloud Virtual Appliance

SaaS Portal

Stealthwatch Cloud

Mgmt

NetFlow

IPFIX

Encrypted Private Tunnel

Span


Establish a secure communication from on-premises network to the cloud

SaaS

Distribute workloads across physical and virtual resources

Never transmits, stores, or processes payload data

Ensure stored data is encrypted at rest

ECDHE_RSA with P-256 Key Exchange

TLS 1.2


Explore activity through detailed analytics and reportingSaaS Management Portal

http://www.cisco.obsrvbl.com/snapshots X

Ongoing dashboard visualizations

Detailed inventory and network traffic reports

Expandable view of alerts


Full indexing and filtering

Search on any host


Evaluate telemetry against known applications


Easily detect violations toorganizational policies


Summary entity reports

Top IPs and Ports


Explore activity through detailed analytics and reporting

Ongoing dashboard visualizations


Drill into Alert Details

Deep-dive into IP traffic, roles and alerts

Expandable view of alerts


Get the full benefit of the cloud

Easy to use and deploy

Centrally managed

Flexible pricing

Secure data storage

SaaS-based security

Automatically scale


Manage everything from a simple SaaS portal

SaaS Management Portal

Unlimited users

No patching necessary

Support available

Available anywhere

New features added monthly

http://www.cisco.obsrvbl.com/roles X


Empower your team to make informed security decisions

NEW DEVICE FOUND

X

Keep inventory of every entity on your network

Prove compliance with organized records

React to reliable, actionable alerts

Drive deeper insightwith entity modeling

Enhance productivity in existing workforce


Stealthwatch is available across all deployment methods

Stealthwatch Cloud Stealthwatch Enterprise

Private network monitoring

Enterprise network monitoring

Enterprise & commercial customers

Monitor private network via on-premises virtual or hardware appliance

Complements Cisco public cloud offering

SMB & commercial companies

Monitors private network via SaaS

Complements Cisco public cloud offering

Any business using public cloud infrastructure

Monitors public cloud via SaaS

Complements Cisco Enterprise and Private Network

offering

Public cloud monitoring


Start today with a free 60-day trial

Schedule consultation with a security specialist

See results within hours

Learn more: cisco.com/go/

stealthwatch-cloud

Documents

Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating