Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Keegan Uchacz – Systems Engineer
Cisco Stealthwatch Cloud
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Effective security is dependent on the ability to see everything in your network
Network
Users
HQ
Data Center
Admin
Branch
SEE every conversation
Understand what is NORMAL
Be alerted toCHANGE
KNOWevery host
Respond to THREATS quickly
Roaming Users
Cloud
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Stealthwatch Cloud Stealthwatch Enterprise
Stealthwatch provides the security visibility you need
Private network monitoringEnterprise network
monitoringPublic cloud monitoring
Suitable for enterprises & commercial businesses using public cloud services
On-premises virtual or hardware appliance
On-premises network monitoring On-premises network monitoringPublic cloud monitoring
Suitable for SMBs & commercial businesses
Suitable for enterprises & large businesses
Software as a Service (SaaS) Software as a Service (SaaS)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Quick and easy security for dynamic environments
Stealthwatch Cloud
Public Cloud
• VPC Flow Logs• Other data sources
• NetFlow• Mirror port• Other data sources
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Using modeling to detect security events
Dynamic Entity Modeling
Collect Input Draw ConclusionsPerform Analysis
System Logs
Security Events
Passive DNS
External Intel
Config Changes
Vulnerability Scans
IP Meta Data
Dynamic Entity
Modeling
Group
Consistency
Rules
Forecast
Role
What ports/protocols does the device continually access?
What connections does itcontinually make?
Does it communicate internally only?What countries does it talk to?
How much data does the device normally send/receive?
What is the role of the device?
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Identify every entity in your network automatically
Automated Endpoint Discovery
Detecthttp://www.cisco.obsrvbl.com/instances X
Track
Profile
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Detailed visibility of every entity
Automated Entity Discovery
Time of Day Usagehttp://www.cisco.obsrvbl.com/instances X
Traffic Statistics
Active Traffic Profiles
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Traffic profiling on every entity
Automated Entity Discovery
Connections by profilehttp://www.cisco.obsrvbl.com/instances X
Traffic Statistics by profile
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Profile entity behavior
Dynamic Entity Modeling
Roles include:
Android
AWS Resource
Wireless LAN Controller
Citrix PVS Server
Database Server
Kerberos Node
Mail Server
Medical Imaging Client
Remote Desktop Server
Terminal Server
DNS Server VolP Client
Domain Controller
Apple iOS
Legacy Windows Device
Web Server
…and 20+ more
http://www.cisco.obsrvbl.com/roles X
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Detecting Observations
View observations for aa specific host
Automatic event detection
See Observation details
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
36 Day BaselineMonitor and modelbehavior
Classify roles Dynamically
assign roles to entities
Alert Triggers for Database Exfiltration
Database server identified
IP address detected
Data access from regular location
Detect abnormal activity using entity modeling
New ExternalConnection osbservation
New High Throughput Connection
Existing IP accessesdatabase server
Communicateswith set of IPs
Data stays withinenvironment
?
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Alerts reference Observations
High throughput to new host
Automatic event detection
Russia identified as suspicious country
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Excessive failed access attempts
Low-noise alerts help you solve problems
Dynamic Entity Modeling
DDoS and amplification attacks
Potential data exfiltration
Geographically unusual remote access
Suspected botnet interaction
ALERT: Anomaly detected
96% of customers rated the alerts generated by
Stealthwatch Cloud’s entity modeling solutions as “helpful”
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Integrate easily with all your current systems
SaaS Management Portal
Web Platforms
SIEM AWS
And Other Platforms
S3SQS
Stealthwatch Cloud
SNS
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Cisco Stealthwatch Cloud: Public Cloud Monitoring
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Microsoft Azure
Amazon Web
Services
Google Cloud Platform
Cloud security is a shared responsibility
Server-side encryption
Customer data
Applications
Operating system, network & firewall configuration
Identity & access management
Client-side data encryption & data integrity authentication
CustomerResponsible for security “IN” the cloud
Hardware
Storage
Database
Networking
Regions
Cloud software
Availability zones
Cloud ProviderResponsible for security “OF” the cloud
Platforms
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Public cloud security challenges
Detect & Prevent Data
Loss
Am I compliant?
Gaps in security Do I have application
vulnerabilities?
What are users doing in the account?
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Stealthwatch Cloud makes it easy to address cloud security challenges
Get complete visibility of activity in the public cloud
Detect threats automatically
Deploy and manage easily
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Cover your entire cloud attack surface with ease
AWS Flow Logs
Additional AWS Data Sources
Config Lambda
Inspector IAM
Cloud Trail Cloud Watch
Stealthwatch Cloud
AWSVPC Flow
Logs
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Track resource behavior
AWS Lambda
Combined traffic view
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Additional Alerts for AWS
Cloudtrail & IAM
Lambda
Account Issues
API Access
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Cisco Stealthwatch Cloud: Private Network Monitoring
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Achieve accurate threat detection with the benefits of SaaS
Get complete visibility into your network
Detect threats automatically
Deploy and manage easily
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Detect threats and see network activity using existing telemetry sourcesVirtual Sensors
Collect from all these sources
NetFlow
SIEM
IPFIX
DNS
Active Directory
Gigamon
Any Mirror/SPAN
Switches FirewallsApplication
Servers
DNS Lookup
IP Traffic Data
Threat Detection
Other Security Data
Use DNS Lookupsto link dynamics IPs
to a host name
Stealthwatch Cloud
Mirror/Span Ports
Load Balancers
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Data Center Segment
Accounting Segment
Core Switching
Stealthwatch Cloud fits seamlessly into your existing network architecture with no messy reorganizationVirtual Sensors
SIEM
SyslogSNMP
SW Cloud Virtual Appliance
SaaS Portal
Stealthwatch Cloud
Mgmt
NetFlow
IPFIX
Encrypted Private Tunnel
Span
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Establish a secure communication from on-premises network to the cloud
SaaS
Distribute workloads across physical and virtual resources
Never transmits, stores, or processes payload data
Ensure stored data is encrypted at rest
ECDHE_RSA with P-256 Key Exchange
TLS 1.2
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Explore activity through detailed analytics and reportingSaaS Management Portal
http://www.cisco.obsrvbl.com/snapshots X
Ongoing dashboard visualizations
Detailed inventory and network traffic reports
Expandable view of alerts
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Full indexing and filtering
Search on any host
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Evaluate telemetry against known applications
Dynamic Entity Modeling
Easily detect violations toorganizational policies
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Summary entity reports
Top IPs and Ports
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Explore activity through detailed analytics and reporting
Ongoing dashboard visualizations
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Drill into Alert Details
Deep-dive into IP traffic, roles and alerts
Expandable view of alerts
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Get the full benefit of the cloud
Easy to use and deploy
Centrally managed
Flexible pricing
Secure data storage
SaaS-based security
Automatically scale
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Manage everything from a simple SaaS portal
SaaS Management Portal
Unlimited users
No patching necessary
Support available
Available anywhere
New features added monthly
http://www.cisco.obsrvbl.com/roles X
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Empower your team to make informed security decisions
NEW DEVICE FOUND
X
Keep inventory of every entity on your network
Prove compliance with organized records
React to reliable, actionable alerts
Drive deeper insightwith entity modeling
Enhance productivity in existing workforce
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Stealthwatch is available across all deployment methods
Stealthwatch Cloud Stealthwatch Enterprise
Private network monitoring
Enterprise network monitoring
Enterprise & commercial customers
Monitor private network via on-premises virtual or hardware appliance
Complements Cisco public cloud offering
SMB & commercial companies
Monitors private network via SaaS
Complements Cisco public cloud offering
Any business using public cloud infrastructure
Monitors public cloud via SaaS
Complements Cisco Enterprise and Private Network
offering
Public cloud monitoring
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Start today with a free 60-day trial
Schedule consultation with a security specialist
See results within hours
Learn more: cisco.com/go/
stealthwatch-cloud