Secure Cloud-native Applications, Infrastructure with Cisco Stealthwatch

Welcome, to Part 3 of our Cisco Application-First Security blog series! The aim of the series is to prepare you to tackle the new DevNet learning track, where you’ll learn how to secure your cloud-native applications and infrastructure using:

Application segmentation
Application monitoring
Public cloud threat detection
Multi-factor authentication

In Part 1 of the blog series we introduced you to the new DevNet learning track and accompanying DevNet Sandbox, and to the docs and other resources you can find on the new Cisco Application-First Security website. We also introduced you to the “Sock Shop” e-commerce scenario you’ll be working with in the learning track. [link]

Part 2 focused on Cisco Duo to add multi-factor authentication (MFA) to protect both your build-environment and Sock Shop app from unintended access. [link to Duo blog: https://blogs.cisco.com/developer/secure-cloud-native-apps-infra-duo]

Now in Part 3, we’ll focus on what Cisco Stealthwatch Cloud can do to give you visibility to your public cloud resources and detect threats in your application environment.

Improve security and incident response across the distributed networks

Cisco Stealthwatch Cloud improves security and incident response across the distributed network, from the private network and branch office to the public cloud. This solution addresses the need for digital businesses to quickly identify threats posed by their network devices and cloud resources, and to do so with minimal management, oversight, and security manpower.

Stealthwatch Cloud Public Cloud Monitoring (PCM) is a visibility, threat identification, and compliance service for Amazon Web Services (AWS). It can also protect other public cloud environments like Azure and GCP. Stealthwatch Cloud consumes network traffic data, including Virtual Private Cloud (VPC) flow logs, from your AWS public cloud network. It then performs dynamic entity modeling by running analytics on that data to detect threats and indicators of compromise.

Stealthwatch Cloud consumes VPC flow logs directly from your AWS account using a cross-account IAM role with the proper permissions. In addition, Stealthwatch Cloud can consume other sources of data, like CloudTrail and IAM, for additional context and monitoring. These native AWS integration make Stealthwatch Cloud an easy plug and play security solution for the Sock Shop!

The Stealthwatch Cloud service can even monitor network traffic between pods running in Kubernetes clusters. This is perfect for your e-commerce unicorn, which is completely build on Kubernetes using AWS EKS! In order to have visibility into inter-pod traffic, each node needs a Stealthwatch Cloud sensor pod. A Kuberentes DaemonSet is used to ensure that those pods always exist on those nodes.

Stealthwatch Cloud uses all of this data from AWS and Kubernetes to model the behavior of each cloud resource, a method called entity modeling. It is then able to detect and alert on sudden changes in behavior, malicious activity, and signs of compromise.

Now you can sleep more soundly knowing that Stealthwatch Cloud is providing public cloud visibility and threat detection for your vibrant Sock Shop business.