Users on the network are an important layer of an organization’s security strategy – and a particularly vulnerable one. In fact, a recent IBM cybersecurity report found that human error was a contributing factor in 95% of all security incidents! It is critical to know what users are doing on the network, especially since some potential high-risk behaviors like data disclosure and shadow IT may not trigger current security layers (e.g. malware protection).
Cisco AnyConnect Network Visibility Module (NVM) empowers organizations to see endpoint and user behavior on their network. Cisco AnyConnect NVM collects flows from endpoints (e.g., laptops) both on and off-premise along with additional context like users, applications, devices, locations and destinations. Now, IT administrators can use Splunk Enterprise to analyze and correlate this rich data with the new Cisco AnyConnect Network Visibility (NVM) App for Splunk, which provides collection and reporting of flows generated by the Cisco AnyConnect NVM endpoint sensor technology.
Security teams can use the analysis provided through the Cisco AnyConnect Network Visibility (NVM) App for Splunk to monitor and evaluate behavior to identify, investigate and defend against potential threats. For example, they could see a user sending large amounts of data to an external storage service, indicating potential data exfiltration. Or, they could gain visibility into shadow IT behavior by seeing users accessing unauthorized applications. Networking and application teams can also use this information to improve overall network operations, support application capacity planning, and troubleshoot issues.
To learn more, visit our Cisco AnyConnect webpage or talk to your Cisco Account Manager.
Best solution to ensure employees are not abusing network access and company information if not compromised.
I downloaded the Splunk App and it is fantastic. The endpoint information is very useful. I was surprised at all of the web activity being done by ‘background’ processes on my system. Some of the sites even look suspicious from legitimate apps. I have a lot of investigating to do !
Thanks for the great post pointing me to the Splunk tool.
I tried the solution out last week and it is really great endpoint technology. Super helpful blog too. The Splunk App works well and I hope to use it in production.
Splunk App measures the effectiveness and status of PCI compliance technical controls in real time. It can also identify and prioritize any control areas that may need to be addressed and let it quickly address any auditor report or data request.
Thanks for shared an emphatic article and I really enjoyed to reading this post.
how does splunk compete with the solarwinds suite?
we also use the hytrust suite for access control
Hi,
The Splunk App is specific to the AnyConnect NVM IPFIX extensions known as ‘nvzFlow’. I am not aware of support for the ‘nvzFlow’ protocol in the tools you mentioned. That said, we do know that many IPFIX vendors are adding support for this new protocol into their products.
Splunk App one of the best apps and compare to other apps is quite good, getting more features and specification is different from it, thanks for shared and I really enjoyed to reading this post.