Users on the network are an important layer of an organization’s security strategy – and a particularly vulnerable one. In fact, a recent IBM cybersecurity report found that human error was a contributing factor in 95% of all security incidents! It is critical to know what users are doing on the network, especially since some potential high-risk behaviors like data disclosure and shadow IT may not trigger current security layers (e.g. malware protection).

Cisco AnyConnect Network Visibility Module (NVM) empowers organizations to see endpoint and user behavior on their network. Cisco AnyConnect NVM collects flows from endpoints (e.g., laptops) both on and off-premise along with additional context like users, applications, devices, locations and destinations.  Now, IT administrators can use Splunk Enterprise to analyze and correlate this rich data with the new  Cisco AnyConnect Network Visibility (NVM) App for Splunk, which  provides collection and reporting of flows generated by the Cisco AnyConnect NVM endpoint sensor technology.

Cisco AnyConnect Network Visibility Module (NVM) App for Splunk
Cisco AnyConnect Network Visibility Module (NVM) App for Splunk

Security teams can use the analysis provided through the Cisco AnyConnect Network Visibility (NVM) App for Splunk to monitor and evaluate behavior to identify, investigate and defend against potential threats. For example, they could see a user sending large amounts of data to an external storage service, indicating potential data exfiltration. Or, they could gain visibility into shadow IT behavior by seeing users accessing unauthorized applications. Networking and application teams can also use this information to improve overall network operations, support application capacity planning, and troubleshoot issues.

To learn more, visit our Cisco AnyConnect webpage or talk to your Cisco Account Manager.


Vinny Parla

Principal Architect

Office of the Security CTO