Cisco Blogs
Share

Cisco Stealthwatch and DNA Center bridge the SecOps – NetOps divide

- June 12, 2018 - 0 Comments

By sheer necessity, there is an increasingly interdependent role between NetOps and SecOps in many enterprises. Cisco has been monitoring three trends:

  1. Networks are connecting ever more devices, locations and users. The complexity of managing them is creating openings for new threats.
  2. As advanced threats multiply, organizations need to control the cost of containment by automating and extending visibility across different functions.
  3. And as threats become more advanced, they are becoming an inhibitor to network assurance. For example, instead of breaking in, attackers simply hide in encrypted traffic to gain access to the network.

In short, SecOps needs immediate access to security telemetry to get visibility from all the new endpoints being added to the network, and NetOps needs to know about threats that could impact uptime, particularly encrypted threats.

These are some of the challenges that led to the integration of Cisco DNA Center and Cisco Stealthwatch.

Better IT workflow for faster threat resolution

Cisco Stealthwatch extends threat detection and containment to the DNA Center, the one-stop NetOps management for distributed enterprises.  DNA Center now automates enabling threat telemetry, including enhanced telemetry from encrypted traffic (Encrypted Traffic Analytics or ETA), to be sent to Stealthwatch. The critical threats from Stealthwatch, in turn, can now be monitored from the DNA Center, which provides a platform for custom resolution services such as opening a ticket for automated threat containment.

In the past, these workflows have never been integrated seamlessly. But now we have the ability to streamline them with the new, open DNA Center Platform. Highlighting the power of the DNA Center open platform approach, combined with the expertise of Cisco Advanced Services engineers – the application development and integration required for this workflow was completed in just 3 weeks

Step 0

Automatically find and turn-on threat telemetry from your network devices, including Encrypted Traffic Analytics. Today, customers can take weeks to months to identify and turn on necessary telemetry for security visibility.  We can do it in minutes.

Step 1

Stealthwatch applies advanced security analytics in the form of behavioral modeling, machine learning and global threat intelligence to pinpoint critical threats with high confidence, including where they are originating from. This info now appears in the 360 dashboard for every client on the network.

Step 2

DNA Center instantly communicates with the ITSM (IT Service Management) to generate a ticket related to this incident. And also communicates the incident to customer-specific Security Operations app (developed by Cisco Advanced Services) used by SecOps team to contain the threat.

Step 3

SecOps informs DNA Center to quarantine the user using the Security Operations App, and DNA Center isolates the user.

Step 4

DNA Center confirms containment and informs  SecOps that the user has been quarantined.

 Step 5

SecOps uses the Security Operations app to update the ticket in the ITSM.

This workflow can be simpler or more complex depending on the type of threat, but the key is that it is seamless and intuitive between NetOps and SecOps.

Security is everyone’s problem now and containing threats quickly while maintaining network performance requires cooperation, automation, and visibility across IT, Network and Security Operations.

If you are attending Cisco Live Orlando this week, come and see the solution in action at the DNA Center Platform demo stand in the World of Solutions!

 

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.