Avatar

By sheer necessity, there is an increasingly interdependent role between NetOps and SecOps in many enterprises. Cisco has been monitoring three trends:

  1. Networks are connecting ever more devices, locations and users. The complexity of managing them is creating openings for new threats.
  2. As advanced threats multiply, organizations need to control the cost of containment by automating and extending visibility across different functions.
  3. And as threats become more advanced, they are becoming an inhibitor to network assurance. For example, instead of breaking in, attackers simply hide in encrypted traffic to gain access to the network.

In short, SecOps needs immediate access to security telemetry to get visibility from all the new endpoints being added to the network, and NetOps needs to know about threats that could impact uptime, particularly encrypted threats.

These are some of the challenges that led to the integration of Cisco DNA Center and Cisco Stealthwatch.

Better IT workflow for faster threat resolution

Cisco Stealthwatch extends threat detection and containment to the Cisco DNA Center, the one-stop NetOps management for distributed enterprises.  Cisco DNA Center now automates enabling threat telemetry, including enhanced telemetry from encrypted traffic (Encrypted Traffic Analytics or ETA), to be sent to Stealthwatch. The critical threats from Stealthwatch, in turn, can now be monitored from the Cisco DNA Center, which provides a platform for custom resolution services such as opening a ticket for automated threat containment.

In the past, these workflows have never been integrated seamlessly. But now we have the ability to streamline them with the new, open Cisco DNA Center Platform. Highlighting the power of the Cisco DNA Center open platform approach, combined with the expertise of Cisco Advanced Services engineers – the application development and integration required for this workflow was completed in just 3 weeks

Step 0

Automatically find and turn-on threat telemetry from your network devices, including Encrypted Traffic Analytics. Today, customers can take weeks to months to identify and turn on necessary telemetry for security visibility.  We can do it in minutes.

Step 1

Stealthwatch applies advanced security analytics in the form of behavioral modeling, machine learning and global threat intelligence to pinpoint critical threats with high confidence, including where they are originating from. This info now appears in the 360 dashboard for every client on the network.

Step 2

Cisco DNA Center instantly communicates with the ITSM (IT Service Management) to generate a ticket related to this incident. And also communicates the incident to customer-specific Security Operations app (developed by Cisco Advanced Services) used by SecOps team to contain the threat.

Step 3

SecOps informs Cisco DNA Center to quarantine the user using the Security Operations App, and Cisco DNA Center isolates the user.

Step 4

Cisco DNA Center confirms containment and informs  SecOps that the user has been quarantined.

 Step 5

SecOps uses the Security Operations app to update the ticket in the ITSM.

This workflow can be simpler or more complex depending on the type of threat, but the key is that it is seamless and intuitive between NetOps and SecOps.

Security is everyone’s problem now and containing threats quickly while maintaining network performance requires cooperation, automation, and visibility across IT, Network and Security Operations.

If you are attending Cisco Live Orlando this week, come and see the solution in action at the Cisco DNA Center Platform demo stand in the World of Solutions!

 



Authors

Sandeep Agrawal

Sr. Product Line Manager

Security Business Group