Good things come to those who wait, as do great products that continuously deliver incremental value to their customers. While not all solutions may commit to goals that had been set in the past, that is certainly the case with the latest 7.4.2 release of Secure Network Analytics (SNA). With drastic performance improvements to the data ingestion and processing mechanisms, enhanced detection capabilities, and new hardware integrations, SNA customers can now efficiently achieve high demand network visibility and detection use cases to protect their business.  

So, how did we achieve such impressive results? The journey started with the 7.3.0 release where the Data Store architecture was first made available on hardware nodes. Over time, several improvements were added: 

  1. Virtual data nodes were introduced to augment the deployment options (7.3.1) 
  2. New telemetry such as firewall logs and remote worker visibility were added to increase network visibility (7.3.2)  
  3. More comprehensive configuration capabilities were introduced with virtual and physical Flow Collectors and Managers to enable flexible deployments (7.4.0),  
  4. Enhanced analytics and multi-telemetry support to consume high-efficacy alerts (7.4.1).  

In this process, every step of the way continued to add incremental value to users, making the Data Store increasingly valuable and powerful, leading to today’s design where customers can benefit from unparalleled performance and scalability; all while saving operational and maintenance costs. Now I don’t know about you, reader of this article, but I haven’t seen many other companies reduce costs for their customers while also adding value. These are precisely the advantages we’re seeing with the Data Store. 

As an overview, the Data Store is a deployment model where the number of Flow Collectors is greatly reduced in favor of a central database responsible for processing the flows coming from them. It has the best horizontal scaling in the industry for storing telemetry and events for at least a year, and it works with both physical and virtual appliances. In this architectural model, the flow ingestion is handled by the Flow Collector (FC), whether the actual storage happens in the centralized database.  

The new architecture allows the FCs to scale up to over 700,000 Flows Per Second (FPS), significantly increasing their capacity.

Improved maintenance is one of the most significant advantages customers enjoy as a result of the Data Store. A single Flow Collector can process nearly twice as many flows per second with this architecture, enabling users to increase their flow processing rate to scale up to 1 million flows per second. There is only one primary, central database that needs to be maintained, rather than having to worry about numerous flow collectors. The additional benefit of this strategy is that it significantly lowers costs for customers, which is always a top priority regardless of the industry.

What additional benefits come with Data Store?

  1. Customers can benefit from improved fault tolerance to address critical resiliency needs with the Data Store model, where a deployment with more than three data nodes can ensure that no historical data is ever lost, even if a node fails.
  2. Customers can also achieve better performance with query response times for overall reporting enhancements related to the load time of charts and graphs, where the top five most used reports only took a few minutes versus several hours without the Data Store.
  3. The architecture also allows for a scalable telemetry ingestion mechanism, which currently supports NetFlow, NVM, FTD, and ASA firewall telemetry, but can easily scale other types in the future.

Among the myriad of benefits, a core improvement is brought by the expanded data collection. As a start, all 47 remote worker telemetry fields can now get retained in the Data Store. This also includes complete and continuous remote worker visibility, where the Cisco Secure Client (AnyConnect Secure Mobility Client) caches all the network traffic telemetry records, even when users are not using a VPN. If users are instead leveraging their VPN, the telemetry is received in real time. The Data Store then collects and process the data and is able to even produce detections that are specifically targeting the Network Visibility Module (NVM) telemetry.

Additionally, the Data Store can also gather Cisco Firewall Logs and enable direct pivots from the Firepower Management Center into the Secure Analytics and Loggings Dashboard with the context preserved. In fact, all the firewall data can be easily accessed with an intuitive user interface that can summarize the information and provide findings and insights for rapid understanding.

It goes without saying that the Data Store architecture never stops impressing. And while there could be more to share to fill various articles on the benefits, the most important question becomes: how do I get it? For better or for worse (it’s for the better), it can be encapsulated in two commonly used words: software upgrade. It truly is that simple, and that great. Managers, flow collectors and flow sensors can all be reused, as well as the currently existing 4k and 5k hardware generations, while also allowing customers to add the latest M6 hardware appliance as well to further enhance performance. As mentioned previously, this is an unparalleled scenario for its ease of use and implementation that is unmatched in the industry. Props to the team, truly.

While there are many more details that can showcase the fantastic work conducted by the Cisco team, this summary aims at providing a conceptual overview to highlight the value that customers can benefit from by upgrading to the latest 7.4.2 release. As the market continues to evolve and organizations need a strong Network Detection and Response solution to protect their business and assets, Secure Network Analytics keeps on leading the market with a world class solution that solves customers’ most prominent and urgent needs. And thanks to an incredible new Data Store architecture, customers can benefit from an even more performant and efficient solution to deploy today.

Get more info on Cisco Secure Network Analytics and sign up for a demo.

Learn more Datastore and how to use the newest features in Secure Network Analytics 7.4.1 and 7.4.2 here.

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels



Claudio Lener

Product Manager

Secure Analytics