Cisco Blogs
Share

Three Ways in which Stealthwatch Helps You Get More from Your Network Data

- October 17, 2017 - 0 Comments

Do you know what the greatest Olympian of all time and Stealthwatch have in common? Both work harder and smarter for unbeatable performance.

I recently heard from the one-and-only, Michael Phelps. He said that very early on, he and his coach set very high goals. And he knew that to achieve them, he had to train differently than his competitors. So Phelps decided to practice all 7 days a week. He called it making a “deposit” and “cashed” them when he achieved the goals he set for himself. While Phelps and his team trained harder and analyzed every aspect of his technique by gathering all data points, they also selectively chose which ones to work on for constant refinement and improvement. I mean, have you seen those underwater turns!!

Similarly, Stealthwatch works hard by collecting and analyzing a robust spectrum of enterprise telemetry from all levels of the networking stack. It provides end-to-end visibility across the entire digital business by leveraging your existing network infrastructure. And you don’t need to deploy agents across your routers, switches, firewalls, endpoints and other network devices to get rich security analytics. Stealthwatch scales with your business across endpoints, data centers, branches and cloud.

But what’s also important is how Stealthwatch uses all that data, the collected telemetry, to generate smart insights and detect advanced threats. Using the power of multi-layer machine learning, Stealthwatch creates a baseline of normal web and network activity for a host, and applies context-aware analysis to automatically detect anomalous behaviors. This is important because in spite of perimeter-based defenses and security products, odds are that your organization will be breached. And when (not if) that happens, there are three key questions:

  1. Do you know if your network has already been breached?
  2. Can you easily determine the cause of the breach?
  3. Can you contain the potential impact and effects of the breach?

It is important to remember that a breach not only refers to malware and other advanced persistent threats (APTs) but also insider threats, such as data exfiltration and data hoarding. There have been too many instances lately when a large organization with a complex network discovered much later that an attack had occurred. As mentioned above, Stealthwatch helps answer the first question as it provides end-to-end visibility by collecting enterprise telemetry from every part of the network, and creates an effective model for all the hosts.

Once a breach is discovered, Stealthwatch answers the second question because it has visibility into every host’s activity and the ability to go back in time to analyze the network audit trail it collects and stores over long periods. Now, you can conduct a thorough retrospective investigation and accelerate incident response from months to hours!

And when you gain visibility into the entire network, you can optimize your security policies and and create logical segmentation based on effective behavioral modeling. For example, Stealthwatch can validate that your printer shouldn’t have access to the source code repository or the payroll system. Stealthwatch can also easily quarantine the infected host and enforce policies using the network. In this way, Stealthwatch solves the third question by providing simplified network segmentation. 

That’s why Cisco Stealthwatch is the industry-leading visibility and security analytics solution. It works harder and smarter to provide advanced threat detection, accelerated threat response and simplified network segmentation. And it does this across your entire digital business using the most advanced machine learning and behavioral modeling.

 Visit www.cisco.com/go/stealthwatch to learn more or www.cisco.com/go/stealthwatch-free-assessment to see what risks exist on your network.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.