Avatar

See and stop threats using your existing network.

If you live in the United States, there’s a 44% chance your most valuable personal data were recently compromised[1]. The silver lining, if there is one, is that this breach compelled many to start actively monitoring their credit report for signs of suspicious activity. It often takes a mega breach – such as that of a major credit reporting agency – to incite action. This is despite the fact that identity theft was already a $15 billion problem and the likelihood of being victimized was significant even before the new breach. One of the reasons identity theft can be so damaging is that most people don’t have the appropriate precautions in place, and by the time they realize they’ve been owned, it’s too late.

A similar dynamic exists with organizations. The likelihood of a network compromise has never been higher. It’s not a matter of “if” you’ll be breached, but rather “when”.  And in the event of a breach, companies often have open networks, making it easier for threats to move laterally throughout the network. Or there’s simply no mechanism to see malicious activity after it breaks through the perimeter. This all means free reign for threats to reach and exploit your critical data, unimpeded. This is a key reason why the industry average time-to-detection and containment are 191 and 70 days, respectively. And these time-to-detection lag times make expensive breaches even costlier at an average of $3.62 million in 2017.[2]

Since the invention of the network, security has been a prime concern. Ironically, the recent trend is to manage networking and security separately, and call it network security. This approach has led to fragmented defense postures, which are challenging to implement and too easy for hackers to circumvent. The two shouldn’t be mutually exclusive.

Cisco has long believed enhancing the network itself is the most effective and practical way to safeguard your data. And despite the fact that both networking and security have dramatically evolved, it’s now more important than ever to streamline your network defenses with built-in security solutions. We’re pleased to announce the official launch our Network Visibility and Enforcement solution, which features Cisco Stealthwatch, the Identity Services Engine (ISE) and TrustSec. Only Cisco is positioned to offer the most effective way to achieve the following key outcomes that will minimize the impact of a breach:

  • Prepare as though you will be breached
  • Detect threats sooner
  • Achieve rapid threat containment

Prepare as though you will be breached

When the day comes (and likely, it already has) that a threat presents itself in your network, you want to make sure that any damage is limited to the specific part of the network where the breach occurred, and nowhere else. This is why a segmented network is so critical. But not all approaches to segmentation are created equal. More on that in a minute. Cisco Identity Services Engine (ISE) in conjunction with Cisco TrustSec provides role-based segmentation for simplified access control that scales with your business. And Cisco Stealthwatch provides the assurance necessary for effective segmentation monitoring.

Detect Threats Sooner

Do you know if you’ve been breached? How do you know? Whether it’s an insider threat or malware, there’s indicators of compromise that are manifested in your network traffic. You just need the visibility and detection capabilities to discover these bad actors. Cisco Stealthwatch lights up the dark corners of your network by gathering network telemetry, using multi-layer machine-learning to analyze and detect malicious activity. Integration with ISE makes it possible for Stealthwatch to ingest user and device details for more actionable reporting. This includes our new Cisco Encrypted Traffic Analytics solution that leverages Stealthwatch to provide visibility and security analytics to encrypted traffic. So even when the inevitable a breach occurs, you’ll know it – faster.

Rapid Threat Containment

When Stealthwatch raises a security event, you have the power to respond…. at the click of a button. Within the Stealthwatch management console, ISE is alerted to immediately quarantine any compromised devices and the impact of the attack is contained. This is where software-defined segmentation plays such a critical role. TrustSec the agility to automatically remove a given device from the network is very challenging to execute at scale with access control lists (ACLs). Central policy management is maintained in ISE, which leverages TrustSec software-defined segmentation technology to dynamically enforce across the network without all the manual configuration.

Customers are already enjoying the benefits of Network Visibility and Enforcement. Read more about how Sentara Healthcare has dramatically improved their security posture.

Digital transformation is demanding change at an unprecedented pace and putting extraordinary pressure on the network. This network complexity is increasing the attack surface, impeding visibility and making organizations more vulnerable to attacks. Network Visibility and Enforcement is a strategy to proactively safeguard your data from the inevitable breach. The inability to anticipate every breach and minimize its impact is too costly to ignore. You should start developing these capabilities today!

Learn how you can see and stop threats using the power of your network. Find out more about Cisco Network Visibility and Enforcement at cisco.com/go/nve.

[1] AP News

[2] Ponemon Institute



Authors

Dan Stotts

Product Marketing Manager

Security Product Marketing organization