Avatar

Your network. The enterprise, data center, campus, branch, and cloud. It is all yours. And you have to protect it. Well, not necessarily it (the physical), but all that it is on it (data, apps, workloads, etc.) Because we know two things; the digital transformation is real, and so are the threats that are getting into your network. Does this feel like a complex problem? It is, and you are not alone.

Cisco Secure Network Analytics and Cisco Secure Cloud Analytics provide a path beyond simply seeing; it is about knowing and gaining actionable, always-on security insights to thwart attackers before they can get any data out. A lot is going on within your network. But all this complexity built on cloud, mobility, and IoT can become your greatest asset in the arms race that is network security.

How? Well, you can learn a lot from the network if you know how to listen. Why? Because the threats are in there, often hiding. But just trying to see or gain visibility into the problem is only the first step. Because seeing is one thing but doing is another. And Secure Network Analytics and Secure Cloud Analytics is the doing. Once you can gain visibility and know all your network resources, you can start to listen to them and extract telemetry; you know the data, the flows, all the communications. Within all this “noise” is all the beautiful telemetry waiting to be exposed. And within are all the dark places that attackers are trying to hide. Secure Network Analytics and Secure Cloud Analytics is your spotlight and shines a light on potential threats.

How is the challenge being solved today?

To detect threats, many organizations are looking at the first step, visibility, and are getting hung up with just trying to see what is going on. Others are looking to various vendors to achieve threat detection and compliance which often rely on third-party threat intel and third-party network telemetry to provide the alerts and perform monitoring. These tools do not have native capabilities, which increases complexity from both an integration perspective and increases the number of tools within the network to monitor and maintain. They also offer minimal security alerts driven by heuristic analysis which rely on detecting already known indicators of compromise. These can give a satisfactory performance but may miss new advanced threats and cannot identify threats hiding within encrypted traffic. In the end, attackers are taking advantage of this level of complexity and can evolve faster and faster to stay one step ahead. Not anymore.

What do we do?  

Secure Network Analytics and Secure Cloud Analytics unify threat detection across on-premises and cloud environments. With the ability to provide visibility into network devices, the solution ingests telemetry from both the on-premises infrastructure and public cloud environments to identify the device and establish a baseline of normal behavior. With the use of Cisco’s dynamic entity modeling, we continually observe the behavior of all your network entities and alert on abnormal behavior as well as identify known threats. We accomplish this natively without using any third-party vendors and looking at the actual traffic within the network, no matter where the network is located, on-prem and into the cloud, to support hybrid deployments.

Innovating to simplify security 

As we look to simplify the way we provide comprehensive threat detection across the entire network, innovation will be that spark. We are always looking at what we have done and asking ourselves, “How do we do better?” We don’t want to always do what we have already done. That isn’t how we are going to simplify solutions in a lean and agile business environment. It is often said that necessity is the mother of invention. If that is the case, then simplicity is the far more innovation-driven child.

We asked our team to share a few of our core innovations so far in 2021. In our new Innovations Insights e-book, we look deeper into each of these core advancements to unify threat detection no matter where the network lies.

What’s New 

Unify intent and validate policy with Secure Network Analytics’ TrustSec reports

Visualization of group-based communications ensures security policy doesn’t get in the way of business intent. Learn how we are integrating with Cisco Identity Services Engine (ISE) to make it happen.

Simplified security with purpose-built networking for advanced threat detection

Secure Cloud Analytics sensor is native in IOS-XE on Cat 9200/9300 switches to support always-on security intelligence and unified threat detection for hybrid environments.

Extending detection into automated response with SecureX 

How do you improve on industry-leading network threat detection? You integrate into the industry-leading platform to extend threat detection into an automated response.

Cisco Telemetry Broker

Always on intelligence, fueled by actionable insights, will make comprehensive protection across the distributed network possible. To simplify the sharing of telemetry, we are introducing Cisco Telemetry Broker.

Stay tuned as we are just getting started. And please visit the Cisco Security Analytics Innovation Insights hub and download the Innovation Insights e-book to learn more.



Authors

Joakim Lialias

Director, Product Marketing

Cisco Security