cisco stealthwatch cloud - sccug · amazon web services google cloud platform cloud security is a...
TRANSCRIPT
![Page 1: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/1.jpg)
Keegan Uchacz – Systems Engineer
Cisco Stealthwatch Cloud
![Page 2: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/2.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Effective security is dependent on the ability to see everything in your network
Network
Users
HQ
Data Center
Admin
Branch
SEE every conversation
Understand what is NORMAL
Be alerted toCHANGE
KNOWevery host
Respond to THREATS quickly
Roaming Users
Cloud
![Page 3: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/3.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Stealthwatch Cloud Stealthwatch Enterprise
Stealthwatch provides the security visibility you need
Private network monitoringEnterprise network
monitoringPublic cloud monitoring
Suitable for enterprises & commercial businesses using public cloud services
On-premises virtual or hardware appliance
On-premises network monitoring On-premises network monitoringPublic cloud monitoring
Suitable for SMBs & commercial businesses
Suitable for enterprises & large businesses
Software as a Service (SaaS) Software as a Service (SaaS)
![Page 4: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/4.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Quick and easy security for dynamic environments
Stealthwatch Cloud
Public Cloud
• VPC Flow Logs• Other data sources
• NetFlow• Mirror port• Other data sources
![Page 5: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/5.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Using modeling to detect security events
Dynamic Entity Modeling
Collect Input Draw ConclusionsPerform Analysis
System Logs
Security Events
Passive DNS
External Intel
Config Changes
Vulnerability Scans
IP Meta Data
Dynamic Entity
Modeling
Group
Consistency
Rules
Forecast
Role
What ports/protocols does the device continually access?
What connections does itcontinually make?
Does it communicate internally only?What countries does it talk to?
How much data does the device normally send/receive?
What is the role of the device?
![Page 6: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/6.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Identify every entity in your network automatically
Automated Endpoint Discovery
Detecthttp://www.cisco.obsrvbl.com/instances X
Track
Profile
![Page 7: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/7.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Detailed visibility of every entity
Automated Entity Discovery
Time of Day Usagehttp://www.cisco.obsrvbl.com/instances X
Traffic Statistics
Active Traffic Profiles
![Page 8: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/8.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Traffic profiling on every entity
Automated Entity Discovery
Connections by profilehttp://www.cisco.obsrvbl.com/instances X
Traffic Statistics by profile
![Page 9: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/9.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Profile entity behavior
Dynamic Entity Modeling
Roles include:
Android
AWS Resource
Wireless LAN Controller
Citrix PVS Server
Database Server
Kerberos Node
Mail Server
Medical Imaging Client
Remote Desktop Server
Terminal Server
DNS Server VolP Client
Domain Controller
Apple iOS
Legacy Windows Device
Web Server
…and 20+ more
http://www.cisco.obsrvbl.com/roles X
![Page 10: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/10.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Detecting Observations
View observations for aa specific host
Automatic event detection
See Observation details
![Page 11: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/11.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
36 Day BaselineMonitor and modelbehavior
Classify roles Dynamically
assign roles to entities
Alert Triggers for Database Exfiltration
Database server identified
IP address detected
Data access from regular location
Detect abnormal activity using entity modeling
New ExternalConnection osbservation
New High Throughput Connection
Existing IP accessesdatabase server
Communicateswith set of IPs
Data stays withinenvironment
?
![Page 12: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/12.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Alerts reference Observations
High throughput to new host
Automatic event detection
Russia identified as suspicious country
![Page 13: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/13.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Excessive failed access attempts
Low-noise alerts help you solve problems
Dynamic Entity Modeling
DDoS and amplification attacks
Potential data exfiltration
Geographically unusual remote access
Suspected botnet interaction
ALERT: Anomaly detected
96% of customers rated the alerts generated by
Stealthwatch Cloud’s entity modeling solutions as “helpful”
![Page 14: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/14.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Integrate easily with all your current systems
SaaS Management Portal
Web Platforms
SIEM AWS
And Other Platforms
S3SQS
Stealthwatch Cloud
SNS
![Page 15: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/15.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Cisco Stealthwatch Cloud: Public Cloud Monitoring
![Page 16: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/16.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Microsoft Azure
Amazon Web
Services
Google Cloud Platform
Cloud security is a shared responsibility
Server-side encryption
Customer data
Applications
Operating system, network & firewall configuration
Identity & access management
Client-side data encryption & data integrity authentication
CustomerResponsible for security “IN” the cloud
Hardware
Storage
Database
Networking
Regions
Cloud software
Availability zones
Cloud ProviderResponsible for security “OF” the cloud
Platforms
![Page 17: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/17.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Public cloud security challenges
Detect & Prevent Data
Loss
Am I compliant?
Gaps in security Do I have application
vulnerabilities?
What are users doing in the account?
![Page 18: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/18.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Stealthwatch Cloud makes it easy to address cloud security challenges
Get complete visibility of activity in the public cloud
Detect threats automatically
Deploy and manage easily
![Page 19: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/19.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Cover your entire cloud attack surface with ease
AWS Flow Logs
Additional AWS Data Sources
Config Lambda
Inspector IAM
Cloud Trail Cloud Watch
Stealthwatch Cloud
AWSVPC Flow
Logs
![Page 20: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/20.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Track resource behavior
AWS Lambda
Combined traffic view
![Page 21: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/21.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Additional Alerts for AWS
Cloudtrail & IAM
Lambda
Account Issues
API Access
![Page 22: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/22.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Cisco Stealthwatch Cloud: Private Network Monitoring
![Page 23: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/23.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Achieve accurate threat detection with the benefits of SaaS
Get complete visibility into your network
Detect threats automatically
Deploy and manage easily
![Page 24: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/24.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Detect threats and see network activity using existing telemetry sourcesVirtual Sensors
Collect from all these sources
NetFlow
SIEM
IPFIX
DNS
Active Directory
Gigamon
Any Mirror/SPAN
Switches FirewallsApplication
Servers
DNS Lookup
IP Traffic Data
Threat Detection
Other Security Data
Use DNS Lookupsto link dynamics IPs
to a host name
Stealthwatch Cloud
Mirror/Span Ports
Load Balancers
![Page 25: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/25.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Data Center Segment
Accounting Segment
Core Switching
Stealthwatch Cloud fits seamlessly into your existing network architecture with no messy reorganizationVirtual Sensors
SIEM
SyslogSNMP
SW Cloud Virtual Appliance
SaaS Portal
Stealthwatch Cloud
Mgmt
NetFlow
IPFIX
Encrypted Private Tunnel
Span
![Page 26: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/26.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Establish a secure communication from on-premises network to the cloud
SaaS
Distribute workloads across physical and virtual resources
Never transmits, stores, or processes payload data
Ensure stored data is encrypted at rest
ECDHE_RSA with P-256 Key Exchange
TLS 1.2
![Page 27: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/27.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Explore activity through detailed analytics and reportingSaaS Management Portal
http://www.cisco.obsrvbl.com/snapshots X
Ongoing dashboard visualizations
Detailed inventory and network traffic reports
Expandable view of alerts
![Page 28: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/28.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Full indexing and filtering
Search on any host
![Page 29: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/29.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Evaluate telemetry against known applications
Dynamic Entity Modeling
Easily detect violations toorganizational policies
![Page 30: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/30.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Summary entity reports
Top IPs and Ports
![Page 31: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/31.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Explore activity through detailed analytics and reporting
Ongoing dashboard visualizations
![Page 32: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/32.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Drill into Alert Details
Deep-dive into IP traffic, roles and alerts
Expandable view of alerts
![Page 33: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/33.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Get the full benefit of the cloud
Easy to use and deploy
Centrally managed
Flexible pricing
Secure data storage
SaaS-based security
Automatically scale
![Page 34: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/34.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Manage everything from a simple SaaS portal
SaaS Management Portal
Unlimited users
No patching necessary
Support available
Available anywhere
New features added monthly
http://www.cisco.obsrvbl.com/roles X
![Page 35: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/35.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Empower your team to make informed security decisions
NEW DEVICE FOUND
X
Keep inventory of every entity on your network
Prove compliance with organized records
React to reliable, actionable alerts
Drive deeper insightwith entity modeling
Enhance productivity in existing workforce
![Page 36: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/36.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Stealthwatch is available across all deployment methods
Stealthwatch Cloud Stealthwatch Enterprise
Private network monitoring
Enterprise network monitoring
Enterprise & commercial customers
Monitor private network via on-premises virtual or hardware appliance
Complements Cisco public cloud offering
SMB & commercial companies
Monitors private network via SaaS
Complements Cisco public cloud offering
Any business using public cloud infrastructure
Monitors public cloud via SaaS
Complements Cisco Enterprise and Private Network
offering
Public cloud monitoring
![Page 37: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/37.jpg)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Start today with a free 60-day trial
Schedule consultation with a security specialist
See results within hours
Learn more: cisco.com/go/
stealthwatch-cloud
![Page 38: Cisco Stealthwatch Cloud - SCCUG · Amazon Web Services Google Cloud Platform Cloud security is a shared responsibility Server-side encryption Customer data Applications Operating](https://reader033.vdocuments.us/reader033/viewer/2022050410/5f87564f4320103eb6310749/html5/thumbnails/38.jpg)