How Secure Network Analytics 7.4.2 delivers world-class NDR

Cisco is dedicated to providing genuine added value to customers, and we believe our new version of Secure Network Analytics (SNA) – software release 7.4.2 – more than drives that point home. Packed with enhancements, including better data ingestion and processing, advanced detection, and hardware integrations, this new SNA implementation delivers the essential, high-demand network visibility and detection needed to safeguard the business efficiently and effectively.

Data Store architecture takes center stage

So, what’s the most notable improvement in 7.4.2? Better Data Store architecture. With the ability migrate existing SNA implementation over to this architecture, users can access enhancements added over multiple iterations — all designed to make gathering and storing info easier.

It starts with flow collectors. This new release aims to minimize the number needed, using a centralized database instead to handle the processing of collected flows – a substantial change designed to improve fault tolerance, add resiliency, and preserve your historical data – even when it’s deployed in more than three data nodes.

Query response times are also faster, and we’ve also added better reporting. So, between these two enhancements alone, charts, graphs, and your top-5 accessed reports will load up within minutes, rather than hours.

On the telemetry front, 7.4.2 is very scalable. It’s already compatible with NetFlow, NVM, FTD, and ASA Firewall telemetry, but it will also be adaptable to future types of telemetry.

And one of the biggest benefits is enhanced maintenance. This architecture delivers a substantial increase in flow processing rates, scaling up to as much as 1 million Flows Per Second (FPS). This is an almost two-fold increase over the previous rate. But now with a centralized primary database to process flows, this makes maintenance easier — and reduces costs – a high priority across many industries.

Here are some of the specific feature enhancements you’ll see with 7.4.2:

Converged analytics meets powerful detection

In one specific deployment model, the Converged Analytics workflow delivers superior intel by using a more robust and efficient threat detection engine, and centralized data is leveraged to create reliable, relevant alerts.

Compared to the original SNA alarms, these are drastically quieter – and more in-tune with what’s happening now – delivering context based on the network and advanced behavioral analytics. In other words, SNA creates a instant baseline, learns what behavior is considered “normal” over time, and only triggers an alert if a user fails to follow that trend.

This new centralized engine can in fact now produce new alerts on additional telemetry types, such as Remote Worker detections leveraging the Network Visibility Module (NVM). This represents an important milestone in the threat detection capabilities for the Secure Network Analytics offering, which can now cover important use cases for the market as the need for remote worker visibility continuously increases. To add to the capabilities of Converged Analytics, the engine can also dynamically provide role modeling detections based on the behavior of assets in the network.

This feature helps provide needed context for the detection engine so it can understand an entity’s behavior and create relevant alerts that are meaningful to each customer’s circumstances.

And one more performance boost to note. Secure Network Analytics now integrates with the latest M6 hardware appliance. This yields better Flow Collector ingestion rates, faster flow search queries, and an overall increase in the throughput for the Flow Sensors. Cisco Telemetry Broker is also integrated, which enables users to redirect traffic from any source to a Secure Network Analytics deployment.

With all the improvements to the data ingestion mechanism, the product can effectively achieve XDR outcomes with its native functionality and integration with SecureX. By leveraging multiple telemetry sources, customers can achieve broad network visibility and easily consume relevant detections for potential threats in their network. The simplified workflow reduces the need for users to understand the meaning and source of an alert, enabling them to respond and remediate faster. Thanks to this, organizations can safeguard their assets in time and prevent attackers from breaching the network.

While there are many more details that showcase the fantastic work by the Cisco team, this summary provides a conceptual overview that illustrates the added value for customers who upgrade to the latest 7.4.2 release. And as the market continues to evolve and organizations need a strong Network Detection and Response solution to protect their business and assets, Secure Network Analytics will continue leading the market with a world-class solution that solves customers’ most prominent and urgent needs.

Source: cisco.com