Top 5 features of a Network Traffic Analysis (NTA) tool- Why you need Stealthwatch now more than ever

According to research from Enterprise Strategy Group (ESG) and the Information Systems Security Association, 91% of cybersecurity professionals believe that most organizations are either extremely or somewhat vulnerable to a significant cyber-attack or data breach.1 CISOs have tried many different solutions. Many are increasing hiring in a field with a steep talent shortage, which may have some long-term returns but doesn’t solve the problems they are facing today. Some also purchase a patchwork of security solutions that aren’t really integrated – an approach that can cause major complications for security architects. These strategies are clearly not increasing confidence in their overall security effectiveness.

What are the primary reasons you believe cybersecurity analytics and operations are more difficult today than they were 2 years ago?

Research indicates that organizations can’t hire their way out of their cybersecurity woes. CISOs must improve security efficacy, streamline operations and bolster employee productivity, and they must rely on their existing workforce. That’s where Network Traffic Analysis (NTA) tools can provide a cybersecurity quick-win. An effective and modern NTA solution can continuously monitor the network and detect threats that might have bypassed the perimeter or even originated within the business. Top-tier NTA solutions take the weight off of the employees’ shoulders by giving them the tools they need to speed up threat detection and remediation. To help you evaluate an NTA solution effectively, let’s take a look at the top features identified by cybersecurity professionals as part of the research conducted by ESG:

1. Built-in analytics and threat intelligence services

44% of survey respondents said that built-in analytics to help analysts detect suspicious/malicious behavior is one of the most important features. Best-in-class NTA tools have different algorithms and signatures built-in to model behavior and crunch data, allowing for high-fidelity alerts that streamline workloads and accelerate incident response. The same percentage also said that threat intelligence services/integrations to enable comparisons between suspicious behavior and known threats is another top feature. These integrations allow NTA tools to “enrich” network telemetry, making alerts more thorough and actionable.

2. Ability to monitor IoT traffic/devices

Users also need the ability to monitor niche equipment that is unique to their industries. This is especially important in industries that have made aggressive investments in IoT like healthcare, manufacturing and transportation. IoT devices generate telemetry and increase the threat surface like any other connected device, and therefore need to feed into an NTA tool.

3. Ability to monitor all network nodes

37% of respondents stated that alerts for when new network nodes are connected are essential for an NTA tool. This means security professionals want NTA tools to issue alerts when unsanctioned devices connect. This is incredibly important for monitoring and mitigating cyber-risks.

4. Proven integrations with other security technologies

37% also said that one of the most important features is documented and tested integrations with other types of security technologies. These other technologies could be malware sandboxes, network segmentation enforcement technologies and much more. These integrations allow for a closed-loop process that includes network security development, monitoring and enforcement.

5. Public cloud visibility

More than a third of respondents said that the ability to monitor cloud traffic is an essential feature. In order to provide true end-to-end visibility, NTA tools need to be able to tap into VPCs, cloud monitoring logs and APIs across AWS, Azure, GCP, etc.

Cisco Stealthwatch

Stealthwatch aligns well with the most important NTA attributes cited by the surveyed cybersecurity professionals. For example, Stealthwatch:

◉ Features multiple types of built-in analytics. Its behavioral modeling and multi-layered machine learning algorithms can detect hidden threats- even those hiding in encrypted traffic.

◉ Provides comprehensive visibility. In addition to monitoring on-premises environments, Stealthwatch also offers agentless visibility into the public cloud. It can also detect when a new network node connects, monitor traffic from IoT devices and more. Nothing slips through the cracks with Stealthwatch.

◉ Backed by Cisco Talos threat intelligence. Threat intelligence is one of the most important features of an NTA tool. Stealthwatch ties its multi-layered analytics with global threat intelligence from Talos, the largest non-governmental threat intelligence organization in the world, and can take immediate action when activity is associated with a known threat, no matter the origin.

CISOs of the world can’t keep up with their security workloads, especially with a global cybersecurity talent shortage. They need quick wins– fast, efficient and accurate alerts that allow them to focus on what really matters. Cisco Stealthwatch is the tool they need right now.

Continue reading

The Multicloud Vision of Cisco’s ACI Anywhere Becomes Reality

The data center is not centered in one place anymore. With applications active at all points on the network, the data center can no longer be confined to a specific place but be more of a nerve cluster situated where the data is—which could be anywhere along the edge-cloud continuum.

At the edge, where new data is generated. In the cloud, any cloud, or on-premise, where it’s processed. Wherever it makes the most sense to execute at speed. Ready and able to provide intelligence on the spot. Ready for change. Ready for growth.

Modern IT infrastructure is performing an intricate and elaborate dance with these data sources and requirements. Cisco’s ACI Anywhere is that critical infrastructure component enabling policy driven network automation for connectivity and segmentation for these data elements, independent of where data resides.

Cisco ACI Anywhere now delivers a true hybrid multicloud capability for customers, taking a holistic, policy driven abstraction on top of cloud native APIs , regardless of the type of workload – physical, virtual, or containerized, across on-premises and/or public cloud.

Cloud Challenges

During recent conversations with customers who operate some of the most demanding and complex data center environments, we found that many are dealing with the same issues, such as:

◈ Inconsistent segmentation capabilities across hybrid instances pose security, compliance, and governance challenges

◈ Complex operational models due to diverse and disjointed visibility and troubleshooting capabilities, with no correlation across different cloud service providers. .

◈ Managing secure connectivity across these hybrid data and application workload environments.

◈ Multiple panes needed to configure, manage, monitor, and operate these multicloud instances.

◈ Last, but not least, training and learning new cloud native constructs.

Solving the Challenges

As the premier policy-driven infrastructure solution for the largest enterprises, Cisco ACI can play a key role in enabling customers to embrace multicloud capabilities.

Cisco Cloud Application Centric Infrastructure (Cloud ACI) is a comprehensive solution for automated network connectivity, consistent policy management, and simplified operations for multicloud environments.

The solution captures business and user intent, uses group-based network and security policy models, and translates them into cloud-native policy constructs for applications deployed across various cloud environments.

Cloud ACI Solution Core Components

While customers benefit from an ACI policy driven infrastructure in the on-premises environment, Cisco Cloud ACI allows them to automate the management of end-to-end connectivity, as well as the agentless enforcement of consistent security policies, for workloads across on-premises and in public clouds through a single pane of glass.

Key components include:

◈ Multisite Orchestrator (hosted anywhere) for inter-site policy definition

◈ Cisco’s Cloud Application Policy Infrastructure Controller (APIC) runs natively in public clouds to provide automated connectivity, policy translation, day two operations, and enhanced visibility of workloads in the public cloud

◈ CSR 1000V instance (runs in the cloud) for IPSec VPN tunnel (Underlay), and VXLAN (overlay termination) for data-plane connectivity between on-premises and cloud

Accelerating Cloud-based Journeys – What’s New?

For customers whose journeys start in the cloud, we are now introducing the Cloud-first ACI solution, or ACI Multicloud, which uncouples the solution from the on-premises data center and allows you to securely connect and segment workloads not only in the public cloud, but also across public clouds.

For customers extending their on-premises ACI infrastructure into public cloud, we are now introducing Cloud ACI extensions to Azure cloud, in addition to the already shipping Cloud ACI extensions on AWS.

We are also introducing new ACI and SDWAN integration for branch offices (Network Edge). An integral component of customers cloud journey also requires secure, policy driven interconnects between the data center and branch offices, that are a cost-efficient alternative to provisioning dedicated connections. Through this integration, customers can now automate WAN path selection between the branch office and the on-premises data center based on application policy.

Enjoy the benefits of a policy driven infrastructure … Anywhere

Collectively, these capabilities reduce management complexity, enable a common governance and security posture, simplify ‘Day 2 operations’ with enhanced visibility across on-premises and public cloud, while leveraging the rich native services available in public clouds for scale and flexibility.

Customers can benefit from secure workload mobility and preserve the application policies, network segmentation, and identity of the workloads, whether it’s to achieve their business continuity, disaster recovery mandates, cloud bursting SLAs, or simply accelerating your cloud migration journey.

In addition, customers can benefit from Cisco ACI broad ecosystem that allows for integration with most commonly deployed solutions such as Cisco AppDynamics, CloudCenter, F5, Citrix, ServiceNow, Splunk, SevOne, and Datadog.

With new Azure extensions, customers can tap into the rich cross-silo insights through ACI integrations with Azure technologies like Azure Monitor*, Azure Resource Health* and Azure Resource Manager * to fine-tune their network operations for speed, flexibility and cost.

Customers can leverage widely adopted tools such as Terraform and Ansible to achieve end-to-end workflow-based automation.

“ESG Research validates that companies are increasingly adopting a hybrid cloud approach as a centerpiece of the their digital transformation journeys. In fact, many are standardizing on a Multi-cloud policy.
However, these distributed compute environments create significant management and operational complexity. Cisco ACI Anywhere, and more specifically, Cloud ACI for Microsoft Azure with its native integration in Azure, is the “Easy” button that helps to consolidate and simplify management across the on-premises data center and the popular Azure cloud environment.
It enables a common policy ,security and governance framework across all locations enabling consistent application segmentation, access control and isolation across varied deployment models. We expect this message to resonate with all market segments and customers.”
—Bob Laliberte, Practice Director and Senior Analyst with the Enterprise Strategy Group.

Looking Towards the Future

Our ACI anywhere vision is to provide the freedom of choice, agility, security, and flexibility of being able to connect and run your workloads Anywhere without compromising your security and governance mandates.

With the new ‘Cloud ACI on Azure’ and ‘Cloud First ACI’, along with ‘ACI and SD-WAN’ integration, Cisco has taken another huge step forward toward delivering that vision. And there is more to come in future.

Continue reading

Improved performance and pay-as-you-go in Microsoft Azure

According to a recent IDC survey 85% of organizations are evaluating or using the public cloud1. As customers begin deploying workloads in the public cloud having a high-performing solution that allows them to securely extend their on-premises network to the cloud is critical. The Cisco CSR 1000V is a full-featured IOS-XE router that provides a secure way to connect your public cloud deployment to your on-premises network.

We are constantly working with our cloud partners to deliver new features and improved scale and performance. The latest software release for CSR 1000V (IOS-XE 16.10.1) delivers a number of significant enhancements for CSR 1000V on Microsoft Azure.

First, the release adds support for Microsoft Accelerated Networking which will enable customers to achieve 4x the throughput of the current CSR 1000V software release. Also, CSR 1000V will be launching support for customers to leverage pay-as-you-go, allowing for hourly consumption of the CSR. All of these improvements mean customers will be able to leverage better scale and performance for the CSR in Microsoft Azure.

Improved performance with Accelerated Networking

Cisco is adding support for Microsoft Accelerated Networking in the IOS-XE 16.10.1 software release for the CSR 1000V. By leveraging Accelerated Networking CSR 1000V is able to achieve up to a 4x increase in throughput performance across the existing instance types.

Figure 1 – Image from Microsoft Azure Documentation on Accelerate Networking

With accelerated networking, network traffic arrives at the VM’s network interface (NIC), and then is forwarded directly to the VM by-passing the host and the virtual switch. By allowing the CSR 1000V direct access to the network interface (NIC) Cisco and Microsoft are able to achieve significant improvements in the maximum throughput of the virtual router.

Azure Pay-as-you-Go

This new release for CSR 1000V also marks the launch of a new way to consume CSR 1000V on Azure. Customers will now be able to launch an hourly pay-as-you-go instance of CSR 1000V from the Azure Marketplace. With hourly pay-as-you-go, users can spin up CSR 1000V and consume it for a defined period of time based on their needs. When they are finished they can spin it down and only pay for the length of time they used it instead of being locked into an annual or multi-year contract. This pay-as-you-go instance of CSR 1000V will support all of the existing deployment models that are available today for customers who choose the bring-your-own-license consumption model for CSR 1000V.

Smart Licensing Only

In this release CSR 1000V will support only Smart Licensing. In previous release the CSR 1000V also supported classic ePAK licensing. Going forward all future releases of software for CSR 1000V will support only Smart Licensing which greatly simplifies licensing for the customer and provides greater flexibility and visibility to the licenses they own. Customers can use the Cisco Smart Software Manager (CSSM) to view all of the smart licenses they own in one place. For customers who have classic ePAK licenses they should convert their classic license to a smart licenses using the Licenses Registration Portal prior to upgrading to the 16.10.1 release.

This video provides step-by-step details on how to convert your existing classic ePAK licenses to a smart license.

Continue reading

Improve Office 365 Connectivity with Cisco SD-WAN

As more applications move to the cloud, the traditional approach of backhauling traffic over expensive WAN circuits to the data center or a centralized Internet gateway via a hub-and-spoke architecture is no longer relevant. Traditional WAN infrastructure was not designed for accessing applications in the cloud. It is expensive and introduces unnecessary latency that degrades the user experience. The scale-up effect of the centralized network egress model coupled with perimeter stacks optimized to handle conventional Internet browsing often pose bottlenecks and capacity ceilings, which can hinder or bring to a stall customer transition to the SaaS cloud.

As enterprises aggressively adopt SaaS applications such as Office 365, the legacy network architecture poses major problems related to complexity and user experience. In many cases, network administrators have minimal visibility into the network performance characteristics between the end user and software-as-a-service (SaaS) applications. ‘One size fits all’ approach focusing on perimeter security without application awareness, which legacy network architectures often have, do not allow enterprises to differentiate and optimize sanctioned and more trusted cloud business applications from recreational Internet use, resulting the former to be subject to expensive and intrusive security scanning further slowing down user experience.

Massive transformations are occurring in enterprise networking as network architects are reevaluating the design of their WANs to support a cloud transition, reduce network costs, increase visibility and manageability of their cloud traffic, while ensuring an excellent user experience. These architects are turning to software-defined WAN (SD-WAN) to take advantage of inexpensive broadband Internet services and to find ways to intelligently route trusted SaaS cloud bound traffic directly from remote branches. Cisco SD-WAN fabric is an industry-leading platform that delivers an elegant and simplified secure, end-to-end hybrid WAN solution that can facilitate policy based, local and direct connectivity from users to your trusted, mission critical SaaS applications, such as Office 365, straight from your branch office. Enterprises can use this fabric to build large-scale SD-WAN networks that have advanced routing, segmentation, and security capabilities with zero-touch bring-up, centralized orchestration, visibility and policy control. The result is a SaaS cloud-ready network that is easy to manage and more cost-efficient to operationalize and that empowers enterprises to deliver on their business objectives.

A fundamental tenet of the Cisco SD-WAN fabric is connecting users at the branch to applications in the cloud in a seamless, secure, and reliable fashion. Cisco delivers this comprehensive capability for SaaS applications with the Cloud onRamp for SaaS solution in alignment with Microsoft’s connectivity principles for Office 365.

With Cloud OnRamp for SaaS, the SD-WAN fabric continuously measures the performance of a designated SaaS application through all permissible paths from a branch and assign a score. This score gives network administrators visibility into application performance that has never before been available. Most importantly, the fabric automatically makes real-time decisions to choose the best-performing path between the end users at a remote branch and the cloud SaaS application. Enterprises have the flexibility to deploy this capability in multiple ways, according to their business needs and security requirements.

In some deployments, enterprises connect remote branches to the SD-WAN fabric using inexpensive broadband Internet circuits, and they want to apply differentiated security policies depending on the type of services users are connecting to.  For example, instead of sending all branch traffic to a secure web gateway (SWG) or cloud access security broker (CASB), an enterprise may wish to enforce their IT security policies in a targeted manner – by routing regular Internet traffic through SWG, while allowing performance optimal direct connectivity for a limited set of sanctioned and trusted SaaS applications, such as Office 365. In such scenarios, Cloud onRamp for SaaS can be set up to dynamically choose the optimal path among multiple ISPs for both applications permitted to go directly and for applications routable per enterprise policy through SWG.

To learn more about Cloud onRamp for Office 365, read our white paper. For more information about Cisco SD-WAN, click here.

If you’re attending Microsoft Ignite in Orlando next week, make sure to visit Cisco at booth #418. I’d love to show you how to improve your Office 365 connectivity and user experience using Cisco SD-WAN.

Continue reading