Managing network and security needs of a modern enterprise
Today’s digital transformation is fostering the modernization of enterprise networks. It’s very common for an enterprise to mix and match vendors to build its network and security infrastructure just like you would use different sources to build your home entertainment center. With the increasing adoption of different point products, SOC (Security Operations Center) engineers are getting overwhelmed with all the consoles they need to keep track of. They need a way to pool all the information together just like you would use a receiver to connect all the components of your home entertainment center
SIEM (Security Information and Event Management) is the “receiver” used to address this challenge by offering a common console to visualize data. Cisco has collaborated with Splunk, one of the market leaders in the SIEM space, to produce a comprehensive SOC dashboard.
Using Cisco SD-WAN and Splunk to create efficiencies
Your enterprise solution often has comprehensive logging streams, and your SOC team needs an efficient approach to make sense of all the chaos around them. In addition, it’s becoming increasingly challenging to find and retain security professionals. All this and much more fuel the argument that a SIEM is becoming extremely important in enterprise networks.
Cisco has developed the SD-WAN Splunk application to ensure we are not leaving you ‘high and dry’. The application automatically parses the router’s security logs when they are sent to your Splunk environment and populates the data on a pre-built security dashboard.
How it works
You can locate and download the application on the Splunk marketplace, Splunkbase, using your existing Splunk license. The Cisco SD-WAN and Splunk integration can be achieved in a few simple steps
Figure 1 – Cisco SD-WAN / Splunk Topology
1. Download and install the Cisco SD-WAN Splunk App and App Add-on https://splunkbase.splunk.com/app/6657 Cisco SD-WAN Splunk App
https://splunkbase.splunk.com/app/6656 App Add-on
2. Under the application settings, add the Cisco SD-WAN IP and port number as a source for the log forwarding
On Cisco SD-WAN vManage, add the Splunk Application IP as a destination to forward logs
Figure 2 – Cisco SD-WAN App on Splunkbase
Deliver significant insights out of a mountain of alerts
You’re then able to make use of a comprehensive SOC dashboard to visualize all the threats captured by the SD-WAN router.
This will serve as a one-stop shop to gain a holistic view of the security events in your network. You can navigate through charts and graphs to drill down to device-level details and inspect what packet flows triggered a security event. These events are listed in three main sections.
Figure 3 – Threat Inspection Dashboard
Together, Cisco SD-WAN and Splunk enable you to transform your network and security operations
Enterprises rely on Cisco to build secure and agile networks that can safeguard their users and applications from bad actors and external threats. Just like an amplifier helps your receiver consume all the components of your home entertainment center for the best overall experience, the new Cisco SD-WAN Splunk Application helps enterprises collect vital security analytics and ensure their SOC team is on top of all the security events traversing their network.
Source: cisco.com