Categories
CCNP Enterprise Core (350-401) Cisco Security

Cisco StealthWatch Enterprise

Cisco StealthWatch Enterprise provides real time visibility into activities occuring on the network.

This activity monitoring can be extended to the cloud, across the network, into branch locations, in the data centre or on the endpoints.

StealthWatch has several components at its core, the Flow Rate Licence, the Flow Collector, Management Console, and Flow Sensor.

There are several optional components, Cisco StealthWatch Threat Intelligence, Cisco StealthWatch Endpoint, Cisco StealthWatch Cloud.

Cisco StealthWatch Enterprise offers the following benefits: Real-time threat detection, incident response and forensics, network segmentation, network performance and capacity planning, ability to satisfy regulatory requirements.

Mandatory Components

Flow Rate Licences

The Flow Rate Licence is required for the collection, management and analysis of the flow telemetry data and flows at the Stealthwatch Management Console. It defines the volume of flows that can be collected.

Flow Collector

The Flow Collector collects and analyses enterprise telemetry data such as NetFlow, IP Flow Information Export (IPFIX), and other types of flow data from routers, switches, firewalls, endpoints and other network devices.

The Flow Collector can collect telemetry from proxy data sources which can be analysed by Global Threat Analytics.

It can pinpoint patterns of malicious traffic in encrypted data patterns too using Encrypted Traffic Analysis.

Flow Collector can be available as an individual hardware appliance as well as a virtual machine

StealthWatch Management Console

The management console is the control centre for StealthWatch.

It aggregates, organises and presents analysis from up to 25 Flow Collectors, Cisco ISE and other sources.

It offers a web interface that provides graphical representations of network traffic, identity information, summary reports and integrated security and network intelligence.

The Stealthwatch management console is available as an individual piece of hardware or can be a virtual machine.

Optional Components

Flow Sensor

The Flow sensor produces telemetry data for segments of the network infrastructure that can’t generate its own Netflow data. It can be it’s own appliance or a virtual machine

UDP Director

The UDP director receives essential network and security information from multiple locations and forwards them into a single data stream to one or more destinations.

Instead of every router having multiple NetFlow exports for multiple destinations, every router can be configured with a single destination to the UDP Director. The UDP director will replicate the NetFlow data to many destinations instead of the router needing to do that.

The UDP Director can be a hardware appliance or virtual machine

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.