Cisco StealthWatch Enterprise provides real time visibility into activities occuring on the network.
This activity monitoring can be extended to the cloud, across the network, into branch locations, in the data centre or on the endpoints.
StealthWatch has several components at its core, the Flow Rate Licence, the Flow Collector, Management Console, and Flow Sensor.
There are several optional components, Cisco StealthWatch Threat Intelligence, Cisco StealthWatch Endpoint, Cisco StealthWatch Cloud.
Cisco StealthWatch Enterprise offers the following benefits: Real-time threat detection, incident response and forensics, network segmentation, network performance and capacity planning, ability to satisfy regulatory requirements.
Flow Rate Licences
The Flow Rate Licence is required for the collection, management and analysis of the flow telemetry data and flows at the Stealthwatch Management Console. It defines the volume of flows that can be collected.
The Flow Collector collects and analyses enterprise telemetry data such as NetFlow, IP Flow Information Export (IPFIX), and other types of flow data from routers, switches, firewalls, endpoints and other network devices.
The Flow Collector can collect telemetry from proxy data sources which can be analysed by Global Threat Analytics.
It can pinpoint patterns of malicious traffic in encrypted data patterns too using Encrypted Traffic Analysis.
Flow Collector can be available as an individual hardware appliance as well as a virtual machine
StealthWatch Management Console
The management console is the control centre for StealthWatch.
It aggregates, organises and presents analysis from up to 25 Flow Collectors, Cisco ISE and other sources.
It offers a web interface that provides graphical representations of network traffic, identity information, summary reports and integrated security and network intelligence.
The Stealthwatch management console is available as an individual piece of hardware or can be a virtual machine.
The Flow sensor produces telemetry data for segments of the network infrastructure that can’t generate its own Netflow data. It can be it’s own appliance or a virtual machine
The UDP director receives essential network and security information from multiple locations and forwards them into a single data stream to one or more destinations.
Instead of every router having multiple NetFlow exports for multiple destinations, every router can be configured with a single destination to the UDP Director. The UDP director will replicate the NetFlow data to many destinations instead of the router needing to do that.
The UDP Director can be a hardware appliance or virtual machine