TechWiseTV Workshop: Stealthwatch Learning Network License

Post on 16-Apr-2017

509 views 2 download

Preview:

Click to see full reader
Report this document
SHARE

transcript

Bring Security to the Branch with

Stealthwatch Learning Network

License

Sukrit Dasgupta, Engineering Technical Leader

Brian Ford, Technical Marketing Engineer

November 9, 2016

Sukrit Dasgupta, Engineering Technical Leader & Brian Ford, Technical Marketing Engineer

November 2016

Using machine learning and Cisco technologies for faster incident response

Bring Security to the Branch with Stealthwatch Learning Network License

Your Presenters

Brian Ford Sukrit Dasgupta

In this session you will learn how Cisco Stealthwatch Learning Network License deploys right on your Integrated Services Router, as well as enable centralized visibility into anomalies and threats, monitor traffic without impacting network performance, and automate threat detection and mitigation with intelligent machine learning sensors.

• Introduction to Cisco Stealthwatch Learning Network License and the use of machine (Brian)

• Integration with the 4000 Series Cisco Integrated Services Router (Brian)

• Using network traffic patterns and device telemetry to build effective branch security policies (Sukrit)

• Turning detections into actions and how machine learning sensors monitor branch traffic, applications, users, and devices (Sukrit)

• Scalability (Brian)

• Deployment (Brian)

Agenda

Introduction

Analyze Monitor Detect Respond

Extended Network

Branch Data Center

Cloud

Cisco Services and Customer Success

• Gain unique visibility

across your business

• Simplify segmentation

throughout your networks

• Address threats faster

• Enable your network to take action

• Extend visibility and granular access

control to your remote branches

• Prevent the lateral movement of threats

• Protect your critical information

• Simplify policy enforcement

and data center segmentation

• Accelerate incidence response

in the data center

• Gain enhanced visibility

into the cloud

• Make the cloud a part

of your segmentation strategy

• Identify threats quickly

and take action

Stealthwatch enhances visibility across your entire business

CISCO

STEALTHWATCH

Integration

A Closer Look: ISR 4000 with Learning Agent

Cisco ISR 4000 Platform

Linux OS

IOSd

Control Plane

Platform-Specific Data Plane

Learning

Agent

Linux Service Container

Data

Stealthwatch

Management

Console

Flow Enabled

Infrastructure

User and Device

Information

Stealthwatch Labs

Intelligence Center (SLIC)

threat feed

Stealthwatch Portfolio: Learning Network

Cisco

ISE

Flow

Collector

Learning

Network

Manager

Branch

Network

The Stealthwatch

Learning Network

License adds anomaly

detection & mitigation

capabilities deployed

in an ISR 4000.

Sukrit Dasgupta, Engineering Technical Leader

Stealthwatch Learning Network

Scalability & Deployment

Learning Network License Deployment Requirements

Learning Network Manager Learning Network Agent

VMWare ESXi 5.5

Memory 24 Gb

4 Virtual CPUs minimum (8 recommended)

1 Virtual NIC

200 Gb of hard disk

Note: For installs of more than 50 agents

the recommendations, 64 Gb memory and

16 vCPU, and 4 Tb of hard disk

ISR 4451 or 4431

IOS-XE v3.16 with LXE Container

IOS Application Experience (AX) Bundle

8 Gb or 16 Gb memory upgrade

NIM-SSD 200 Gb Persistent Storage

(desirable option)

IOS Feature Will SLN Run? Comment

IOS Sec Includes NAT and ZBFW

VPN ✓ Some issues detected with

DMVPN

IWAN ☐ Requires further testing

WaaS ☐ Requires further testing

Snort ✓ Requires using 2 containers

and Snort small model

Umbrella (OpenDNS) ✓ Umbrella for IOS is an IOS

feature (available in IOS

16)

FTD FTD runs on a UCS-e

module

SLN and IOS Feature Compatibility

• Assumes that base router is configured • All interfaces ‘no shut’, routing enabled, and VTY authentication

• Deploy From Manager • Run a YAML script (deploys container version)

• Deploy from Router CLI • Entering commands at CLI via direct connection or SSH

• Additional Configuration: • ISE pxGrid ( requires certificate to authenticate )

• Logging (supports Common Event Format – CEF protocol)

Deploying Learning Network

Summary

Stealthwatch

Management

Console

Flow Enabled

Infrastructure

User and Device

Information

Stealthwatch Portfolio: Branch Roadmap

Cisco

ISE

Flow

Collector

Learning

Network

Manager

Branch

Network

By 2018 it is planned

that the SMC and

Stealthwatch

Learning Network

License will be more

closely integrated.

Monitor branch traffic and stop

bad communications at the

network edge

Use machine learning to identify

and respond to branch traffic

patterns

Separate security and network

operations

Report to a single web-based

management console

Turn Your Router into a Security Device

Manager

ISR 4000 with Agent

Distributed Learning

Agent

www.cisco.com/go/stealthwatch

For more information

Thank you for watching.

Top related

TechWiseTV Workshop: Cisco Stealthwatch and ISE
Technology
TechWiseTV Workshop: Secrets of Scalable Multi-Tenancy
Technology
TechWiseTV Workshop: Intercloud Fabric
Internet
Stealthwatch Flow Sensor 2200 Specification Sheet · 4. Stealthwatch management port Specifications UCS Platform UCSC-C220-M4S ... SW_6_9_1_FS_2200_DV_1_3. Title: Stealthwatch Flow
Documents
TechWiseTV Workshop: Cisco Digital Ceiling
Technology
Stealthwatch System Configuration Guide 7.3
Documents
StealthWatch & Point-of-Sale (POS) Malware
Documents
TechWiseTV Workshop: Enterprise NFV
Technology
Stealthwatch Learning Networks License€¦ · 1.12 Apache CXF Runtime JAX-RS Frontend 2.7.3 1.12.1 Available under license 1.13 Apache CXF Runtime XML Binding 2.7.3 1.13.1 Available
Documents
Network as a Sensor with Stealthwatch and Stealthwatch … · Table of Contents Cisco Validated Design Enabling Stealthwatch Learning Network License in Remote Site Networks .....
Documents
Troubleshooting - Cisco · Cisco Stealthwatch Learning Network License UCS E-Series Server Installation Guide, Version 1.1 1. ... Certificate Fingerprint Retrieval ... Troubleshooting
Documents
Stealthwatch Enterprise- Common Java - Cisco · Open Source Used In Stealthwatch Common Java 6.10 3 1.14 asm-commons 5.0.1 1.14.1 Available under license 1.15 AspectJ runtime 1.7.4
Documents
TechWiseTV Workshop: Cisco TrustSec
Technology
TechWiseTV Workshop: Cisco ONE
Technology
Cisco Stealthwatch Learning Network License UCS E … · •sln-dla-ucse-k9-.ova-containstheagenttobedeployedonanISR'sUCSE-Seriesbladeserver Obtaining a File's Checksum
Documents
Stealthwatch Flow Sensor and Load Balancer Integration ... · Stealthwatch Flow Sensor and Load Balancer Integration Guide v7.3 Author: Cisco Systems, Inc. Subject: Stealthwatch Flow
Documents
Cisco Stealthwatch Learning Network License UCS E-Series … · Cisco Stealthwatch Learning Network License UCS E-Series Server Quick Start Guide CiscoStealthwatchLearningNetworkLicenseQuickStartGuide2
Documents
ExtraHop Reveal(x) vs. Cisco Stealthwatch...ExtraHop Reveal(x) vs. Cisco Stealthwatch NetFlow Is Not Enough ExtraHop Reveal(x) and Cisco Stealthwatch both use the network as a data
Documents
Cisco Threat Defense (Cisco Stealthwatch)
Technology
Stealthwatch Virtual Edition (VE) Installation Guide 7.3...A "cluster" is your group of Stealthwatch appliances that are managed by the Stealthwatch Management Console (SMC). Abbreviations
Documents

Copyright © 2018 DOCUMENTS