Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

TechWiseTV Workshop: Stealthwatch Learning Network License

1,101 views

Published on

Replay the Live Event: http://cs.co/90068G6ln

Get an inside look at how Stealthwatch Learning Network License can transform your branch network router into a powerful security sensor and enforcer: one capable of quickly detecting threat activity and mitigating attacks, with little to no hands-on management needed.

Don’t miss this opportunity to hear from our security experts.

See the Stealthwatch Learning Network License TechWiseTV Episode: http://cs.co/90048G6WY

Published in: Technology
  • Be the first to comment

TechWiseTV Workshop: Stealthwatch Learning Network License

  1. 1. Bring Security to the Branch with Stealthwatch Learning Network License Sukrit Dasgupta, Engineering Technical Leader Brian Ford, Technical Marketing Engineer November 9, 2016
  2. 2. Sukrit Dasgupta, Engineering Technical Leader & Brian Ford, Technical Marketing Engineer November 2016 Using machine learning and Cisco technologies for faster incident response Bring Security to the Branch with Stealthwatch Learning Network License
  3. 3. Your Presenters Brian FordSukrit Dasgupta
  4. 4. In this session you will learn how Cisco Stealthwatch Learning Network License deploys right on your Integrated Services Router, as well as enable centralized visibility into anomalies and threats, monitor traffic without impacting network performance, and automate threat detection and mitigation with intelligent machine learning sensors.
  5. 5. • Introduction to Cisco Stealthwatch Learning Network License and the use of machine (Brian) • Integration with the 4000 Series Cisco Integrated Services Router (Brian) • Using network traffic patterns and device telemetry to build effective branch security policies (Sukrit) • Turning detections into actions and how machine learning sensors monitor branch traffic, applications, users, and devices (Sukrit) • Scalability (Brian) • Deployment (Brian) Agenda
  6. 6. Introduction
  7. 7. AnalyzeMonitor Detect Respond Extended Network Branch Data Center Cloud Cisco Services and Customer Success • Gain unique visibility across your business • Simplify segmentation throughout your networks • Address threats faster • Enable your network to take action • Extend visibility and granular access control to your remote branches • Prevent the lateral movement of threats • Protect your critical information • Simplify policy enforcement and data center segmentation • Accelerate incidence response in the data center • Gain enhanced visibility into the cloud • Make the cloud a part of your segmentation strategy • Identify threats quickly and take action Stealthwatch enhances visibility across your entire business CISCO STEALTHWATCH
  8. 8. Integration
  9. 9. A Closer Look: ISR 4000 with Learning Agent Cisco ISR 4000 Platform Linux OS IOSd Control Plane Platform-Specific Data Plane Learning Agent Linux Service Container Data
  10. 10. Stealthwatch Management Console Flow Enabled Infrastructure User and Device Information Stealthwatch Labs Intelligence Center (SLIC) threat feed Stealthwatch Portfolio: Learning Network Cisco ISE Flow Collector Learning Network Manager Branch Network The Stealthwatch Learning Network License adds anomaly detection & mitigation capabilities deployed in an ISR 4000.
  11. 11. Sukrit Dasgupta, Engineering Technical Leader Stealthwatch Learning Network
  12. 12. Scalability & Deployment
  13. 13. Learning Network License Deployment Requirements Learning Network Manager Learning Network Agent  VMWare ESXi 5.5  Memory 24 Gb  4 Virtual CPUs minimum (8 recommended)  1 Virtual NIC  200 Gb of hard disk  Note: For installs of more than 50 agents the recommendations, 64 Gb memory and 16 vCPU, and 4 Tb of hard disk  ISR 4451 or 4431  IOS-XE v3.16 with LXE Container  IOS Application Experience (AX) Bundle  8 Gb or 16 Gb memory upgrade  NIM-SSD 200 Gb Persistent Storage (desirable option)
  14. 14. IOS Feature Will SLN Run? Comment IOS Sec  Includes NAT and ZBFW VPN ✓ Some issues detected with DMVPN IWAN ☐ Requires further testing WaaS ☐ Requires further testing Snort ✓ Requires using 2 containers and Snort small model Umbrella (OpenDNS) ✓ Umbrella for IOS is an IOS feature (available in IOS 16) FTD  FTD runs on a UCS-e module SLN and IOS Feature Compatibility
  15. 15. • Assumes that base router is configured • All interfaces ‘no shut’, routing enabled, and VTY authentication • Deploy From Manager • Run a YAML script (deploys container version) • Deploy from Router CLI • Entering commands at CLI via direct connection or SSH • Additional Configuration: • ISE pxGrid ( requires certificate to authenticate ) • Logging (supports Common Event Format – CEF protocol) Deploying Learning Network
  16. 16. Summary
  17. 17. Stealthwatch Management Console Flow Enabled Infrastructure User and Device Information Stealthwatch Portfolio: Branch Roadmap Cisco ISE Flow Collector Learning Network Manager Branch Network By 2018 it is planned that the SMC and Stealthwatch Learning Network License will be more closely integrated.
  18. 18.  Monitor branch traffic and stop bad communications at the network edge  Use machine learning to identify and respond to branch traffic patterns  Separate security and network operations  Report to a single web-based management console Turn Your Router into a Security Device Manager ISR 4000 with Agent Distributed Learning Agent
  19. 19. www.cisco.com/go/stealthwatch For more information
  20. 20. Thank you for watching.

×