The document discusses the integration of Cisco's Stealthwatch Learning Network License with integrated services routers to enhance branch security through machine learning technologies. It outlines the capabilities for centralized visibility, traffic monitoring, anomaly detection, and accelerated incident response in network operations. Key features and deployment requirements are also highlighted, emphasizing benefits such as simplified segmentation, threat mitigation, and improved management of branch-level security.

1. Bring Security to the Branch with
Stealthwatch Learning Network
License
Sukrit Dasgupta, Engineering Technical Leader
Brian Ford, Technical Marketing Engineer
November 9, 2016

2. Sukrit Dasgupta, Engineering Technical Leader & Brian Ford, Technical Marketing Engineer
November 2016
Using machine learning and Cisco technologies for faster incident
response
Bring Security to the
Branch with Stealthwatch
Learning Network License

3. Your Presenters
Brian FordSukrit Dasgupta

4. In this session you will learn how Cisco
Stealthwatch Learning Network License
deploys right on your Integrated Services
Router, as well as enable centralized visibility
into anomalies and threats, monitor traffic
without impacting network performance, and
automate threat detection and mitigation with
intelligent machine learning sensors.

5. • Introduction to Cisco Stealthwatch Learning Network License and the
use of machine (Brian)
• Integration with the 4000 Series Cisco Integrated Services Router
(Brian)
• Using network traffic patterns and device telemetry to build effective
branch security policies (Sukrit)
• Turning detections into actions and how machine learning sensors
monitor branch traffic, applications, users, and devices (Sukrit)
• Scalability (Brian)
• Deployment (Brian)
Agenda

6. Introduction

7. AnalyzeMonitor Detect Respond
Extended Network
Branch Data Center
Cloud
Cisco Services and Customer Success
• Gain unique visibility
across your business
• Simplify segmentation
throughout your networks
• Address threats faster
• Enable your network to take action
• Extend visibility and granular access
control to your remote branches
• Prevent the lateral movement of threats
• Protect your critical information
• Simplify policy enforcement
and data center segmentation
• Accelerate incidence response
in the data center
• Gain enhanced visibility
into the cloud
• Make the cloud a part
of your segmentation strategy
• Identify threats quickly
and take action
Stealthwatch enhances visibility
across your entire business
CISCO
STEALTHWATCH

8. Integration

9. A Closer Look:
ISR 4000 with Learning Agent
Cisco ISR 4000 Platform
Linux OS
IOSd
Control Plane
Platform-Specific Data Plane
Learning
Agent
Linux Service Container
Data

10. Stealthwatch
Management
Console
Flow Enabled
Infrastructure
User and Device
Information
Stealthwatch Labs
Intelligence Center (SLIC)
threat feed
Stealthwatch Portfolio: Learning Network
Cisco
ISE
Flow
Collector
Learning
Network
Manager
Branch
Network
The Stealthwatch
Learning Network
License adds anomaly
detection & mitigation
capabilities deployed
in an ISR 4000.

11. Sukrit Dasgupta, Engineering Technical
Leader
Stealthwatch
Learning
Network

12. Scalability & Deployment

13. Learning Network License Deployment
Requirements
Learning Network Manager Learning Network Agent
 VMWare ESXi 5.5
 Memory 24 Gb
 4 Virtual CPUs minimum (8 recommended)
 1 Virtual NIC
 200 Gb of hard disk
 Note: For installs of more than 50 agents
the recommendations, 64 Gb memory and
16 vCPU, and 4 Tb of hard disk
 ISR 4451 or 4431
 IOS-XE v3.16 with LXE Container
 IOS Application Experience (AX) Bundle
 8 Gb or 16 Gb memory upgrade
 NIM-SSD 200 Gb Persistent Storage
(desirable option)

14. IOS Feature Will SLN Run? Comment
IOS Sec  Includes NAT and ZBFW
VPN ✓ Some issues detected with
DMVPN
IWAN ☐ Requires further testing
WaaS ☐ Requires further testing
Snort ✓ Requires using 2 containers
and Snort small model
Umbrella (OpenDNS) ✓ Umbrella for IOS is an IOS
feature (available in IOS
16)
FTD  FTD runs on a UCS-e
module
SLN and IOS Feature Compatibility

15. • Assumes that base router is configured
• All interfaces ‘no shut’, routing enabled, and VTY authentication
• Deploy From Manager
• Run a YAML script (deploys container version)
• Deploy from Router CLI
• Entering commands at CLI via direct connection or SSH
• Additional Configuration:
• ISE pxGrid ( requires certificate to authenticate )
• Logging (supports Common Event Format – CEF protocol)
Deploying Learning Network

16. Summary

17. Stealthwatch
Management
Console
Flow Enabled
Infrastructure
User and Device
Information
Stealthwatch Portfolio: Branch Roadmap
Cisco
ISE
Flow
Collector
Learning
Network
Manager
Branch
Network
By 2018 it is planned
that the SMC and
Stealthwatch
Learning Network
License will be more
closely integrated.

18.  Monitor branch traffic and stop
bad communications at the
network edge
 Use machine learning to identify
and respond to branch traffic
patterns
 Separate security and network
operations
 Report to a single web-based
management console
Turn Your Router into a Security Device
Manager
ISR 4000 with Agent
Distributed Learning
Agent

19. www.cisco.com/go/stealthwatch
For more information

21. Thank you for watching.