The Cisco Cyber Threat Defense Solution improves detection and remediation of advanced cyber threats within the Cisco network by combining the following elements:
• Unique interior network traffic telemetry using the scalable unsampled NetFlow capabilities of Cisco Catalyst® switches, Cisco routers, and Cisco NetFlow Generation Appliances, as well as NetFlow Security Event Logging from Cisco ASA 5500 Series Next Generation Firewalls.
• Network traffic analysis capabilities provided by the Lancope StealthWatch products. Cisco has partnered with Lancope to jointly develop and offer the Cisco Cyber Threat Defense Solution.
• Contextual information, including user and device identity from the Cisco Identity Services Engine (ISE), NAT translation from Cisco ASA firewalls, and Network-Based Application Recognition (NBAR) from Cisco routers.
New Features; Supported Hardware and Software
New Features Supported in StealthWatch 6.3
Lancope StealthWatch 6.3 adds the following new capabilities to the Cisco Cyber Threat Defense Solution:
• Support for NetFlow export from Cisco NetFlow Generation Appliances and Cisco ASR 1000 Series routers
• New threat defense dashboards
• NAT stitching for ASA firewalls and ASR 1000 Series routers
• Improved caching of ISE identity information
• Support for redundant ISE Monitoring and Troubleshooting nodes
Tables 1 and 2 list hardware and software components of the Cisco Cyber Threat Defense Solution 1.1.
Table 1. Cisco Catalyst Switches Capable of Line-Rate, Unsampled NetFlow
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco ASA Software Release 8.4.3
Cisco Identity Services Engine
Cisco ISE Release 1.1.2
Cisco NetFlow Generation Appliance
Cisco NGA Release 1.0 (1)
ISE API Performance with Large Numbers of Endpoints
In Cisco ISE Software 1.1, the response time of the ISE Representational State Transfer (REST) API may degrade with large (in excess of 20,000) numbers of endpoints in the ISE session database. Care should be exercised when integrating StealthWatchinto such a deployment.
Release Notes for Component Products
Please consult the product release notes for product-specific caveats regarding any Cisco products integrated with the Cyber Threat Defense Solution (Table 3).
Table 3. Release Notes for Component Products
Cisco Catalyst 3560-X/3750-X with C3KX-SM-10G Service Module