Cyber Threat Defense Overview
Gain visibility into Advanced Persistent Threats (APTs) and other attacks. (Video - 3:09 min)
Cisco 2014 Annual Security Report
Read breaking analysis with a global perspective into evolutionary threats.
Engage with Cisco Security
Find out what's new with Cisco Security and engage with experts and peers.
Gain Visibility into Advanced Persistent Threats
Cisco Cyber Threat Defense focuses on the most complex, dangerous information security threats, which lurk in networks for months or years, stealing vital information and disrupting operations.
It exposes these threats by identifying suspicious network traffic patterns within the network interior. Then, it provides contextual information about the attack, users, identity, and more - all visible from a single pane of glass.
What You'll See
Through Cisco Cyber Threat Defense, security analysts learn about advanced attacks, including:
- Network reconnaissance, which probes the network to exploit attack vectors through custom-crafted cyber threats
- Network interior malware proliferation, which spreads malware across hosts to gather security reconnaissance data
- Command and control traffic, which communications between the attacker and compromised internal hosts
- Data exfiltration, which exports sensitive information back to the attacker, generally through command and control communications
How It Works
Cisco Cyber Threat Defense safeguards your network by:
- Providing threat defense in the network interior, home to the most elusive and dangerous threats
- Helping enable scalable, ubiquitous, and cost-effective security telemetry throughout the network, using NetFlow data
- Simplifying error-prone and expensive manual threat investigation processes
- Using existing Cisco switch, router, and ASA 5500 network footprint
The Cisco Cyber Threat Defense Solution is built on the following components:
- Unique interior network traffic telemetry capabilities of Cisco Catalyst switches, Cisco routers, and Cisco ASA 5500 Series Next Generation Firewalls.
- Network traffic analysis from the StealthWatch System from Lancope
- Identity, security, and application-type contextual information for discerning the target and threat severity from:
- The StealthWatch Management Console provides the unified view
Cisco Security -- Applied Intelligence for a Risky World (PDF - 1 MB)
Cisco Security -- Gain Visibility Across Attack Continuum (PDF - 75 KB)
Cisco Cyber Threat Defense Solution Overview
Cisco Security Intelligence Operations -- Defense in Depth (Presentation PDF) (PDF - 3 MB)
Release Notes for Cisco Cyber Threat Defense 1.1.2
Release Notes for the Cisco Cyber Threat Defense Solution Version 1.1
ASR 1000 Series NetFlow Configuration Guide (PDF - 498 KB)
Detecting BotNet Traffic Guide (PDF - 1 MB)
Detecting Data Loss Guide (PDF - 1 MB)
Detecting Internal Malware Spread Guide (PDF - 1 MB)
Detecting Network Reconnaissance Guide (PDF - 1 MB)
Gain Visibility in the Data Center with the Cisco NetFlow Generation Appliance Guide (PDF - 891 KB)
Gaining Visibility and Context Through NetFlow Security Event Logging Guide (PDF - 945 KB)
Integrating the Cisco Identity Services Engine with StealthWatch 6.3 Guide (PDF - 1 MB)
Introduction to the Cisco Cyber Threat Defense Solution 1.0 How-To Documents Guide (PDF - 1022 KB)
Security for Evolving Threats Executive Perspective (PDF - 121 KB)
Find details about hardware devices, software applications, and specialized components that relate to your networking solution.