Network as a Sensor

Get Deep and Broad Visibility

Use the Cisco network as a sensor to detect malicious network activities. (1:34 min)

The Visibility You Need, Across Your Entire Network

Cisco provides the tools you need to detect suspicious traffic flows, policy violations, and compromised devices within your environment.

Do you know what’s happening on your network? You can’t protect what you can’t see. With Cisco solutions, many of the technologies you need are already embedded in your network, ready to be activated.

NetFlow: Tracking Every Conversation

Cisco IOS Flexible NetFlow is a powerful technology that gives you the visibility you need for network activities. It tracks every network conversation with a record. Each NetFlow record identifies the source, destination, timing, and protocol information, much the same way a telephone bill summarizes your call activity. You can see who were the participants in a conversation, when, and for how long the conversation took place.

NetFlow data can be used as a security data source to monitor for anomalous behavior and security breach activities. It provides forensic evidence to reconstruct a sequence of events and can be used to help ensure regulatory compliance. It helps to provide visibility across the attack life cycle.

Use Cases

  • Detect network reconnaissance activities that attackers initiate for TCP and UDP port scanning across multiple hosts.
  • See patterns when a compromised inside host talks to an outside command and control (C&C) server.
  • Know abnormal traffic when a host is sending malformed fragments in attacks.
  • Discover data exfiltration, if large outbound file transfers take place above your network baseline.

You can use NetFlow in many other use cases. Best of all, NetFlow is embedded within most Cisco IOS networking devices that you already have, such as routers, switches, and wireless LAN controllers. NetFlow is at the heart of the Cisco “network as a sensor” approach, which gives you deep and broad visibility.

Lancope StealthWatch with Threat Intelligence

The Lancope StealthWatch System uses NetFlow data as input to help organizations detect behaviors linked to a wide range of attacks, including advanced persistent threats (APT), distributed denial of service (DDoS), and insider threats. Among its benefits, StealthWatch:

  • Helps you analyze holistic network audit trails and achieve faster root-cause analysis
  • Provides threat intelligence to accelerate incident response and reduce enterprise risk.
  • Alerts you to see, prepare for, and respond to the full context of a potential threat

Better Visibility and Contextual Threat Intelligence

Cisco Identity Services Engine (ISE) delivers enhanced visibility and contextual information on network activities. It helps accelerate threat identification by sharing NetFlow and ISE contextual data with Lancope StealthWatch. You can go from mapping IP addresses to understanding threat vectors based on who, what, where, when, and how users and devices are connected, and how they access network resources.

Using the Cisco network infrastructure as a security sensor gives you a powerful and scalable solution to gain deep visibility, control, and analytics.

Additional Resources