Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco Secure Cloud Analytics (formerly Stealthwatch Cloud) At-a-Glance

Available Languages

Download Options

  • PDF
    (267.8 KB)
    View with Adobe Reader on a variety of devices
Updated:November 24, 2020

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (267.8 KB)
    View with Adobe Reader on a variety of devices
Updated:November 24, 2020

Table of Contents



Only 56 percent of security alerts are investigated, and more than half of those are not remediated, according to the Cisco 2017 Annual Cybersecurity Report. Responding to these alerts is an overwhelming job, and most organizations do not have the security staff to keep up. Companies of all sizes face the challenge of securing their public cloud environments as well as their on-premises infrastructure.

Adding effective security measures for public cloud workloads—with solutions that can reduce the number of false positives—is a critical task. However, the public cloud infrastructure differs from an on-premises infrastructure. A public cloud offers fewer network monitoring capabilities even as it undergoes a very high change rate in assets. To provide effective security while reducing the number of false positives, a new approach is necessary.

Imagine that an employee’s cloud credentials are compromised, through phishing or another method. Can you tell if that employee begins logging in from another country? Cisco Secure Cloud Analytics (formerly Stealthwatch Cloud) provides the actionable security intelligence and visibility necessary to identify these kinds of malicious activities in real time. You can quickly respond before a security incident becomes a devastating breach.


      Gain actionable intelligence through visibility of your environment, from the private network to the public cloud

      Rapidly detect advanced threats and indicators of compromise

      Grow your security with your business while lowering operational overhead

      Greatly reduce false positives with higher fidelity alerts supported by underlying observations

      Attain a stronger security posture across the enterprise, including the public cloud

With Secure Cloud Analytics, you can detect external and internal threats across your environment, from the private network to the branch office to the public cloud. Secure Cloud Analytics is a Software-as-a-Service (SaaS) solution delivered from the cloud. It is easy to try, easy to buy, and simple to operate and maintain. When data is received, it requires very little additional configuration or device classification. All the analysis is automated.


Taylor Higley

Secure your environment with entity modeling

Threats are constantly evolving. To detect tomorrow’s attacks, you need security that keeps ahead of them. Secure Cloud Analytics uses a behavior-modeling approach that detects a threat based on how it acts on the network. For example, if a domain controller begins to transfer data using the File Transfer Protocol (FTP), that is likely to be the first sign of a compromise. Secure Cloud Analytics detects this behavior in real time and alerts you to it.

Using dynamic learning, Secure Cloud Analytics creates a model—a kind of simulation—for each device and network entity. This model is able to:

      Dynamically determine the role of an entity based on its behavior and then detect activities inconsistent with that role

      Identify anomalies and sudden changes in behavior, both in data transmission and in access characteristics

      Detect when an entity acts differently than similar devices do

      Identify when an entity violates organizational policies, including protocol and port use, device and resource profile characteristics, and blacklisted communications

      Predict host or device behavior based on past activities, and assess observed behavior against those predictions

With these capabilities, Secure Cloud Analytics allows your staff to spend more time remediating issues instead of wasting time manually analyzing log data to determine their cause.

Detect threats in your public cloud

As organizations move more IT resources to the public cloud, they need the visibility necessary to detect threat actors targeting their cloud assets. In addition, they need an easy-to-use, operationally efficient solution. Secure Cloud Analytics’s Public Cloud Monitoring provides the visibility and threat detection capabilities you need to keep your workloads highly secure in Amazon Web Services (AWS) and Microsoft Azure environments.

It consumes all sources of telemetry native to AWS, including Amazon Virtual Private Cloud (VPC) flow logs, to monitor all activity in the cloud without the need for software agents. Secure Cloud Analytics can be deployed in these environments in a matter of minutes with no disruption to service availability.

Secure Cloud Analytics uses this data to model the behavior of each cloud resource, a method called entity modeling. It is then able to detect sudden changes in behavior, malicious activity, and signs of compromise.

Secure your private network too

In addition to securing the cloud environment, Secure Cloud Analytics can also be extended to the private network with Cisco Secure Network Analytics SaaS (formerly Stealthwatch Cloud Private Network Monitoring) to provide hybrid environment visibility and threat detection using a single dashboard. The number of connected devices on the private network is increasing dramatically. Security personnel are struggling just to know what entities are operating in their environment, let alone whether they pose a threat to the organization. So, with Secure Cloud Analytics, organizations can accurately detect threats in real time, regardless of whether an attack is taking place on the network, in the cloud, or across both environments.

Protect your environment today

Try Secure Cloud Analytics today with a free no risk trial.

To learn more, go to https://www.cisco.com/go/secure-cloud-analytics or contact your local Cisco account representative.

Learn more