Use the Cisco network as a sensor to detect malicious network activities. (1:34 min)
Cisco provides the tools you need to detect suspicious traffic flows, policy violations, and compromised devices within your environment.
Do you know what’s happening on your network? You can’t protect what you can’t see. With Cisco solutions, many of the technologies you need are already embedded in your network, ready to be activated.
Cisco IOS Flexible NetFlow is a powerful technology that gives you the visibility you need for network activities. It tracks every network conversation with a record. Each NetFlow record identifies the source, destination, timing, and protocol information, much the same way a telephone bill summarizes your call activity. You can see who were the participants in a conversation, when, and for how long the conversation took place.
NetFlow data can be used as a security data source to monitor for anomalous behavior and security breach activities. It provides forensic evidence to reconstruct a sequence of events and can be used to help ensure regulatory compliance. It helps to provide visibility across the attack life cycle.
You can use NetFlow in many other use cases. Best of all, NetFlow is embedded within most Cisco IOS networking devices that you already have, such as routers, switches, and wireless LAN controllers. NetFlow is at the heart of the Cisco “network as a sensor” approach, which gives you deep and broad visibility.
The Cisco Stealthwatch uses NetFlow data as input to help organizations detect behaviors linked to a wide range of attacks, including advanced persistent threats (APT), distributed denial of service (DDoS), and insider threats. Among its benefits, StealthWatch:
Cisco Identity Services Engine (ISE) delivers enhanced visibility and contextual information on network activities. It helps accelerate threat identification by sharing NetFlow and ISE contextual data with Cisco Stealthwatch. You can go from mapping IP addresses to understanding threat vectors based on who, what, where, when, and how users and devices are connected, and how they access network resources.
Using the Cisco network infrastructure as a security sensor gives you a powerful and scalable solution to gain deep visibility, control, and analytics.