Cisco Live Protect
Cisco Live Protect is a security feature that
-
protects the control plane of the Cisco network devices,
-
requires enabling NXSecure configuration on NX-OS devices, and
-
provides comprehensive security observability with real-time security event detection and analysis.
The Cisco NX-OS Release 10.6(1)F introduces the Cisco Live Protect feature to secure NX-OS and provide enhanced security and software integrity assurance for the NX-OS device control plane. Only the monitoring mode is supported in this release.
NXSecure: NXSecure is a security configuration tool for Nexus switches. It protects the control plane from security vulnerabilities. NXSecure uses a technology called extended Berkeley Packet Filter (eBPF) internally to track, detect, and report security events in real time. NXSecure also monitors files, tracks processes, and traces system calls.
Tracing policies: The Cisco Live Protect feature uses tracing policies to provide security observability. These policies are packaged with the NX-OS image.
Monitoring mode: Based on the configured policies, the monitoring mode allows the system to detect and generate log files for each anomaly event.
Event logs: Event logs are generated in the monitoring mode. You can export the event logs using telemetry, if you have configured the correct sensor path for NXSecure.