Cisco Stealthwatch® Enterprise provides enterprise-wide network visibility and applies advanced security analytics to detect and respond to threats in real time. Using a combination of behavioral modeling, machine learning, and global threat intelligence, Stealthwatch Enterprise can quickly, and with high confidence, detect threats such as command-and-control (C&C) attacks, ransomware, distributed-denial-of-service (DDoS) attacks, illicit cryptomining, unknown malware, and insider threats.
With a single, agentless solution, you get comprehensive threat monitoring across the entire network traffic, even if it’s encrypted. Organizations have already invested a lot into their IT infrastructure and security. Yet, threats are finding ways to get through. Moreover, it takes them months or even years to detect threats. This lack of visibility is a function of the growing network complexity as well as the constantly evolving threats. And security teams with their limited resources and disjointed tools can only do so much. We all have security solutions, such as firewalls, but how do we know those are working, managed, and configured properly? How do we know these tools are doing the job that we need them to do?
We decided to turn the problem on its head—why not enlist your existing investment, the network, to secure your organization? The network telemetry is a rich data source that can provide useful insights about who is connecting to the organization and what they are up to. Everything touches the network, so this visibility extends from the HQ to the branch, data center, roaming users, and smart devices. And also, from the private to the public cloud. Analyzing this data can help detect threats that may have found a way to bypass your existing controls, before they are able to have a major impact.
The solution is Cisco Stealthwatch, which enlists the network to provide end-to-end visibility of traffic. This visibility includes knowing every host—seeing who is accessing which information at any given point. From there, it’s important to know what is normal behavior for a particular user or “host” and establish a baseline from which you can be alerted to any change in the user’s behavior the instant it happens.
Stealthwatch offers different deployment models—on-premises as a hardware appliance or a virtual machine called Stealthwatch Enterprise—or cloud-delivered as a software-as-a-service (SaaS) solution called Stealthwatch Cloud.