I recently returned from this year’s Cisco Live! in Orlando. It was a busy week jam packed with great speakers, engaging sessions, demos and product announcements. There was so much going on at any given moment it was hard to get to every session of interest. Now that I’m back I’ve had some time to digest all I learned and thought I would share my key product takeaways for network security.
Revealing Malicious Infrastructures with Umbrella
Cisco Umbrella is a secure, cloud-based gateway, based on technology from OpenDNS which analyzes data (DNS queries, BGP anomalies, ASN reputation, network prefixes/IP fluctuations), allowing the Cisco Talos team to map out where malicious infrastructure is located, and how attacks are staged. The correlation of Internet data is used to build and deliver a new model of security that is pervasive and predictive allowing Cisco to expose the attackers' infrastructure. Umbrella focuses on the detection models that can be built and applied (such as co-occurrences, NLPRank, Spike Detectors, Malvertising-clustering), and how these can expose malicious infrastructures and Advanced Persistent Threats. Umbrella is described as a cloud-delivered secure internet gateway, that stops current and emergent threats over all ports and protocols. It blocks access to malicious domains, URLs, IPs, and files before a connection is ever established or a file downloaded providing superb proactive protection.
Detect Threats in Encrypted Traffic without Decryption – ETA
Encrypted Traffic Analytics (ETA) focuses on identifying malware communications in encrypted traffic through passive monitoring, the extraction of relevant metadata elements, and supervised machine learning with cloud based global visibility. Encrypted Traffic Analytics extracts four main data elements: the sequence of packet lengths and times, the byte distribution, TLS-specific features and the initial data packet. Cisco’s unique Application-Specific Integrated Circuit (ASIC) architecture provides the ability to extract these data elements without slowing down the data network.
Encrypted Traffic Analytics also identifies encryption quality for every network conversation, providing the visibility to ensure enterprise compliance with cryptographic protocols. It delivers the knowledge of what traffic is being encrypted and not being encrypted on your network, so you can confidently state that your digital business is protected.
Cisco Software Defined Access with DNA Center
DNA Center provides a centralized management dashboard for complete control of the network. Full automation capabilities for provisioning and change management are enhanced with intelligent analytics that pull telemetry data from everywhere in the network. Applications, services, and users are prioritized based on business goals, within policy parameters and security best practices. Shortcomings in network, application, or device performance are flagged, and instant remediation guidance saves hours of IT troubleshooting. This interconnection of automation and assurance forms a continuous validation-and-verification loop, checking alignment of network operation with business intent. Now Cisco is adding open interfaces so that third-party technologies can be run on top of DNA Center and benefit from its powerful network visibility.
Network Visibility with Stealthwatch
Stealthwatch provides continuous real-time monitoring of, and pervasive views into, all network traffic. It dramatically improves visibility across the extended network and accelerates response times for suspicious incidents. It creates a baseline of normal web and network activity for a network host and applies context-aware analysis to automatically detect anomalous behaviors. Stealthwatch can identify a wide range of attacks, including malware, zero-day attacks, distributed denial-of-service (DDoS) attempts, advanced persistent threats (APTs), and insider threats.
Now, with Cognitive Analytics, a cloud-based threat detection and analytics capability, Cisco Stealthwatch can get additional contextual information to identify and prioritize new and emerging threats across the extended network. Stealthwatch with Cognitive Analytics has additional visibility and context into global and local traffic and utilizes machine learning for continuous analysis and detection of command and control communications. Now, you can detect threats that have bypassed existing security controls and identify data exfiltration to legitimate cloud services.
These are some of the solutions I will be recommending to our clients in the upcoming months. If you need assistance enhancing your network security, contact us today. Daymark is a Cisco Premier Partner and we’d be happy to help you understand where these solutions could fit in your environment to help ensure a stronger network security posture.