Академический Документы
Профессиональный Документы
Культура Документы
The network security threat landscape is ever-evolving. But always at the cutting edge
are custom-written, stealthy threats that evade traditional security perimeter defenses.
The Cisco Cyber Threat Defense Solution provides greater visibility into these threats
by identifying suspicious network traffic patterns within the network interior. These
suspicious patterns are then supplemented with contextual information necessary to
discern the level of threat associated with the activity.
SMC
Solution Highlights
Cisco Cyber Threat Defense focuses on the most complex and dangerous information
security threats threats that lurk in networks for months or years at a time stealing
vital information and disrupting operations. Cisco provides visibility into these threats
and context to decipher their targets and potential damage. Security analysts gain
visibility into advanced cyber threats such as:
Internal Network
SIO
Network reconnaissance
Network interior malware proliferation
Command and control traffic
Data exfiltration
The Cisco Cyber Threat Defense Solution is built upon the following components:
Unique interior network traffic telemetry capabilities of Cisco Catalyst switches,
Cisco routers and Cisco adaptive security appliances.
Network traffic analysis capabilities provided by the StealthWatch System from
Lancope, Ciscos cyber threat solution partner. Cisco offers the StealthWatch
System via its development partnership with Lancope.
Identity, reputation, and application-type contextual information for discerning the
target and severity of the threat. These context points are delivered by the Cisco
Identity Services Engine, Cisco Security Intelligence Operations (SIO), and NBAR on
Cisco routers, respectively, and are presented via the StealthWatch Management
Console.
Benefits
The Cisco Cyber Threat Defense Solution:
Provides threat defense in the network interior, where the most elusive and
dangerous threats are
Enables scalable, ubiquitous, and cost-effective security telemetry throughout the
network using NetFlow data from the Cisco network infrastructure
Simplifies error-prone and expensive manual threat investigation processes
Uses existing Cisco switch, router, and security appliance network footprint
2012 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks.
Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
At-A-Glance
Solution Components
There are three functional components of the Cisco Cyber Threat Defense Solution:
Relevant contextual information for deciphering the intent and severity of the threat
via the Cisco Identity Services Engine, Cisco SIO, and application recognition
Aggregating, normalizing, and analyzing NetFlow data to detect threats and suspicious
behavior Lancope StealthWatch FlowCollectors and Management Console.
Ordering Information
Providing threat context User identity, endpoint device profiling, and posture
information from the Cisco Identity Services Engine. Reputation from Cisco SIO.
Application type from NBAR on Cisco routers.
Visibility & Management
Aggregate up to 25 FlowCollectors - up to
1.5 million flows per second
StealthWatch
Management
Console
Identity:
Cisco ISE
FC
Flow Exporters
NetFlow is generated by:
Cisco Switches, Routers, ASA 5500
FlowSensors in areas without flow support
Lancope StealthWatch FlowCollectors Aggregates NetFlow and NBAR from Cisco infrastructure.
SKU
Model
Maximum
Flows Per
Second
Maximum
NetFlow
Exporters
(e.g.,
Switches,
Routers)
Maximum Hosts
Monitored
(IP Addresses)
Flow
Storage
Capacity
LC-COLLECT-VMW
FlowCollector VE
30,000*
1000
500,000
1 TB
LC-COLLECT-1000
FlowCollector
1000
30,000
500
250,000
1 TB
LC-COLLECT-2000
FlowCollector
2000
60,000
1000
500,000
2 TB
LC-COLLECT-4000
FlowCollector
4000
120,000
2000
1,000,000
4 TB
SMC
Threat Context
SIO
Reputation:
Cisco SIO
Application:
NBAR on
Cisco Routers
NetFlow:
Cisco Switches,
Routers and ASA 5500
Lancope StealthWatch Management Console Aggregates, organizes, and presents analysis from
FlowCollectors, Cisco Identity Services Engine, and Cisco SIO.
SKU
Model
Maximum FlowCollectors
Supported
Why Cisco?
LC-CONSOLE-VMW
SMC VE
5*
1 TB
The Cisco Cyber Threat Defense Solution delivers broad visibility into the most
dangerous and stealthy network threats by providing ubiquitous threat detection within
the interior of the network. By combining traffic analysis with user, application, and
reputation context, Cisco delivers:
LC-CONSOLE-500
SMC 500
1 TB
LC-CONSOLE-1000
SMC 1000
1 TB
LC-CONSOLE-2000
SMC 2000
25
2 TB
2012 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks.
Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
At-A-Glance
Lancope StealthWatch FlowSensors Optional component that produces NetFlow data for
Cisco Threat Context Platforms generates the contextual information to integrate with flow analysis
in StealthWatch
SKU
Model
Traffic Capacity
Platform
Context Generated
LC-SENS-VMW
FlowSensor VE
FlowSensor 250
100 Mbps
LC-SENS-1000
FlowSensor 1000
1 Gbps
LC-SENS-250
LC-SENS-2000, 2000-2F
FlowSensor 2000
2.5 Gbps
Reputation
LC-SENS-3000-F, 3000-2F
FlowSensor 3000
5 Gbps
Cisco Network-Based
Application Recognition
(NBAR)
Application type
NB: FlowSensor traffic does not count against Flow license capacities.
SKU
License Type
L-LC-1K-FPS
L-LC-10K-FPS
L-LC-25K-FPS
L-LC-50K-FPS
L-LC-100K-FPS
NB: FlowSensor traffic does not count against Flow license capacities.
Cisco NetFlow-Enabled Infrastructure Generates the flow telemetry collected for analysis by
StealthWatch.
Model
Hardware Required
Supervisor Engine
7-E or 7L-E
Supervisor Engine 2T
2012 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks.
Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
C45-702757-00 03/12