Embed Size (px)
Citation preview
Bring Security to the Branch with
Stealthwatch Learning Network
License
Sukrit Dasgupta, Engineering Technical Leader
Brian Ford, Technical Marketing Engineer
November 9, 2016
Sukrit Dasgupta, Engineering Technical Leader & Brian Ford, Technical Marketing Engineer
November 2016
Using machine learning and Cisco technologies for faster incident response
Bring Security to the Branch with Stealthwatch Learning Network License
Your Presenters
Brian Ford Sukrit Dasgupta
In this session you will learn how Cisco Stealthwatch Learning Network License deploys right on your Integrated Services Router, as well as enable centralized visibility into anomalies and threats, monitor traffic without impacting network performance, and automate threat detection and mitigation with intelligent machine learning sensors.
• Introduction to Cisco Stealthwatch Learning Network License and the use of machine (Brian)
• Integration with the 4000 Series Cisco Integrated Services Router (Brian)
• Using network traffic patterns and device telemetry to build effective branch security policies (Sukrit)
• Turning detections into actions and how machine learning sensors monitor branch traffic, applications, users, and devices (Sukrit)
• Scalability (Brian)
• Deployment (Brian)
Agenda
Introduction
Analyze Monitor Detect Respond
Extended Network
Branch Data Center
Cloud
Cisco Services and Customer Success
• Gain unique visibility
across your business
• Simplify segmentation
throughout your networks
• Address threats faster
• Enable your network to take action
• Extend visibility and granular access
control to your remote branches
• Prevent the lateral movement of threats
• Protect your critical information
• Simplify policy enforcement
and data center segmentation
• Accelerate incidence response
in the data center
• Gain enhanced visibility
into the cloud
• Make the cloud a part
of your segmentation strategy
• Identify threats quickly
and take action
Stealthwatch enhances visibility across your entire business
CISCO
STEALTHWATCH
Integration
A Closer Look: ISR 4000 with Learning Agent
Cisco ISR 4000 Platform
Linux OS
IOSd
Control Plane
Platform-Specific Data Plane
Learning
Agent
Linux Service Container
Data
Stealthwatch
Management
Console
Flow Enabled
Infrastructure
User and Device
Information
Stealthwatch Labs
Intelligence Center (SLIC)
threat feed
Stealthwatch Portfolio: Learning Network
Cisco
ISE
Flow
Collector
Learning
Network
Manager
Branch
Network
The Stealthwatch
Learning Network
License adds anomaly
detection & mitigation
capabilities deployed
in an ISR 4000.
Sukrit Dasgupta, Engineering Technical Leader
Stealthwatch Learning Network
Scalability & Deployment
Learning Network License Deployment Requirements
Learning Network Manager Learning Network Agent
VMWare ESXi 5.5
Memory 24 Gb
4 Virtual CPUs minimum (8 recommended)
1 Virtual NIC
200 Gb of hard disk
Note: For installs of more than 50 agents
the recommendations, 64 Gb memory and
16 vCPU, and 4 Tb of hard disk
ISR 4451 or 4431
IOS-XE v3.16 with LXE Container
IOS Application Experience (AX) Bundle
8 Gb or 16 Gb memory upgrade
NIM-SSD 200 Gb Persistent Storage
(desirable option)
IOS Feature Will SLN Run? Comment
IOS Sec Includes NAT and ZBFW
VPN ✓ Some issues detected with
DMVPN
IWAN ☐ Requires further testing
WaaS ☐ Requires further testing
Snort ✓ Requires using 2 containers
and Snort small model
Umbrella (OpenDNS) ✓ Umbrella for IOS is an IOS
feature (available in IOS
16)
FTD FTD runs on a UCS-e
module
SLN and IOS Feature Compatibility
• Assumes that base router is configured • All interfaces ‘no shut’, routing enabled, and VTY authentication
• Deploy From Manager • Run a YAML script (deploys container version)
• Deploy from Router CLI • Entering commands at CLI via direct connection or SSH
• Additional Configuration: • ISE pxGrid ( requires certificate to authenticate )
• Logging (supports Common Event Format – CEF protocol)
Deploying Learning Network
Summary
Stealthwatch
Management
Console
Flow Enabled
Infrastructure
User and Device
Information
Stealthwatch Portfolio: Branch Roadmap
Cisco
ISE
Flow
Collector
Learning
Network
Manager
Branch
Network
By 2018 it is planned
that the SMC and
Stealthwatch
Learning Network
License will be more
closely integrated.
Monitor branch traffic and stop
bad communications at the
network edge
Use machine learning to identify
and respond to branch traffic
patterns
Separate security and network
operations
Report to a single web-based
management console
Turn Your Router into a Security Device
Manager
ISR 4000 with Agent
Distributed Learning
Agent
www.cisco.com/go/stealthwatch
For more information
Thank you for watching.
