Consider this scenario: Your network is growing. More and more people and devices are connecting to it. You’ve thrown money at optimizing and maintaining it. Security policies and sensor equipment are deployed to secure it.But these measures can’t always keep pace with ever sophisticated cyberattacks. And security teams can only do so much. Sound familiar?
The growing complexity in the enterprise network has created many blind spots which increase the opportunities for threat actors to hide and persist undetected within your digital business.
What if you could make the most of your existing infrastructure investment and detect threats that get past your perimeter defenses with a security solution that scales with your growing business? If so, you might want to take a look at Cisco Stealthwatch.
View, See, Understand, Act
Stealthwatch is a comprehensive threat visibility and network traffic security analytics solution that provides scalable visibility across your business using enterprise telemetry from your existing network infrastructure.
Because attackers aren’t employing just one method to breach your network, Stealthwatch employs multiple analytical techniques including behavioral modeling, machine learning, and the global threat intelligence of Cisco Talos, to continuously analyze network activities, detect threats early, and help ensure that the eviction is complete.
"With Stealthwatch you can view every host, see every conversation, understand what is normal, and be alerted to change across your private network, public clouds, hybrid environments, and even encrypted traffic – giving visibility into things you would never even think to look for."
How Stealthwatch Works
Let’s take a look at how each component of Stealthwatch works together to leave no stone unturned for catching threats at the earliest point in the attacker’s activities.,
1. Behavioral modeling
Stealthwatch closely monitors the activity of every device on the network to create a baseline of normal behavior and understand known bad behavior. It applies close to 100 different security events or heuristics that look at various types of traffic behavior and feeds these events into high-level logical alarm categories. Some security events can also trigger alarms on their own.
The system is able to correlate multiple, isolated anomalous incidents and piece them all together to determine what kind of attack might be in play, and also tie it to a specific device and user.
Stealthwatch also records every anomalous activity in the network and looks at it holistically to generate contextual alarms that can help security teams prioritize risks.
2. Machine learning
Stealthwatch applies multilayered machine learning (ML) to discover advanced threats and malicious communications. It integrates with a cloud-based multistage ML analytics pipeline which correlates threat behaviors seen in the enterprise and globally.
These multiple layers of processing employ a combination of techniques from artificial intelligence, ML and mathematical statistics to help the network self-learn its normal activity so it can identify malicious activity. The analytics pipeline is unique to Stealthwatch and gradually builds a picture of what is anomalous, then classifies actual individual pieces of threat activity and finally arrives at a conviction of whether a device or user is compromised.
This capability is important because a typical enterprise may receive tons of alerts daily, and it’s not possible for resource-strapped security teams to investigate all those alerts.
3. Global threat intelligence
One of the advantages that attackers have is that they can apply the same attack on multiple targets, and the odds are that they’ll be successful across them all because these victims are all constrained to their local view of the threat activity. But only Stealthwatch – powered by the Cisco Talos intelligence platform – gathers information about malicious IPs and domains, or new strains of malware, and maps the alerts to global threat intelligence.
Talos correlates suspicious activity in the local network environment with data on thousands of known command-and-control servers and campaigns to provide high-fidelity detection and faster threat response.
Using this combination of methods, rather than applying one technique, Stealthwatch can help you stay identify and thwart attacks that might have crossed the perimeter, or even threats originating within or hiding in encrypted traffic.
Contact us to learn more about how you can outsmart emerging threats in your digital business with industry-leading machine learning and behavioral modeling.