Replay the Live Event: http://cs.co/90068G6ln
Get an inside look at how Stealthwatch Learning Network License can transform your branch network router into a powerful security sensor and enforcer: one capable of quickly detecting threat activity and mitigating attacks, with little to no hands-on management needed.
Don’t miss this opportunity to hear from our security experts.
See the Stealthwatch Learning Network License TechWiseTV Episode: http://cs.co/90048G6WY
1. Bring Security to the Branch with
Stealthwatch Learning Network
License
Sukrit Dasgupta, Engineering Technical Leader
Brian Ford, Technical Marketing Engineer
November 9, 2016
2. Sukrit Dasgupta, Engineering Technical Leader & Brian Ford, Technical Marketing Engineer
November 2016
Using machine learning and Cisco technologies for faster incident
response
Bring Security to the
Branch with Stealthwatch
Learning Network License
4. In this session you will learn how Cisco
Stealthwatch Learning Network License
deploys right on your Integrated Services
Router, as well as enable centralized visibility
into anomalies and threats, monitor traffic
without impacting network performance, and
automate threat detection and mitigation with
intelligent machine learning sensors.
5. • Introduction to Cisco Stealthwatch Learning Network License and the
use of machine (Brian)
• Integration with the 4000 Series Cisco Integrated Services Router
(Brian)
• Using network traffic patterns and device telemetry to build effective
branch security policies (Sukrit)
• Turning detections into actions and how machine learning sensors
monitor branch traffic, applications, users, and devices (Sukrit)
• Scalability (Brian)
• Deployment (Brian)
Agenda
7. AnalyzeMonitor Detect Respond
Extended Network
Branch Data Center
Cloud
Cisco Services and Customer Success
• Gain unique visibility
across your business
• Simplify segmentation
throughout your networks
• Address threats faster
• Enable your network to take action
• Extend visibility and granular access
control to your remote branches
• Prevent the lateral movement of threats
• Protect your critical information
• Simplify policy enforcement
and data center segmentation
• Accelerate incidence response
in the data center
• Gain enhanced visibility
into the cloud
• Make the cloud a part
of your segmentation strategy
• Identify threats quickly
and take action
Stealthwatch enhances visibility
across your entire business
CISCO
STEALTHWATCH
9. A Closer Look:
ISR 4000 with Learning Agent
Cisco ISR 4000 Platform
Linux OS
IOSd
Control Plane
Platform-Specific Data Plane
Learning
Agent
Linux Service Container
Data
10. Stealthwatch
Management
Console
Flow Enabled
Infrastructure
User and Device
Information
Stealthwatch Labs
Intelligence Center (SLIC)
threat feed
Stealthwatch Portfolio: Learning Network
Cisco
ISE
Flow
Collector
Learning
Network
Manager
Branch
Network
The Stealthwatch
Learning Network
License adds anomaly
detection & mitigation
capabilities deployed
in an ISR 4000.
13. Learning Network License Deployment
Requirements
Learning Network Manager Learning Network Agent
VMWare ESXi 5.5
Memory 24 Gb
4 Virtual CPUs minimum (8 recommended)
1 Virtual NIC
200 Gb of hard disk
Note: For installs of more than 50 agents
the recommendations, 64 Gb memory and
16 vCPU, and 4 Tb of hard disk
ISR 4451 or 4431
IOS-XE v3.16 with LXE Container
IOS Application Experience (AX) Bundle
8 Gb or 16 Gb memory upgrade
NIM-SSD 200 Gb Persistent Storage
(desirable option)
14. IOS Feature Will SLN Run? Comment
IOS Sec Includes NAT and ZBFW
VPN ✓ Some issues detected with
DMVPN
IWAN ☐ Requires further testing
WaaS ☐ Requires further testing
Snort ✓ Requires using 2 containers
and Snort small model
Umbrella (OpenDNS) ✓ Umbrella for IOS is an IOS
feature (available in IOS
16)
FTD FTD runs on a UCS-e
module
SLN and IOS Feature Compatibility
15. • Assumes that base router is configured
• All interfaces ‘no shut’, routing enabled, and VTY authentication
• Deploy From Manager
• Run a YAML script (deploys container version)
• Deploy from Router CLI
• Entering commands at CLI via direct connection or SSH
• Additional Configuration:
• ISE pxGrid ( requires certificate to authenticate )
• Logging (supports Common Event Format – CEF protocol)
Deploying Learning Network
17. Stealthwatch
Management
Console
Flow Enabled
Infrastructure
User and Device
Information
Stealthwatch Portfolio: Branch Roadmap
Cisco
ISE
Flow
Collector
Learning
Network
Manager
Branch
Network
By 2018 it is planned
that the SMC and
Stealthwatch
Learning Network
License will be more
closely integrated.
18. Monitor branch traffic and stop
bad communications at the
network edge
Use machine learning to identify
and respond to branch traffic
patterns
Separate security and network
operations
Report to a single web-based
management console
Turn Your Router into a Security Device
Manager
ISR 4000 with Agent
Distributed Learning
Agent