AirMagnet – Technology Integrations
May 29, 2020
People Are The Strongest Link
May 30, 2020

3 reasons why Cisco Stealthwatch is the Michael Jordan of Network Traffic Analysis tools

The Last Dance, a 10-part docuseries about the historic career of NBA legend, Michael Jordan, came to an end recently. I was glued to my TV watching, and re-watching, these captivating hour-long episodes. It was chock full of uncut, never before seen footage that had sports fans around the world hooked. As a millennial who did not get the privilege of living through the Jordan-dominant era of the 90’s, I had accepted that Michael Jordan was the greatest of all time, but did I really believe it? I didn’t get to witness him firsthand- so probably not.

I am here to tell you how foolish that was. MJ was different.

The most striking thing about MJ was that he could do it all. His speed and athleticism at his size was something the NBA had never witnessed. The sport was dominated by one trick ponies, one-dimensional big men who could stand at the rim and score. MJ would out-smart you, out-score you and out-work you. Mike also became a better player in his later years. The young athlete stunned crowds during his first year out of UNC (the alma mater of our very own Chuck Robbins) and continued this success all the way through to his final years in the NBA. Like a fine wine, MJ got better with age– so much so that he won an MVP award at age 35! The last part of MJ’s game that struck me was his fearless lockdown defense, both on the perimeter and at the rim. Nothing got past Mike.

Source: ESG Master Survey Results, The Threat Detection and Response Landscape, April 2019

As the series came to an end, I couldn’t help but think- Cisco Stealthwatch is a lot like Michael Jordan. Here are 3 reasons why:

Just like Mike, Stealthwatch can do it all.

Cisco Stealthwatch is a Network Traffic Analysis (NTA) tool that looks at your network telemetry to deliver alerts, saving your organization time and resources. Stealthwatch is available in various deployment models that allow protection for all kinds of workloads – on-prem infrastructure, your data centers, switches and routers. In addition to an on-prem deployment as a hardware or virtual appliance, Stealthwatch is also available as a SaaS delivered model that can be deployed for both private network monitoring and public cloud monitoring. It can even ingest telemetry that is native to various public cloud platforms like Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP). No matter what your network looks like, Stealthwatch has a solution for you.

I also noticed that Mike kept getting better. He learned about his opponents, found their weak points and exploited those weaknesses. He tuned his own game to those around him and got better each and every day. Stealthwatch is no different.

Stealthwatch gets better over time with dynamic entity modeling

Stealthwatch is constantly learning. Stealthwatch uses a process called dynamic entity modeling to learn about your resources and classify them into various roles, groups and more. After deployment, the solution learns over the course of a few days what is happening on your network. It establishes a baseline for “normal” behavior, and triggers alerts to notify users of anomalies. Stealthwatch also uses Talos, the largest non-governmental threat intelligence organization in the world, to enhance its threat detections. Network telemetry is correlated with the global risk map from Talos, a database full of known Indicators of Compromise (IoCs), different types of malware, open TOR doorways and more. This allows Stealthwatch to generate high-fidelity actionable alerts that allow your SOC team to focus on other tasks. In summary, Stealthwatch is more effective over time. Just like Mike.

Perhaps the most effective part of MJ’s game was his defense. During his illustrious NBA career, MJ earned one Defensive Player of the Year award, a tough feat to achieve for a player of his stature. He stopped players at the perimeter before they became a problem. He played bigger than his position and bodied larger defenders trying to exploit him in the paint. Stealthwatch can do all of this, but better.

Stealthwatch provides end-to-end threat detection

Stealthwatch is an ideal tool for users who need to monitor various capacities of traffic in their networks. It can be used as a threat hunting system to detect malware and malicious activity before it becomes a breach. It can also be used to monitor east-west traffic to ensure compliance and generate alerts for potential port scanning, data exfiltration and more. In its public cloud deployment model, it can monitor unique cloud data such as VPC and NSG flow logs and keep your cloud workloads secure. Both Stealthwatch models can even detect threats in encrypted traffic.

Stealthwatch is the Michael Jordan of the Network Traffic Analysis market. Its end-to-end visibility, behavior-based machine learning over time, and ability to cover all of your on-prem and cloud assets make it the premier NTA tool.

Sign up today for a 2-week visibility assessment, or check out our SaaS-based 60 day free trial

The post 3 reasons why Cisco Stealthwatch is the Michael Jordan of Network Traffic Analysis tools appeared first on Cisco Blogs.