Lancope’s Cisco ASA Updates
Last year I posted about Lancope’s parsing of the NSEL data from Cisco ASA firewalls. As mentioned in that post, flow data from the ASA is a bit different from traditional NetFlow records sent by routers and switches within the infrastructure, but this isn’t a bad thing. NSEL provides rich information and unique data points for advanced security troubleshooting.
Lancope stitches Cisco ASA NetFlow records together with records from the remainder of the network, allowing StealthWatch users to understand not just the transaction path for network traffic, but also what happened to those transactions when they were handled by the ASA. Lancope has built various analytics within StealthWatch to leverage the custom fields available from the ASA (such as the permit/deny actions) to enhance algorithms for behavioral analysis and validating policy.
Lancope has also recently added StealthWatch support for the NAT translations available from NSEL records, and again stitches this information into other NetFlow records. There are a variety of uses for this data from determining how private IPs are impacting the public interfaces outside of NAT gateways, to various incident response use cases and dealing with external notifications such as DMCA takedown notices.
Please join Lancope tomorrow for a complimentary webinar on leveraging StealthWatch and Cisco ASA for advanced network visibility and security context. Those interested can register here.
TAGS netflow, network security, stealthwatch, lancope, network visibility, incident response, behavioral analysis, nsel, cisco asa, security context, nat