Cisco Cyber Threat Defense Solution
Complex, elusive threats can linger within a network for months or even years, stealing data and disrupting operations. The main goal of the Cisco Cyber Threat Defense Solution is to enable organizations to more quickly uncover network anomalies and suspicious behaviors that could lead to damaging attacks.
As part of its inclusion in the solution, StealthWatch includes specially tailored reporting dashboards for tracking:
- Network reconnaissance – probing of the network to uncover attack vectors that can be leveraged for customized attacks
- Internal malware propagation – the spread of malware across hosts on the internal network to gather security reconnaissance information, steal data or create backdoors for infiltrating a network
- Command-and-control traffic – botnet communications between attackers and compromised hosts within the network
- Data exfiltration – the export of sensitive information back to an attacker, generally via command-and-control communications
- Internal host reputation – uncovering users that conduct suspicious behavior inside the network
These intelligence dashboards provide a faster, more direct means of tracking the most nefarious types of attack attempts before they wreak havoc on network assets. Additionally, through Lancope's Operational Network & Security Intelligence (ONSI) dashboard, StealthWatch security alarms are closely aligned to these various steps of the cyber attacker’s “kill chain." This provides greater security context for faster threat detection, more precise incident response and improved troubleshooting of these stealthy, malicious behaviors.
Lancope provides enhanced StealthWatch integration with the Cisco Identity Services Engine (ISE) access control solution. Building on Lancope’s context-aware security platform, Cisco ISE delivers the latest capabilities for identity/device awareness, as well as value-added, automated mitigation. Through the integration, the StealthWatch System obtains contextual information from ISE – including user identity, device type, security posture and access level – to help users respond more quickly and effectively to today’s top threats. If necessary, users can also leverage Cisco ISE to take mitigation actions directly from the StealthWatch Management Console (SMC).
More information on the Cisco Cyber Threat Defense Solution can be found here.