Category Archives: network detection and response

Maintain Cloud Security Posture with Cisco Secure Cloud Analytics

Your business is facing some of its most rapid growth… maybe ever. According to the Cisco Annual Internet Report, cloud data centers will process nearly 95% of workloads in 2021. Over the past decade, businesses began racing into the cloud. With a newfound understanding of the great flexibility it can offer, CISOs around the world invested millions to migrate their business’ workloads into IaaS and PaaS based systems. Large enterprises spotted an opportunity to minimize their overhead costs and move away from some of the more traditional on-prem data centers, while small businesses realized that they can truly flourish in the public cloud. The laundry list of benefits includes added flexibility, lower costs, easier management and maintenance, and better overall agility that allows small organizations to function while operating with tighter resources.

It almost sounds too good to be true, right? Well, despite this massive cloud migration, 94% of organizations are moderately to extremely concerned about cloud security1. We’ve seen some big-name enterprises fall victim to attacks that stem from one critical mistake: misconfigured assets in the public cloud.

1. 2020 Cloud Security Report, Cybersecurity Insiders 

Today at our Partner Summit 2020 event, we are excited to announce new features that will soon be available in Cisco Secure Cloud Analytics (formerly Stealthwatch Cloud), a SaaS-based Network Detection & Response (NDR) offering, that give CISOs more confidence in their ongoing journey in the cloud. This solution is already built to protect your public cloud resources as it provides comprehensive visibility into all of your public cloud traffic. It is a true multi-cloud solution and can ingest native telemetry from Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP). It even has the ability to detect threats in encrypted traffic without active packet inspection.

New to Secure Cloud Analytics, is a highly flexible event viewer that offers a wealth of information about your business’ cloud deployment, resource configuration, alignment to industry standards and regulations and so much more. Here is a breakdown of how these features will help your business:

1. Encourage collaboration through simple reporting on cloud security posture

Secure Cloud Analytics enables your DevOps and SecOps groups to work cohesively, as one team. It identifies a critical gap that often exists between these functions. Your SecOps team is focused on threat hunting and protecting the business. It must monitor the network for alerts and address suspicious behavior in a timely manner. DevOps is responsible for implementing changes to code and configuring cloud resources but often lacks visibility into what SecOps is discovering about the network. The event viewer allows SecOps teams to identify vulnerabilities and gather critical information about configurations in the cloud and seamlessly deliver this information to DevOps to ensure that proper adjustments are made and that cloud workloads stay secure. Integrated with Cisco SecureX and other 3rd party platforms, Secure Cloud Analytics makes it easier than ever for teams to communicate their findings and make fluid adjustments in the public cloud.

2. Maintain compliance and meet standards unique to your industry

There is no one team solely responsible for ensuring compliance or meeting segmentation rules, however these new features enable teams to find and share information about public cloud traffic easily. The event viewer allows users to monitor cloud posture as it relates to various industry best practices. Users can investigate all cloud accounts and be alerted on those that are not compliant with industry standards like PCI, HIPAA and CIS frameworks or custom internal policies. Robust filtering and query searches allow the user to zero in on misconfigured or vulnerable assets that cause any compliance concerns.

3. Seamlessly monitor and protect your public cloud resources

The bread and butter of Secure Cloud Analytics is its ability to classify your network devices and monitor their behavior to detect threats. This process is known as dynamic entity modeling. Upon deployment, Secure Cloud Analytics starts to establish a baseline for learned ‘normal’ behavior. While it does provide some alerts out of the box, the most powerful alerts are triggered when it begins to understand the network and sees some deviation from the behavioral norm. It automatically groups your cloud resources into roles like EC2 instances, S3 buckets, AWS load balancers and more. It generates alerts like Geographically Unusual Azure API Usage and AWS Lambda Invocation Spike that are designed specifically to spot vulnerabilities in your cloud configurations.

Your business needs to keep finding new ways to innovate, stay agile, and protect its sensitive workloads. Ensure confidence in your cloud security posture with Secure Cloud Analytics.

To learn more please visit our webpage and

At-a-Glance summarizing these features, and sign up for a 60-day free trial today.

The post Maintain Cloud Security Posture with Cisco Secure Cloud Analytics appeared first on Cisco Blogs.

Stop playing whack-a-mole and put threats to rest with Cisco Stealthwatch Cloud

I was recently able to grab some time with a Cisco customer to hear about their experience with Cisco Stealthwatch Cloud, a SaaS-based Network Detection and Response (NDR) solution. Aspire Technology Partners, a Managed Security Service Provider, explained their use of the product for one of its customers that was in a dangerous situation involving some slippery malware floating around in the network. As I worked on this case study, I couldn’t help but think of one thing in particular…The North Carolina State Fair.

I am a relatively new North Carolina resident. Prior to working from home, I was no stranger to the commute up I-40 to building 9 of Cisco’s RTP campus. As I found my way around my new home state, I kept hearing that the NC State Fair is a rite of passage for new residents. I decided to check it out. What an experience that was. I got to see a monster truck show, a lot of farm animals and the world’s largest pumpkin. I also ate more fried food on a stick than my heart could handle. We also got to play whack-a-mole, a game that requires you to smash each mole as they poke their heads out of the machine with a mallet. As you progress, you earn points for each successful ‘whack’. Unfortunately, you can never really win since they never stop popping up.

Without an NDR tool like Stealthwatch Cloud in place, the modern Security Operations Center (SOC) is effectively doing the same thing. Their endpoint and perimeter solutions, while critical to network safety, are playing whack-a-mole: stomping on malware and isolating devices as they become infected while still knowing that the network is still at risk. Without east-west monitoring and visibility into encrypted traffic, businesses are susceptible to subsequent attacks once malware has established a foothold on the network. If your security team can’t identify how threats are accessing the network, malware could stay hidden for months…or even years.

Aspire Technology Partners was working with a customer who deployed an Incident Response (IR) team to contain a threat, believed to be ransomware, that was surfacing all over their network. The Aspire SOC team decided to deploy Stealthwatch Cloud to track the malware through east-west traffic monitoring. Here are a few reasons why Stealthwatch Cloud was critical to not only detecting the threat, but also stopping it dead in its tracks:

Stealthwatch Cloud deploys almost instantly       

The Aspire SOC team deployed Stealthwatch Cloud on the customer’s private network in just 2 hours. This allowed the team to immediately start digging through east-west flows to hunt down the threat.

Stealthwatch Cloud detects threats behaviorally     

Stealthwatch Cloud uses the network itself as a sensor, and offers both automated threat detection and the ability to search manually for threats. The team needed to identify the foothold of the attacker, and with comprehensive visibility provided by Stealthwatch Cloud, was able to discover that the malware found its way into the network via a vulnerable 3rd party device. No endpoint or agent-based solution could have figured this out.

Built-in remediation methods enable quick response to threats       

Stealthwatch Cloud offers a wealth of integrations with 3rd party and Cisco solutions that allow users to go one step further and communicate across their organization, pivot into other tools to carry on an investigation and much more. Alerts come alongside their supporting observations that contain bits of context that users can leverage as they continue to investigate. A simple firewall rule blocked out this malware for good.

So, stop playing whack-a-mole, unless you’re at the fair. Even with proper agent-based and perimeter protection, your network may still be at risk. You can fill that gap and gain comprehensive visibility on-prem or in the cloud with Stealthwatch Cloud.

To learn more, read the full Aspire Technology Partners Case Study.

Be sure to check out the Stealthwatch Cloud webpage and sign up for a free 60-day trial today.

The post Stop playing whack-a-mole and put threats to rest with Cisco Stealthwatch Cloud appeared first on Cisco Blogs.