Cisco Secure Network Analytics

What Is Cisco Secure Network Analytics?

The product in question is Cisco Secure Network Analytics, formerly known as Stealthwatch. It is a network visibility and security analytics solution designed to provide real-time detection and response to threats across an enterprise's network. The solution includes components such as the Secure Network Analytics Manager, Flow Collectors, and the Data Store.

The Secure Network Analytics Data Store is a central repository that stores network telemetry data collected by Flow Collectors. It is part of a larger system that uses advanced security analytics, including behavioral modeling, machine learning, and global threat intelligence, to detect threats like command-and-control attacks, ransomware, DDoS attacks, cryptomining, unknown malware, and insider threats. The Data Store is optimized for fast query results, rapid graph and chart population, and long-term data retention, offering improved fault tolerance and data redundancy for enterprise-class deployments.

Advantage Of Cisco Secure Network Analytics?

Cisco Secure Network Analytics, with its Data Store component, offers several advantages that cater to the needs of enterprise-class and service provider networks. Here are some of the key benefits:

1. Centralized Data Repository: The Data Store acts as a central repository for network telemetry, which simplifies data management and enables faster query responses compared to querying multiple distributed sources.

2. Scalability: It is designed to scale telemetry consumption and can handle ingest rates up to 3 million flows per second (FPS) from over 30 million endpoints.

3. Data Resiliency: The Data Store provides high levels of data redundancy and fault tolerance with its K-safety functionality, which ensures no data loss upon an unexpected node failure.

4. Improved Query Performance: By consolidating flow data in a centralized database, the Secure Network Analytics Manager can retrieve query results faster than querying individual Flow Collectors.

5. Long-term Data Retention: The architecture allows for storing telemetry data redundantly for extended periods, exceeding half a year, which is crucial for forensic analysis and meeting compliance requirements.

6. Advanced Security Analytics: The solution leverages behavioral modeling, machine learning, and global threat intelligence to detect a wide range of threats with high confidence.

7. Agentless Visibility: It offers comprehensive threat monitoring across the entire network without the need for deploying agents, making it a non-intrusive solution.

8. Flexibility in Deployment: The Data Store can be deployed both as physical appliances and virtual appliances on VMware's ESXi hosts and KVM hosts, providing flexibility based on the customer's infrastructure.

9. Redundancy and High Availability: The product supports the deployment of redundant components, such as multiple Managers and Flow Collectors, to ensure high availability and prevent downtime.

10. Comprehensive Reporting and Analysis: It includes graphical representations, customized summary reports, and integrated security and network intelligence to deliver in-depth security analytics.

11. Support for Various Telemetry Protocols: The solution supports a range of telemetry protocols, including NetFlow, IPFIX, sFlow, and SYSLOG, making it adaptable to diverse network environments.

12. Integration with Cisco Ecosystem: As a Cisco product, it is likely to integrate seamlessly with other Cisco security and network solutions, providing a unified approach to network management and security.

These advantages position Cisco Secure Network Analytics as a robust solution for organizations requiring a high level of network security, visibility, and analytics to protect against modern threats.

What Are The Usage Scenarios For This Cisco Secure Network Analytics?

Cisco Secure Network Analytics Data Store is designed for use in scenarios that demand high levels of network visibility, security, and scalability. Here are some typical use cases, along with relevant product parameters:

1. Large-Scale Enterprise Networks: Enterprises with a large number of users, devices, and networked services require comprehensive network traffic analysis for security and performance monitoring. The Data Store can handle up to 3 million flows per second (FPS) and support telemetry from over 30 million endpoints.

2. Service Provider Networks: Service providers need to monitor and secure vast networks with high traffic volumes. The Data Store supports up to 90 days of data retention for service provider traffic profiles, which typically have high numbers of unique hosts and large amounts of sampled flow data.

3. Threat Detection and Response: Organizations that require real-time threat detection and response can use the Data Store's advanced security analytics to identify and mitigate threats such as DDoS attacks, ransomware, and insider threats.

4. Compliance and Forensics: Companies subject to regulatory compliance or those that need forensic analysis capabilities can benefit from the Data Store's long-term data retention capabilities, which allow for data to be stored redundantly for over half a year.

5. Network Optimization: IT teams can use the Data Store to analyze network traffic patterns and identify areas for optimization, such as bandwidth utilization and application performance.

6. Data Center Operations: Data centers with complex network topologies can leverage the Data Store to monitor east-west and north-south traffic, ensuring that network operations are secure and efficient.

7. Hybrid Cloud Environments: Organizations that operate across both on-premises and cloud environments can use the Data Store to maintain a unified view of network traffic and security posture.

8. Disaster Recovery and Business Continuity: By providing data redundancy and fault tolerance, the Data Store supports disaster recovery initiatives and business continuity planning.

Product parameters that support these use cases include:

• High Flow Rate Support: The Data Store is capable of ingesting up to 3M FPS, making it suitable for high-traffic environments.
• Data Node Redundancy: Each Data Node contains a portion of the ingested data and a backup of another node's data, enhancing data resiliency.
• K-Safety Functionality: Provides fault tolerance by replicating data across the database cluster, allowing for a certain number of node failures without data loss.
• Retention Periods: Adjustable retention periods allow customers to set data storage times according to their specific needs, from 30 days to over 360 days.
• Virtual and Physical Deployment Options: The flexibility to deploy as either physical appliances or virtual appliances on ESXi/KVM hosts accommodates various IT infrastructures.
• Scalability: The architecture allows for independent scaling of flow collection and storage functions to match customer needs and budgets.
• Redundancy and High Availability: Features such as redundant power supplies, dual-switch architecture, and the option to deploy multiple Managers and Flow Collectors ensure continuous operation.

These parameters make the Cisco Secure Network Analytics Data Store a versatile solution for a wide range of scenarios where network security analytics and data management are critical.