Latest release gives admins and security analysts enhancements to speed incident detection and response
Cisco Systems this week announced an updated version of its Stealthwatch network security controls platform that adds enhanced analytics, context-aware mitigation capabilities, and improved features for controlling and managing the tool.
The Lowdown: Cisco Stealthwatch 7.0 continues Cisco’s efforts to hone the tuning capabilities of the platform to give organizations more granular visibility and control of security policies, users, host groups, and appliances, all of which are now accessible from Steathlwatch’s Web interface.
The Details: Specific new features in Stealthwatch 7.0 include:
• Customizable policy, user, and host group manager capabilities.
• Centralized controls that enable configuration, management, and updating of Stealthwatch appliances such as Stealthwatch Management Console (SMC) and Flow Collector from a single Web interface.
• Tighter integration with Cisco Identity Services Engine (ISE) that allows analysts to take context-aware mitigation actions from within the tool.
• Stealthwatch Apps plug-ins to add specialized functionality. The first three available are: Host Classifier for asset discovery and classification; Visibility Assessment for quick views of network risk areas, traffic to high-risk countries, and other network metrics; and ETA Cryptographic Audit to analyze encrypted traffic for cryptographic compliance.
• Enhanced analytics including better botnet detection, the ability to analyze and correlate proxy logs to network telemetry, options for applying analytics to specific internal servers, and auto-updates for the cryptomining classifier to detect unusual and new cryptomining pools.
The Buzz: “Every organization is different with its own workflows. What might be considered suspicious activity within one might not necessarily apply to another,” wrote Stealthwatch Product Marketing Manager Megha Mehta in a blog post detailing the version 7.0 update. “With security teams already strapped for time and resources, you don’t want to spend time chasing down irrelevant alerts, or worse, miss critical threats. Stealthwatch gives you an unmatched level of control to fine-tune security and customize it to the business logic.”