We are extremely excited to announce new top features of Cisco Stealthwatch! With release 7.3.0, we have been announcing significant enhancements for the Stealthwatch Administrator and the Safety Analyst to detect and react to threats faster and manage the device more efficiently.

Automated Response updates

Discharge 7.3, introduces automated response abilities to Stealthwatch, providing you new solutions to share and react to alarms through enhancements to the Response Administration module, and through SecureX threat response integration enhancements.

New options for sharing and giving an answer to alarms

Stealthwatch’s Response Administration module provides been moved to the web-based UI and modernized to facilitate data-revealing with 3^rd party event collecting and ticketing techniques. Streamline remediation functions and accelerate containment through many new methods to share and react to alarms through a selection of customizable action and principle options. New response activities include:

• Webhooks to improve data-sharing with third-party equipment which will provide unparalleled response administration flexibility and save period
• The capability to specify which malware detections to send out to SecureX threat response along with associated response actions to accelerate incident investigation and remediation efforts
• The capability to automate limiting a compromised device’s network access whenever a recognition occurs through customizable quarantine policies that leverage Cisco’s Identity Services Motor (ISE) and Adaptive System Control (ANC)

Figure 1. Modernized Reaction Management module with fresh response action options

SecureX threat response integration enhancements

Get granular and become specific with flexible guideline configurations that provide the opportunity to:

• Define which alarms from Stealthwatch are usually distributed to SecureX threat reaction
• Bottom shared alarms off several parameters, such as for example alarm severity, alarm kind, and host team
• Talk about alarms from objective critical services having the ability to define incident confidence ranges, how target items are formed, and principle circumstances based off targets designed for external or internal hosts

Figure 2. Customize which alarms are usually delivered to SecureX threat reaction by severity

SecureX platform integration enhancements

Cisco’s SecureX system unifies presence, centralizes alerts, and enables automation across your complete security infrastructure about the same dashboard. Maximize operational performance, eliminate repetitive duties, simplify business procedures, and reduce human mistakes by:

1. Automating responses with pre-built workflows via SecureX’s orchestration features
2. Generating playbooks with all of your integrated security tools by means of SecureX’s intuitive user interface

Number 3. SecureX’s pre-constructed workflows and customizable playbooks

Improved security analytics

As threats continue steadily to evolve, therefore do the analytical abilities of Stealthwatch to provide high-fidelity and quick threat detections. The cloud-based device learning engine (Cognitive Cleverness) has been up-to-date to include:

• New confirmed detections
• New machine learning classifiers for anomalous TLS fingerprint, URL superforest, and content spoofing detections
• Wise alert fusion inside the brand new user interface (available in beta)
• New Stealthwatch make use of cases including Remote Access Trojan and Emotet malware detections

Figure 4. A good example of the new articles spoofing detector classifier doing his thing. Figure 5. Stealthwatch’s brand-new GUI with intelligent alert fusion.

Easier management

Internet UI improvements

Don’t allow setup process straight down slow you! Optimize installation with internet UI enhancements that decrease deployment period and support full construction of (both?) the applying and vital services prior to the very first reboot to save lots of time.

Flow Sensor versatility and visibility enhancements

Get presence into more areas than previously through ERSPAN (Encapsulated Remote control Switch Port Analyzer) assistance now put into Flow Sensors. Advantages include:

• Visibility improvements through the capability to notice within VMware’s NSX-T information centers to facilitate Movement Sensor deployment and system configuration
• Removed dependence on direct physical connectivity
• ACI traffic supervising from Backbone and Leaf nodes

Coming soon

Introducing the Stealthwatch Information Store!

The Data Store will be supported by version 7.3 and above and provide a fresh and improved data source architecture style for Stealthwatch that allows new means of storing and getting together with information more efficiently. Every individual Data Shop appliance includes a 3-node data source cluster with movement ingest by Flow Enthusiasts decoupled from data storage space to own following benefits:

• Query performance rate improved by way of a x10 magnitude
• Scalable and long-term telemetry storage space capabilities without the need for extra Flow Collectors
• Enterprise-class data resiliency to permit for seamless information availability during individual node failures
• Scalable ingest: Information Stores could be combined to produce a single cluster that’s capable of monitoring more than 3 million flows per second

Take note: The Stealthwatch Data Shop will undoubtedly be orderable by the finish of twelve months 2020.

Enhanced reporting with the brand new Report Builder Application

The Report Builder Program provides a framework for visualizing trends and anomalies in stored information through the capability to build highly customizable reports and configure their layouts in various formats and chart types to optimize how they’re displayed.

To learn more concerning this release, browse the Release 7.3.0 At-a-Glance and the Release Notes.

Don’t have Stealthwatch? Find out more at https://www.cisco.com/go/stealthwatch or try the answer out on your own today with a free visibility assessment.