Welcome, to Part 3 of our Cisco Application-First Security blog collection! The purpose of the series would be to prepare you to deal with the new DevNet learning track, where you’ll learn to secure your cloud-native apps and infrastructure using:

• Application segmentation
• Application monitoring
• Community cloud threat recognition
• Multi-element authentication

In Part 1 of your blog collection we introduced one to the brand new DevNet learning monitor and accompanying DevNet Sandbox, also to the docs along with other resources you will find on the brand new Cisco Application-Very first Security website. We furthermore introduced one to the “Sock Store” e-commerce situation you’ll be dealing with in the training track. [link]

Part 2 focused upon Cisco Duo to include multi-aspect authentication (MFA) to safeguard both your build-atmosphere and Sock Store app from unintended accessibility. [link to Duo weblog: https://weblogs.cisco.com/programmer/secure-cloud-native-apps-infra-duo]

In Part 3 now, we’ll concentrate on what Cisco Stealthwatch Cloud can perform to provide you with visibility to your community cloud sources and detect threats within your application environment.

Improve protection and incident response over the distributed networks

Cisco Stealthwatch Cloud improves safety and incident response over the distributed network, from the personal branch and network office to the general public cloud. This option addresses the necessity for digital companies to quickly recognize threats posed by their system devices and cloud assets, also to do so with reduced management, oversight, and protection manpower.

Stealthwatch Cloud General public Cloud Supervising (PCM) is really a visibility, risk identification, and compliance services for Amazon Internet Services (AWS). It could protect other general public cloud environments such as Azure and GCP also. Stealthwatch Cloud consumes system traffic information, including Virtual Personal Cloud (VPC) stream logs, from your own AWS public cloud system. After that it performs powerful entity modeling by working analytics on that information to detect indicators and threats of compromise.

Stealthwatch Cloud consumes VPC circulation logs directly from your own AWS account utilizing a cross-account IAM function with the correct permissions. Furthermore, Stealthwatch Cloud can eat other resources of data, like IAM and CloudTrail, for additional checking and context. These indigenous AWS integration create Stealthwatch Cloud a straightforward plug and play safety alternative for the Sock Store!

The Stealthwatch Cloud service may also keep track of network traffic between pods running in Kubernetes clusters. That is ideal for your e-commerce unicorn, that is build on Kubernetes using AWS EKS completely! To be able to have presence into inter-pod traffic, a Stealthwatch is necessary by each node Cloud sensor pod. A Kuberentes DaemonSet can be used to make sure that those pods exist on those nodes always.

Stealthwatch Cloud makes use of all of this information from AWS and Kubernetes to design the behavior of every cloud reference, a way called entity modeling. With the ability to identify and alert on unexpected changes in behavior after that, malicious activity, and indications of compromise.

You can now sleep more soundly understanding that Stealthwatch Cloud offers public cloud presence and threat recognition for the vibrant Sock Shop company.

Give the brand new learning track a attempt

Desire to give it the whirl? You’ll all find it, including:

• • The Sock Store lab, “Cisco App-First Safety Lab in AWS”
  • Dedicated Stealthwatch Cloud labs covering alerting

and APIs

You’ll find all you need to try it within the new DevNet learning track.

Related resources:

• Visit the DevNet Security Dev Center. Find open integration and APIs points to aid 3rd party integrations.
• Find out about DevNet expert certifications for Cisco Certified DevNet Specialist – Protection Programmability and Automation, which includes exam topics and study materials.