News & Events

Stealthwatch 7.0 – What’s New With Cisco Stealthwatch?

  • 12 February, 2019

Article, Cisco, Security

What's new in Stealthwatch 7.0?

Stealthwatch is one of Cisco’s most widely popular security tools. It gives you unparalleled visibility into your network and is rapidly becoming a favourite among security professionals. Recently, Cisco rolled out a new update for the platform, Stealthwatch 7.0.

Cyber threats are constantly changing and evolving and that’s why its good to see that Cisco are one of the most active groups around when it comes to upgrading their platforms to ensure their customers are always fully protected.

Stealthwatch 7.0 brings plenty of new features and this article will run through some of the most important, valuable and interesting!

Context-aware mitigation

Stealthwatch already works harmoniously with another of Cisco’s security tools, Cisco Identity Services Engine (ISE), which provides additional context and information on users when it comes to threat detection. This also gives the person responsible for safeguarding the network the ability to mitigate the threat directly from within Stealthwatch. Here are some of the new features:

Stealthwatch can now pull TrustSec Security Group Tags (SGTs) from ISE to be mapped to IP addresses, providing the ability to more efficiently implement network segmentation by using SGTs to form Custom Security Events within Stealthwatch.

You can now take selective mitigation actions based on a threat’s severity using ISE ANC (Adaptive Network Control) policies.

The improvements to performance and support for multiple ISE clusters give larger customers the ability to scale user sessions.

Better Control

No two businesses are the same. Each one has unique workflows and processes and so what may seem like suspicious activity in one business could be perfectly normal behaviour in another. It’s very likely that your security team do not have a great deal of spare time to spend reviewing irrelevant notifications which could, in turn, lead to serious threats being missed. In Stealthwatch 7.0, Cisco has further improved the ability to customise and fine-tune your unique security platform.

User and Host Group Manager enhancements

With Stealthwatch 7.0 you can now manage users and host groups directly from the web interface:

  • Add Stealthwatch users and configure access to data based on their roles
  • Classify hosts into host groups to effectively monitor for anomalies and threats based on the business workflows

Policy Manager enhancements

Improvements made to the policy manager include:

  • You can now manage all three elements of Stealthwatch security policies, core, custom, and relationship events centrally through the web interface
  • You are now able to create, edit, or delete events easily
  • Unmatched control over security policy tuning in order to receive relevant alerts that are customised to business logic

Easier management

In the past, security professionals have always said that Stealthwatch is a fantastic tool that they couldn’t do their job without. However, there has been some mild criticism of the interface used to control the platform. Cisco listened to the responses and has been working hard on making improvements.

With the centralised appliance and update manager in the web interface, you are now able to configure, update, and manage all the Stealthwatch appliances such as the Stealthwatch Management Console (SMC) and the Flow Collector from one place. Spend less time managing the tool and more time utilising it for all the security benefits that are available.

Enhanced analytics

Threats are always changing. Cyber-criminals are rapidly inventing new ways to break into your network every day. Since 2017, there have been 150 million new forms of malware and potentially unwanted programs detected and registered.

Because of this its vital that security applications are being consistently updated to handle the new threats. Stealthwatch 7.0 brings a huge upgrade to the platforms analytical capabilities for fast and high-fidelity threat detection. Here’s what new for the machine learning engine based in the cloud:

  • Ability to analyse and correlate proxy logs to network telemetry for improved effectiveness
  • Improvements designed to detect botnets more efficiently
  • The addition of an option to apply analytics to certain internal servers
  • Unusual or new crypto mining pools will now be automatically detected by a crypto mining classifier
enhanced security analytics stealthwatch 7.0

Stealthwatch Apps

With Stealthwatch 7.0, Cisco is releasing three apps which will vastly improve your experience while using Stealthwatch.

Host classifier

The host classifier application delivers dynamic discovery and classification of core assets in the network. It’s useful for initial system configuration as well as to continuously maintain host classification. Accurately configured host groups lead to accurate and contextual alarms. All analysis is performed on-prem.

host classifier stealthwatch 7.0

ETA Cryptographic Audit

Using Encrypted Traffic Analytics (ETA) technology, this app will help you analyse encrypted traffic for cryptographic compliance. It assesses the quality of encryption that is being used, which aids audit cryptographic compliance. This app will also help to convey and explain trends and changes in the amount and type of encryption.

eta stealthwatch 7.0

Visibility Assessment

The last Stealthwatch app allows you to rapidly acquire insights into areas of your network where security risks exist, key network metrics, traffic to high-risk countries. There is very little tuning or host configuration involved in this app. Users of Stealthwatch can also easily generate a printable summary of the network for the executives.

visability assessment stealthwatch 7.0

To see the original Cisco blog post, please click here.

For an introduction to everything Cisco Stealthwatch can do, please click here.

For a free Stealthwatch Visibility Assessment, please  click here.

Tweet
Share
Share