The Cisco ASA is a great tool for Cyber Threat Defense. In part one of this blog I described the 3 components of Cisco’s threat defense solution. In this half I will be showing you some more benefits of the solution, and how it can be used in correlation with other technologies to give you end to end visibility in your network.
Cisco Cyber Threat Defense provides a proactive means of detecting threats that have already penetrated the internal network. Leveraging network intelligence to provide deep visibility across the whole network allowing you to understand the “who, what, when, where, why and how” of network traffic and discover anomalies.
Network security is an ever-evolving world; at the bleeding edge there are always new and stealthy threats that could evade traditional detection methods. While many will focus efforts on internet threat defense; but advanced cyber threats often enter via external media, spear phishing, social engineering, or BYOD in the form of malware or trojans. No matter what way they use to get in, advanced persistent threats often go undetected for long periods of time.
By remaining quiet and hidden in normal network traffic threats can spread under the radar among targets. Perimeter defenses lack visibility into these threats. An infected system could be doing anything from mining Bitcoins while you are away from your desktop to stealing all of your company’s valuable intellectual property. The signs of cyber crime are not always predictable and visible of network traffic is essential for protection.
Cisco Cyber Threat Defense allows you to uncover network anomalies faster by bringing suspicious traffic to light. This information can be used in correlation with flow data collected from other devices. A good NetFlow monitoring tool will be able to provide Event Correlation and application-level classification; This data can greatly help with intrusion and APT detection.
Tying multiple network traffic monitoring technologies together is your best chance to find a threat on your network. NetFlow data can be used for behavioral analysis and can check for known bad IP addresses on a network. Using all of the data available in most enterprise hardware with a centralized reporting and alerting software will provide real-time data correlation, visualization and consolidated reporting of combined NetFlow and Identity analysis. Have you used a Cisco ASA in correlation with network monitoring tools to protect you’re networks? Please share you’re success stories or questions in the comments below.