Cisco Secure Network Analytics (Stealthwatch)
Alatalo, Mika (2022)
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2022090519872
https://urn.fi/URN:NBN:fi:amk-2022090519872
Tiivistelmä
This thesis studies the possibility to increase the visibility into the customer network environment by deploying the Cisco Secure Network Analytics system into the network. It also concentrates on actual installation procedure for the Secure Network Analytics system into the customer’s network.
Today’s network environments have new kind of threats which are not necessarily seen by firewalls in the network edge. When the networks get bigger in scale and lot of the hosts are sending traffic into the network, it gets harder to the customer to understand what really is happening inside their network. To get increased visibility for the customer’s network, the Cisco Secure Network Analytics system was deployed into the customer’s network infrastructure. Not all components of the Secure Network Analytics system were deployed into the customer environment. Installed components were the Secure Network Analytics Manager, the Flow Collector and two Flow Sensors. Also, one remote site core device was configured to work as a flow exporter for the Secure Network Analytics system in addition of their normal traffic forwarding activities. Other optional components of the Secure Networks Analytics system were not installed during this project but if there is need, they can be added later to the system.
After the system was installed and when one was able to analyse traffic flows generated by the hosts, it was seen that the visibility into the customer’s network increased. To get gains from this increased visibility, the customer needs to have resources which use this system regularly and reacts to the alarms which the system is generating.
Keywords: Cisco Secure Network Analytics, Visibility, Network
Today’s network environments have new kind of threats which are not necessarily seen by firewalls in the network edge. When the networks get bigger in scale and lot of the hosts are sending traffic into the network, it gets harder to the customer to understand what really is happening inside their network. To get increased visibility for the customer’s network, the Cisco Secure Network Analytics system was deployed into the customer’s network infrastructure. Not all components of the Secure Network Analytics system were deployed into the customer environment. Installed components were the Secure Network Analytics Manager, the Flow Collector and two Flow Sensors. Also, one remote site core device was configured to work as a flow exporter for the Secure Network Analytics system in addition of their normal traffic forwarding activities. Other optional components of the Secure Networks Analytics system were not installed during this project but if there is need, they can be added later to the system.
After the system was installed and when one was able to analyse traffic flows generated by the hosts, it was seen that the visibility into the customer’s network increased. To get gains from this increased visibility, the customer needs to have resources which use this system regularly and reacts to the alarms which the system is generating.
Keywords: Cisco Secure Network Analytics, Visibility, Network