Cisco Cloud Analytics (formerly Stealthwatch Cloud) is now a part of Cisco ‘s Extended Detection and Response (XDR) solution, providing security teams with enhanced visibility, faster threat detection, and proactive response capabilities.
Cisco XDR
Cisco XDR is an advanced security solution that unifies security data from multiple sources, including endpoints, network devices, cloud applications, and email systems.
The solution allows for a unified security approach by alerting across endpoints, network, and cloud environments through its ability to integrate seamlessly with both Cisco and third-party solutions.
Behavior analytics baked into Cisco XDR identifies anomalies within the environment, while AI-Driven automation prioritized top threats, enabling security teams to detect and respond to threats more effectively, reducing the time to detection and remediation.
Cisco XDR also leverages Cisco Talos threat intelligence for real-time threat detection and ties alerts to the MITRE ATT$CK framework to provide additional contextual insight around the attack.
Cisco Cloud Analytics
Cisco Cloud Analytics is a 100% cloud-native security solution, which provides security insights into multi-cloud and hybrid environments for threats and compliance by ingesting telemetry data from sources within public cloud platforms, such as Amazon Web Services (AWS), Google Cloud Platform (GCP), and Azure, for example.
It achieves this by initiating dynamic entity modeling, which classifies entities (any identifiable device or system that can be monitored for network activity within Cloud Analytics) on the network, determines their role, and a establishes a baseline of normal activity and communications between these entities.
From there, it will look for deviations within that baseline to detect malicious activity, and alert upon threats, such as data exfiltration, policy violations, misconfigured cloud assets and user issues across cloud environments.
Cloud Analytics continuously monitors traffic patterns to detect anomalies, as well as utilizes AI-driven models to understand normal user and entity behavior.
Additionally, Cisco Cloud Analytics allows visibility into cloud utilization metrics, and can alert on misconfigurations, ensure cloud security best practices and compliance, and optimize the overall deployment, fusing the silos between SecOps and DevOps.
Common threats Secure Cloud Analytics can alert on are, but not limited to:
Cisco XDR and Cloud Analytics - Working Together
Cisco Cloud Analytics is now part of XDR and together, both solutions create a comprehensive security framework that enhances threat detection, investigation, and response.
Cisco Secure Cloud Analytics ingests data from public Cloud platforms, such as AWS, Azure GCP, VPC Flow logs and Cloudtrail data.
From there, Cisco XDR ingests data from Cisco Cloud Analytics, correlates it with other security events coming from endpoint and network security solutions, and prioritizes threats.
Cisco XDR enables automated threat containment based on the insights it receives from Cisco Cloud Analytics. For example, if Cisco Cloud Analytics detects an anomalous login or suspicious data exfiltration in the cloud, Cisco XDR can automatically isolate the compromised asset, revoke user access, and trigger remediation workflows.
Security teams receive high-fidelity alerts with contextual information, reducing alert fatigue and enabling faster investigations.
With the addition of AI-powered analytics, Cisco Cloud Analytics detects even the most subtle behavioral changes that may indicate an attack. These insights are fed into Cisco XDR, enhancing its ability to identify and respond to evolving threats before they escalate.
In conclusion, Cisco XDR and Cisco Cloud Analytics form a powerful security duo, ensuring holistic threat detection and rapid response across hybrid and multi-cloud environments. By leveraging AI-driven analytics, automated response capabilities, and seamless integration, these solutions provide security teams with the tools they need to defend against today’s sophisticated cyber threats effectively.
To learn more about how to optimize your organization’s XDR deployment, please reach out to the ModernCyber Team to learn more about our Consulting Services, Deployment, and Enablement Services!