Cyber Threat Defense Overview
Gain visibility into Advanced Persistent Threats (APTs) and other attacks. (Video - 3:09 min)
Gain Visibility into Advanced Persistent Threats
Cisco Cyber Threat Defense focuses on the most complex, dangerous information security threats, which lurk in networks for months or years, stealing vital information and disrupting operations.
It exposes these threats by identifying suspicious network traffic patterns within the network interior. Then, it provides contextual information about the attack, users, identity, and more - all visible from a single pane of glass.
For more information on Cisco Threat Defense, please review the data sheet and read the Cyber Threat Defense 1.1 Cisco Validated Design.
What You'll See
Through Cisco Cyber Threat Defense, security analysts learn about advanced attacks, including:
- Network reconnaissance, which probes the network to exploit attack vectors through custom-crafted cyber threats
- Network interior malware proliferation, which spreads malware across hosts to gather security reconnaissance data
- Command and control traffic, which communications between the attacker and compromised internal hosts
- Data exfiltration, which exports sensitive information back to the attacker, generally through command and control communications
How It Works
Cisco Cyber Threat Defense safeguards your network by:
- Providing threat defense in the network interior, home to the most elusive and dangerous threats
- Helping enable scalable, ubiquitous, and cost-effective security telemetry throughout the network, using NetFlow data
- Simplifying error-prone and expensive manual threat investigation processes
- Using existing Cisco switch, router, and ASA 5500 network footprint
Solution Components
The Cisco Cyber Threat Defense Solution is built on the following components:
- Unique interior network traffic telemetry capabilities of Cisco Catalyst switches, Cisco routers, and Cisco ASA 5500 Series Next Generation Firewalls.
- Network traffic analysis from the StealthWatch System from Lancope
- Identity, security, and application-type contextual information for discerning the target and threat severity from:
- The Cisco Identity Services Engine
- NAT correlation on Cisco ASR 1000 Routers and Cisco ASA 5500 Appliances
- Network-Based Application Recognition (NBAR) on Cisco routers
- The StealthWatch Management Console provides the unified view
Additional Resources
Cyber Threat Defense Overview
(PDF - 420 KB)Cisco Security -- Applied Intelligence for a Risky World
(PDF - 2 MB)Cisco Security -- Gain Visibility Across Attack Continuum
(PDF - 93 KB)Cisco Cyber Threat Defense Solution Overview
Cisco Security Intelligence Operations -- Defense in Depth (Presentation PDF)
(PDF - 3 MB)Release Notes for the Cisco Cyber Threat Defense Solution Version 1.1
(PDF - 1 MB)Detecting BotNet Traffic Guide
(PDF - 2 MB)Detecting Network Reconnaissance Guide
(PDF - 1 MB)Detecting Internal Malware Spread Guide
(PDF - 1 MB)Detecting Data Loss Guide
(PDF - 2 MB)Gaining Visibility and Context Through NetFlow Security Event Logging Guide
(PDF - 940 KB)Gain Visibility in the Data Center with the Cisco NetFlow Generation Appliance Guide
(PDF - 890 KB)ASR 1000 Series NetFlow Configuration Guide
(PDF - 500 KB)Integrating the Cisco Identity Services Engine with StealthWatch 6.3 Guide
(PDF - 1 MB)1.0 Design and Implementation Guide
(PDF - 2 MB)Security for Evolving Threats Executive Perspective
(PDF - 120 KB)Find details about hardware devices, software applications, and specialized components that relate to your networking solution.