Firewall Logs Integration, Expanded Response Management, and Other Enhancements
Secure Network Analytics (SNA) Release 7.5.0 is mostly obtainable as of January 22, 2024. All present clients are eligible to improve and may have a look at the launch notes to raised perceive the improve course of and any further issues.
SNA is Cisco’s Network Detection and Response resolution. SNA supplies enterprise-wide community visibility to detect and reply to threats in real- time. The resolution constantly analyzes community actions to create a baseline of regular community conduct. It then makes use of this baseline, together with non–signature-based superior analytics that embrace behavioral modeling and machine studying algorithms, in addition to international risk intelligence to establish anomalies and detect and reply to threats in real- time. Secure Network Analytics can shortly and with excessive confidence detect threats similar to Command-and-Control (C&C) assaults, ransomware, Distributed-Denial-of-Service (DDoS) assaults, illicit cryptomining, unknown malware, and insider threats. With an agentless resolution, you get complete risk monitoring throughout your complete community site visitors, even when it’s encrypted.
This launch delivers the innovation and value that clients count on from the platform. By instantly integrating firewall logs, bettering response administration, and updating the platform to satisfy the newest certification mandates, launch 7.5.0 combines important platform growth with new options and enhancements.
Firewall Logs Generate Events in Secure Network Analytics
Given their location on the fringe of the community, firewalls see an unlimited quantity of site visitors and behaviors which may be indicative of an assault. In this launch, Secure Network Analytics can take logs instantly from Cisco Firewall Management Center (FMC), Firewall Threat Defense (FTD) and ASA. These logs are transformed right into a format that appears like NetFlow however doesn’t rely in opposition to your flows per second (FPS) license. Enabling this configuration provides additional perception into your site visitors patterns, dangers, and the scope of an assault.
New Response Management Actions
Automated responses enhance the workflow for Security Operations Center (SOC) analysts and are a core element of our Network Detection and Response resolution. By offering flexibility for a number of response actions, SOC analysts can guarantee correct motion is taken based mostly on a selected alert sort. This launch provides Central Analytics detections to Response Management workflows, together with the flexibility to ship e mail, syslog, risk response, or webhook.
Data Enrichment from Secure Network Analytics to Cisco XDR
With the 7.5.0 launch, safety occasions contribute instantly into XDR investigations. Also, XDR response actions can now be utilized to alerts.
Other Enhancements
Additionally, this launch supplies enhancements to the general safety and value of the platform. Secure Network Analytics can obtain the certifications required by clients, together with DODIN-APL, FIPS 140-3, Level 1, Common Criteria, USGv6, and IPv6 prepared Logo. Some of those enhancements embrace:
- TLS 1.3: TLS 1.3 is now supported, and TLS 1.2 remains to be supported. These protocols needs to be used for inter-appliance and exterior TLS connections, and will be configured in SystemConfig to be TLS 1.3 solely or each TLS 1.2 and 1.3
- Root entry restriction: Root entry has been eliminated. TAC may have entry for troubleshooting functions utilizing the Cisco Consent Token mechanism by way of SystemConfig.
- New SystemConfig workflows: New workflows added that non root person sysadmin can motion, together with Diag Packs, License Reservation, Data Store operations, and extra.
- MongoDB improve: Moved to a model that makes use of an already obtainable package deal quite than a custom-built model.
In addition to those enhancements –now we have improved certificates rotation and administration, IPv6 help, and help for M4, M5, and M6 home equipment.
By simplifying workflows, rising compliance, and increasing detections, Secure Network Analytics Release 7.5.0 continues to show its worth as a central element of your SOC. We encourage you to evaluation the discharge notes and communicate along with your native Cisco supplier to start planning your improve.
We’d love to listen to what you suppose. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!
Cisco Security Social Channels
Instagram
Facebook
Twitter
LinkedIn
Share: