<Partner Logo>

Cisco Stealthwatch:
Network Visibility across the Enterprise Network
Partner/Reseller Version

Proposal for <<client>>

November 2019

Example Graphic Only

Please replace with an

appropriate cover page image.
You can also obtain images
from Cisco Partner Marketing.

Suggested image size: 5.2”h x

7.33”w
Layout: “Behind text”
Wrapping

This proposal is being provided by a Cisco authorized reseller utilizing a Cisco solution. Certain technical and other
information in this response may have been provided by Cisco; however, nothing herein shall be construed as a quotation
or offer to contract directly with Cisco. The Cisco logos, trademarks and other information provided by Cisco appear in this
response with Cisco’s permission and are proprietary and confidential information of Cisco Systems, Inc. All other
information, including any pricing information, is provided by the Cisco authorized reseller and not by Cisco, and any

<Insert
Cisco
<<UserName>> ● <<UserPhone>> ● <<UserEmail>> Partner
Logo>
Click Here
relationship resulting from this response will be directly with such reseller and not Cisco.

<Insert
Cisco
<<UserName>> ● <<UserPhone>> ● <<UserEmail>> Partner
Logo>
Click Here
 <clientLogo> <PartnerLogo>

Template Instructions
Template instructions are provided in text boxes as demonstrated below.
NOTE TO USER: THIS IS BOILERPLATE CONTENT. YOU WILL NEED TO
CUSTOMIZE TO FIT THE CUSTOMER’S OBJECTIVES AND CHALLENGES. THIS
PROPOSAL IS PROVIDED AS IS AND MAY NOT BE APPROPRIATE FOR ALL
SITUATIONS.
RESELLER SHALL BE RESPONSIBLE FOR THE CONTENTS OF THIS PROPOSAL.

1. Perform a manual Find and Replace on information found in << >>

including the following fields in order to populate your custom
information:
<<client>>
<<PartnerName>>
<<UserName>>
<<UserPhone>>
<<UserEmail>>
<<UserFirstName>>
2. Remove all yellow highlighted text within the document:
a. Press Ctrl + A to select all text in the document.
b. On the Home tab, in the Font group, click the arrow next to Text
Highlight Color.
c. Select No Color to remove yellow highlight from all text.
3. Insert Partner Logo and Customer Logo in the Header.
4. Delete all text boxes (as appropriate) before submitting to a customer.
5. Select the Table of Contents, press F9 to update or right-click and select
Update Field. Then select one of the following options:
a. Update page numbers only
b. Update entire table
6. Note these best practices:
a. When pasting in text, it is best to select “Keep Text Only” to
preserve the formatting of this document.
b. To add cells to a table, click on the table, and under the Table
Tools > Layout box (for Mac users, select the Tables > Table
Layout tab), select one of the insert row or column options.
c. Utilize the document’s Style formats. They have been

<<PartnerName>> ● CONFIDENTIAL
Cisco Stealthwatch – Partner/Reseller Version
- iii -
 <clientLogo> <PartnerLogo>

Table of Contents
VISIBILITY AND THREAT DETECTION FOR THE ENTERPRISE NETWORK..............1
INTRODUCING THE PROPOSED CISCO STEALTHWATCH....................................1
THE PROPOSED CISCO STEALTHWATCH ADVANTAGE..................................................................2
PROPOSED CISCO STEALTHWATCH BENEFITS............................................................................2
CUSTOMER CASE STUDY...................................................................................................... 3
CUSTOMER TESTIMONIALS.................................................................................................... 3
PROPOSED CISCO STEALTHWATCH DETAILS....................................................4
STEALTHWATCH CLOUD........................................................................................................ 4
Public Cloud Monitoring.............................................................................................. 4
Private Network Monitoring.........................................................................................4
Cisco Stealthwatch Components.................................................................................5
CISCO STEALTHWATCH ENTERPRISE........................................................................................ 5
Cisco Stealthwatch Enterprise Components................................................................6
ADDITIONAL STEALTHWATCH ENTERPRISE LICENSES...................................................................8
DCLOUD DEMONSTRATION.................................................................................................... 9
CISCO CUSTOMER EXPERIENCE OVERVIEW......................................................9
ACCELERATE YOUR SUCCESS................................................................................................. 9
Business Critical Services............................................................................................ 9
FINANCING OPTIONS.....................................................................................9
CISCO CAPITAL................................................................................................................... 9
PRICING...................................................................................................... 11
APPENDICES............................................................................................... 11

<<PartnerName>> ● CONFIDENTIAL
Cisco Stealthwatch – Partner/Reseller Version
- iv -
 Example Graphic Only

You can also obtain images from

Cisco Partner Marketing

Suggested image size: 6.25”w x

1.7”h

VISIBILITY AND THREAT DETECTION FOR THE ENTERPRISE

NETWORK
Today’s enterprise network is more complex and distributed than ever before. New
security challenges arise weekly. The evolving threat landscape, along with growing
trends such as cloud computing and the Internet of Things (IoT), further complicate the
situation. Maintaining full visibility is increasingly more difficult as you add users and
devices to your network.

Network security can go beyond conventional anomaly detection by harnessing the

power of network traffic flow data. Real-time situational awareness of all the users,
devices, and traffic on your extended network allows you to quickly and effectively
respond to threats. You can detect and protect against a wide range of attacks with
continuous monitoring and intelligence.

You can help defend your entire organization with views into everything happening
across your network, data center, and even your data stored in public clouds. Threats
don’t only come from outside the network anymore. Stolen credentials or other
techniques make it necessary to monitor more than just the perimeter or even just your
network.

INTRODUCING THE PROPOSED CISCO STEALTHWATCH

<<PartnerName>> is pleased to propose Cisco® Stealthwatch, which aggregates and
analyzes network telemetry, information generated by network devices, to turn your
network into a sensor. You gain visibility into system traffic flows from the network edge
to the data center, including virtual machines. The proposed Cisco Stealthwatch ® detects
a wide range of network and data center issues, from malicious insiders attempting to
exfiltrate sensitive data to malware spreading internally from host to host. It works with
the entire Cisco router and switch portfolio as well as a variety of security solutions, all
available through <<PartnerName>>, including:
 Cisco Secure Data Center
 Cisco IOS® Flexible NetFlow
 Cisco TrustSec®
security technology
 Cisco ASA with FirePOWER™ Services Next-Generation Firewalls (NGFWs)
 Cisco Identity Services Engine (ISE)

<<PartnerName>> ● CONFIDENTIAL
Cisco Stealthwatch – Partner/Reseller Version
-1-
 Cisco Web Security Appliance (WSA)
 Cisco Security Packet Analyzer

The Proposed Cisco Stealthwatch Advantage

The proposed Stealthwatch uses network data to accelerate and improve anomaly
detection, incident response, and forensics across your entire network. It establishes a
baseline of what’s considered normal behavior and activity on your network. With this
baseline as your primary reference point, you can use the solution to identify anomalous
behavior on your network that may signify an attack. The proposed solution leverages
traffic flows to monitor your entire environment to determine whether policy and
network access violations are taking place.

The proposed solution continuously monitors both north-south and east-west traffic
inside your network to identify traffic patterns that may signal system abuse and insider
threats. This allows you to help identify and defend against zero-day malware, advanced
persistent threats (APTs), DDoS attempts, and other attacks before they cause harm. The
proposed solution’s Stealthwatch Management Console enables you to view and monitor
these traffic flows for anomaly detection.

These are the primary features of the proposed Stealthwatch:

 Deep visibility across the network perimeter, interior, data center, and private and
public cloud
 Simplified understanding of normal network behavior through the use of NetFlow
 Continuous monitoring of devices, applications, and users throughout your
distributed networks
 In-depth forensic investigations and post-incident response with contextual threat
intelligence and detailed, historic audit trails of NetFlow data
 Easy integration with your existing network infrastructure (compatible with non-Cisco
telemetry), Cisco Security Packet Analyzer, Cisco ASA Firewalls, Cisco ISE, Cisco
TrustSec® technology-supported hardware, and a variety of other security solutions,
all available through <<PartnerName>>.

Proposed Cisco Stealthwatch Benefits

The following table describes how the proposed solution can help you achieve your
business objectives.

Desired Business How We Can Make It Happen

Outcome

Accelerate behavioral
anomaly detection and
incident response
• Isolate the root cause of an incident within seconds and
conduct efficient triage for fast mitigation.
• Use NetFlow for advanced security analytics, network
forensics, and security incident management.
• Continuously monitor and detect advanced threats that
have either bypassed existing security controls or originate

<<PartnerName>> ● CONFIDENTIAL
Cisco Stealthwatch – Partner/Reseller Version
-2-
 from within.
Improve network visibility • Reduce risk by seeing when and how users and devices are
connecting to your network, including:
 Conversations within your network
 Communications extending out to the cloud
 Information passing between distributed branch offices
• View large amounts of data being exfiltrated to
unrecognized IP addresses and machines. This includes
visibility of command-and--control (C2) sessions.
• Gain complete visibility in public cloud environments
Fulfill and maintain • Protect intellectual property and proprietary data with PCI
compliance and HIPAA compliance. The proposed solution can assist in
compliance audit trails and help gather information to
accelerate audit compliance.
• Simplify compliance with network segmentation, enterprise-
wide visibility, and enhanced network management.
• Monitor domain name service (DNS) traffic to destinations
outside corporate DNS servers and notify when such traffic
is detected.
• Classify known applications without deep packet inspection
(DPI) by associating server IP and service ports to an
application.

Customer Case Study

Customer Testimonials

<<PartnerName>> ● CONFIDENTIAL
Cisco Stealthwatch – Partner/Reseller Version
-3-
PROPOSED CISCO STEALTHWATCH DETAILS
<<PartnerName>>’s proposed Cisco Stealthwatch describes a suite of products that
work together to provide real-time situational awareness of all users, devices, and traffic
on your extended network. By combining the right components, the proposed solution is
scalable to your specific needs as well. <<PartnerName>> offers the following suite of
products, packages, and features.

Stealthwatch Cloud
Stealthwatch Cloud is a SaaS delivered, web-based solution that provides end-to-end
visibility, behavioral analysis, and threat detection across your private network, public
cloud, and hybrid environments. Stealthwatch Cloud delivers high value notifications of
changes in behavior that it observes on your network without wasting the precious time
of your IT and security personnel. Being web-based, it is platform independent and can
work for any cloud environment including Amazon Web Services (AWS), Microsoft Azure,
and Google Cloud Platform. Stealthwatch Cloud is also capable of monitoring small to
medium-sized private networks and hybrid infrastructures that combine on-premises and
cloud deployments. Stealthwatch Cloud can export threat and behavioral details to a
number of security and web-based services including Datadog, Hipchat, PagerDuty,
Slack and SIEMs and supports standard formats like email and syslog.

Public Cloud Monitoring

Stealthwatch Cloud’s Public Cloud Monitoring provides the visibility and threat detection
capabilities you need to keep your workloads highly secure in public cloud
infrastructures. It is a cloud-delivered, SaaS-based solution that can be deployed easily
and quickly. Within public clouds, Stealthwatch Cloud uses flowlogs to model the
behavior of each cloud resource, a method called entity modeling. It is then able to
detect sudden changes in behavior, malicious activity, and signs of compromise.
Flowlogs are available with no software deployments for your AWS assets, just a
configuration change in your console.

Private Network Monitoring

Stealthwatch Cloud’s Private Network Monitoring (PNM) can deliver the visibility
necessary to detect threats on the network in real time, without the need for expensive
equipment, IT resources, or extensive security staff time. Cisco Stealthwatch Cloud PNM
provides visibility and threat detection for the on-premises network, delivered from a
cloud-based SaaS solution. It is the preferred choice for organizations that want better
awareness and security in their on-premises environments while reducing capital
expenditure and operational overhead.

<<PartnerName>> ● CONFIDENTIAL
Cisco Stealthwatch – Partner/Reseller Version
-4-
 Stealthwatch Cloud Screenshot

Cisco Stealthwatch Components

Component Description

Public Cloud Information is collected from public cloud-based services such as

Monitoring AWS to build usage models for your data in those clouds. Entity
modeling is then applied to watch for sudden changes in
behavior, malicious activity, and other signs of compromise.
Features include:
• SaaS solution delivered from the cloud for simple deployment
• Threat detection in public clouds
• Integration and UI control for Amazon Inspector
• No agents to install
Private Network Stealthwatch Cloud’s PNM can deliver the visibility necessary to
Monitoring detect threats on the network in real time, without the need for
expensive equipment, IT resources, or extensive security staff
time.
Features include:
• Receives a wide variety of network telemetry and logs.
• Integrates with physical networks and private virtual
environments, such as VMWare hypervisor solutions
• Uses the same portal as Public Cloud Monitoring with a
lightweight virtual appliance

Cisco Stealthwatch Enterprise

The Stealthwatch Enterprise package includes the following security solutions:

<<PartnerName>> ● CONFIDENTIAL
Cisco Stealthwatch – Partner/Reseller Version
-5-
 Cisco Stealthwatch Management Console: Provides a single vantage point for
disparate IT groups to see behavioral information of traffic across the network. The
simple at-a-glance interface permits operators to quickly spot trouble and respond
accordingly.

Cisco Stealthwatch Management Console

 Cisco Stealthwatch Flow Collector: Allows for network visibility and security
intelligence across physical and virtual environments to improve incident response.
 Cisco Stealthwatch Flow Sensor: Produces NetFlow data for segments of the
switching and routing infrastructure that do not support NetFlow. It also delivers
thorough visibility of network and server performance metrics. The result is optimized
security, network operations, and application performance.

Cisco Stealthwatch Enterprise Components

<<PartnerName>> offers these components with the following features and benefits:

Component Description
Cisco Stealthwatch The console coordinates, manages, and configures Stealthwatch
Management Console appliances deployed at various segments throughout your
enterprise. The management console can also collect data from
other types of technologies, including firewalls, web proxies,
network access control (NAC) systems, and more. Disparate IT
teams can easily obtain pervasive network visibility and
actionable security intelligence to detect and prioritize security
threats through a single viewpoint. The console is available as a
hardware appliance or a virtual machine.
Features include:
• In-depth visibility and behavior-based context defends against
APTs, malware, insider threats, worms, viruses, targeted
attacks, DDoS attempts, and evolving attacks. Advanced
detection capabilities decrease the time between threat onset
and resolution.

<<PartnerName>> ● CONFIDENTIAL
Cisco Stealthwatch – Partner/Reseller Version
-6-
 • Real-time telemetry delivers data flow for monitoring traffic
across hundreds of network segments simultaneously to
detect suspicious network behavior.
• Robust network intelligence facilitates performance
monitoring, capacity planning, and enhances network
management. It also reduces time-consuming and resource-
intensive manual analysis often associated with other
vendors.
• Network groupings, graphical representations, and
relationship maps deliver simple views of your organization’s
traffic within seconds, illustrating where to focus your
attention.
• Multiple alarm categories and context-based alerts on the
home dashboard provide quick assessments of your
organization’s security posture. This allows for decisive action
to mitigate potential damage.
• Scalable functionality performs well in high-speed
environments and can protect every part of the network that
is accessible by IPs, regardless of size.
Cisco Stealthwatch Telemetry collected from network devices is used to provide
Enterprise deep visibility throughout your extended network. Stealthwatch
Enterprise exposes potential attacks by continuously monitoring
all devices, applications, and users.
Features include:
• Behavioral baseline combined with advanced security
analytics, intelligence, and forensic investigations pinpoint
and detect a wide range of anomalous activity that could
signify an attack.
• Uninterrupted monitoring of both north-south and east-west
traffic as behavioral patterns can prevent lateral movement of
threats.
• Real-time anomaly detection accelerates incident response
times.
Cisco Stealthwatch The flow collector collects and analyzes massive amounts of
Flow Collector network data from your current devices. The result is visibility
and security intelligence across physical and virtual
environments, improving incident response. Flow Collector
provides cost-effective behavioral analytics and advanced
security context. This enables early anomaly detection, quick
root-cause determination, and enhanced protection for a wide
range of threats, including APTs, insider threats, DDoS, and zero-
day malware. The solution is available as a hardware appliance
or a virtual machine.
Features include:
• Flow-based anomaly detection pinpoints unusual behavior and
immediately sends an alarm with actionable intelligence,
promoting quick and decisive mitigation.
• Stitched, duplicated, and 1:1 flows simplify network and
security monitoring. In addition to detecting anomalies in real
time, the solution can store years of data, creating a complete
audit trail to improve forensic investigations and compliance.

<<PartnerName>> ● CONFIDENTIAL
Cisco Stealthwatch – Partner/Reseller Version
-7-
 • Easy upgrading allows you to start small and expand as your
capacity needs change. At full scale, Flow Collector can
process data from as many as 50,000 flow sources at up to 6
million flows per second (FPS).
Cisco Stealthwatch This component provides robust visibility of network, application,
Flow Sensor and server performance metrics. The flow sensor gives you a
(optional) cost-effective method of troubleshooting both security incidents
and application performance problems, while eliminating
dangerous network blind spots. It can provide L7 application
information for environments where Cisco Network-Based
Application Recognition (NBAR) is disabled. The solution is
available as hardware appliances or as software for monitoring
virtual machine environments.
Features include:
• Network anomaly alerts pinpoint unusual behavior and
immediately send alarms with contextual intelligence,
allowing you to act quickly and mitigate damage.
• URL data allows administrators to see exactly which websites
users are going to, including the file path. This improves the
identification of applications causing performance or security
problems.
• Enhanced operational efficiency reduces costs by identifying
and isolating the root cause of an issue or incident within
seconds.
User Datagram The UDP Director simplifies the collection and distribution of
Protocol (UDP) network and security data across the enterprise. It helps reduce
Director the processing power on network routers and switches by
receiving essential network and security information from
multiple locations and then forwarding it to a single data stream
(optional)
to one or more destinations.
Features include:
• Reduces unplanned downtime and service disruption on the
high availability UDP Director 2200 appliance.
• Simplifies network security and monitoring by providing a
single standard destination for NetFlow, SFlow, syslog, and
SNMP information.
• Directs UDP data from any UDP application to one or more
destinations, duplicating the data if required.

Additional Stealthwatch Enterprise Licenses

Stealthwatch Enterprise also has additional licenses available through
<<PartnerName>> to enhance its performance when interacting with other Cisco
Security products.
 Flow Rate License: Required for the collection, management, and analysis of flow
telemetry and aggregates flows at the Management Console. The Flow Rate License
also defines the volume of flows that may be collected and is licensed based on FPS.
Licenses may be combined in any permutation to achieve the desired level of flow
capacity.

<<PartnerName>> ● CONFIDENTIAL
Cisco Stealthwatch – Partner/Reseller Version
-8-
 Cisco Stealthwatch Proxy License: Delivers additional network visibility and
anomaly detection capabilities from proxy servers to your management console. This
license enables the correlation of information sent from the proxy servers and
provides information about web traffic being intercepted by the proxy server,
enabling deeper visibility into web traffic.
 Cisco Stealthwatch Threat Intelligence License: Correlates flow data to provide
enhanced detection capabilities for advanced malware, including botnet activity.
Botnet detection functionality includes in-depth traffic reporting and analysis of C2
communications.
 Cisco Stealthwatch Learning Network License: Identifies traffic at the network
device level using network based application recognition, localized network flow data,
and machine learning sensors. This software resides on select Integrated Services
Router (ISR) 4000 series routers. This helps you to make informed decisions to flag or
drop suspicious packets, enabling accelerated incident response and device level
mitigation.
 Cisco Stealthwatch Endpoint License: Allows for the collection of application data
by integrating with Cisco AnyConnect® Secure Mobility Client. The endpoint license
receives input from Cisco AnyConnect Secure Mobility Client and forwards that data
to Stealthwatch for analysis and reporting in the Stealthwatch Management Console.

dCloud Demonstration
Experience the proposed solution’s components with cloud-based demonstrations. See
for yourself on Cisco dCloud how they can benefit you. Get started with dCloud today or
contact <<PartnerName>> at <<UserEmail>> or <<UserPhone>> for dCloud
demonstration details.

CISCO CUSTOMER EXPERIENCE OVERVIEW

Accelerate Your Success
<<PartnerName>> provides access to Cisco Customer Experience, a portfolio of service
offerings designed to help you achieve the business outcomes you seek from your
technologies and next-generation infrastructure—faster.

Get things done more quickly by speeding up design, deployment, and adoption to
maximize the results of your technology projects while also minimizing risk. Gain the
value of technology and intelligence that enables you to anticipate problems, optimize
operations, and accelerate technology transitions.

Save time, deliver better service levels, and enable scaling by automating infrastructure
management. Develop talent and equip your team with resources, new skills, and
professional certifications. Enjoy the many benefits of having industry-leading expertise
on your side

Cisco Customer Experience can help you do it all.

<<PartnerName>> ● CONFIDENTIAL
Cisco Stealthwatch – Partner/Reseller Version
-9-
Business Critical Services
<<PartnerName>> is pleased to offer Cisco Business Critical Services, Cisco’s next
generation of optimization services. They combine the company’s unrivaled engineering
expertise with integrated analytics and automation to enable you to predict
opportunities, preempt risks, and navigate pivotal technology transitions. Organized
across three themes—Foundation, Acceleration, and Transformation—these services can
assist in meeting your needs at any stage of your digital transformation journey.

Cisco experts help you ensure a secure, efficient, and agile infrastructure with less risk,
while enabling business growth and increased productivity. Services cover Analytics,
Automation, Design Engineering, Compliance and Remediation, Security, and more, with
Cisco expert recommendations on how to align with best practices as you optimize your
technologies. Cisco Business Critical Services can accelerate your IT transformation and
help you realize the high-impact business outcomes you seek.

With this support from the start, you can be better poised for success.

FINANCING OPTIONS
Cisco Capital
<<PartnerName>> offers Cisco Capital® financial services which provide maximum value to
customers through industry-leading vendor financing that enable desired business
outcomes. Cisco capital offers tailored solutions for Cisco hardware, software, services
and licenses that can be customized based upon the specific needs of each customer –
including migration options, competitive rates and flexible terms.

Make the most out of your IT budget. Cisco Capital’s flexible and innovative payment
solutions make it easier for you to grow your business and go to market faster with Cisco
technologies. Cisco Capital is:

 Flexible: Whether consumption models or pay-as-you go, it offers more payment

options to drive your business outcomes.

 Innovative: Cisco’s adaptable solutions offer new ways to consume and deliver
digital transformation and stay up to date with technology.

 Agile: Get the technology you need to quickly adapt to market dynamics, make
faster decisions and boost ROI.

 Customized: Get customized terms up to five years with leasing or financing

options, as well as payment deferrals to help align to budget cycles and ROI goals.

 Competitive: Cisco offers aggressive residuals on Cisco hardware that can lower
your overall solution cost and below-market rates for Cisco subscription-based
services.

For more information, please visit: www.cisco.com/go/financing

<<PartnerName>> ● CONFIDENTIAL
Cisco Stealthwatch – Partner/Reseller Version
- 10 -
PRICING
<Note to user: Insert bill of materials (BOM) / pricing details, or remove this
section as appropriate.
If applicable, be sure to provide a BOM summary before inserting a BOM /

APPENDICES
<Note to user: Use this section to respond to customer questions, provide
any additional information, or remove this section as appropriate.>

<<PartnerName>> ● CONFIDENTIAL
Cisco Stealthwatch – Partner/Reseller Version
- 11 -