Professional Documents
Culture Documents
Oct 2019
Global
#GST #CISCOVT #CISCOSE
Sales Training
Prevent where you can,
Block what you know,
For the rest, there’s Stealthwatch
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
At the end of this session, you should
be able to:
• Understand Stealthwatch Focus for
FY20
• State upcoming Stealthwatch
roadmap items
Key Learning • Communicate the vision for logging
Objectives and analytics for NGFW
• Know how to position the latest
Stealthwatch Professional Services
offering
• Access Stealthwatch REST API
content on DevNet
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Today’s Agenda
Stealthwatch FY20 Focus
Stealthwatch FY20
Releases – SWE & SWC
Stealthwatch Professional
Services & DevNet
Summary
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Stealthwatch
Prof. Services
FY20 Focus FY20 Releases CSAL
+ DevNet
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
FY20 Strategy Summary
Strategic Imperatives
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
PCM Addresses Public Clouds and Web-scale Apps
FY20: Expanded Marketplace Presence
PUBLIC
CLOUDS
FY20: IaaS Telemetry FY20: Cloud Event Management
Expansion Integration
ON-PREM NETWORK
PRIVATE
CLOUD HQ
Network
Stealthwatch Users
Cloud
Serverless Data Center
SWC
Container FY20: Compliance Support Sensor
Virtualization Admin
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Stealthwatch Vision Stealthwatch
Today
Stealthwatch
Enterprise Cloud
• Respond to the market
direction toward SaaS
services Consistent
Common User product
95% Helpful,
• Support on-prem Actionable
Experience
Use cases/
integrations
across Cisco
Shared Alerts
preferences of larger Workflows Products and
Clouds
companies
• Achieve broad integration Stealthwatch
across the Cisco portfolio
SaaS Delivery On-Prem Delivery
• Provide customers with a
unified experience Tomorrow
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
The Journey
Continuous Upgrade
Periodic Upgrade
Stealthwatch Stealthwatch
Enterprise On-Premise
Architectural Evolution
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Stealthwatch
Prof. Services
FY20 Focus FY20 Releases CSAL
+ DevNet
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Two FY20 SWE Feature Releases
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
SWE 7.1.2
• Triple A with TACACs
• TACACS+: Remote Authentication
and Authorization for external
TACACS+ users with manual role
mapping
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
7.2 Smart Licensing
• Only customers with Term licenses
will be able to upgrade to 7.2 and
above.
• All Customers will need to have a
Smart Account and Term licenses
converted
• Smart Licensing will report
consumption and compliance or not
• Customers will be notified of
compliance, but not disabled
• Embedded trial license in SWE will
include a 90 day trial of Threat Intel
(SLIC), Proxy, and CTA
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
7.2 User Interface
• Report/Document Builder
MVP – Custom Dashboards
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
7.2 Response
Management
• Moving Response
management to the web UI
• Including custom alarm
activation of ISE policies
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Response Management
Example: Services Delivering Radware Integration
Stealthwatch 3. DefenseFlow, Attack
LiveCycle Automation
Defense Messaging engine, triggers BGP
Diversion and pushes
Network Protection Policy to
DefensePro in the Scrubbing
Center.
2. Attack Detected by Cisco NOC / SOC
Stealthwatch.
Attack details Reported to
DefenseFlow Automation Engine. NetFlow
BGP
Diversion DefensePro
DDoS Server Farm
Security Policy Inline
1. Volumetric DDoS
Attack targeting Core DDoS
Network & Devices.
DefensePro 4. Attack blocked by
DefensePro in the
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Scrubbing Center Global
Scrubbing Center
Sales Training
7.2 Moving to Web UI
• DSCP Configuration
• Data Retention
Configuration
Alarm Severity
moving from Java •
to Web UI • Services
• Domain Properties
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
7.2 Host Lock Policies
Move to the Web UI
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
7.2 Adding Talos Partnership
Current Next Future
Phase 1 Phase 2 – 7.2 Release
• Joint marketing efforts • Leverage Talos for event • Replace current threat feed
• Joint authoring with SWC and alert context, for all with Talos content and
content customers lookups
• Threat hunting with Cisco • Leverage Talos to augment
Talos and Cisco current Threat Intelligence,
Stealthwatch Cloud for Threat Intelligence
Whitepaper License customers
• FS4240
• 4 x 10G Intel X710
• 2 x 40G FastLinq QL45412HLCU-CI
• User configuration option in UI to use either card but not both simultaneously
• Line rate speeds for either config for base netflow
(ETA or App ID would reduce throughput capacity)
• Future 100G connection capability would be a future new appliance model
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
7.2 Stealthwatch Datastore (ST-DS) Appliance
Queries and reports go Storage with built in HA Single cluster capable of Ability to add on SWC
from several hours to scales to needs without monitoring up to 3 detections and entity
minutes to return results adding FCs. Million+ FPS modelling that is not
vs. standard Stealthwatch possible with FC engine
Capable of adding nodes Capability of monitoring
for long term storage more hosts on each FC
and storing attach connected to cluster
telemetry
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Andrea
Response
Scalable Scale by adding FC Add Storage on Demand
Low Cost Long Term Storage
Storage With Storage High Availability
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
SWC Q1-Q4 FY20 Summary
• Cisco Security Analytics & Logging
• CDO/NGFW: Provide visibility & security
analytics
• Extending ETA to SWC
• Adding Groups and Policy
• Support for SBG SSO
• Integrations with CTR
• ISE beta (user) integration
• Detections & feature parity Azure and
GCP relative to AWS
• Threat Intelligence - Talos
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
FY20 Q1 SWC/CI
Integration
• SWC consumes Cognitive
Confirmed Threat Service (CTS)
• CTS powers new observations
and alerts in SWC
• SWC consumes ETA Telemetry
from CSR, ASR 1K, ASR 4K,
CAT 9K (9300/9400)
• Coming Soon
• Crypto Audit Report
• Official ETA support/EN Packages
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
FY20 Q1 Cisco Secure Sign-On
Secure Identity
Strong security that meets the
highest industry standards
Benefits to
Duo MFA Cisco Security
Centrally protected and managed • Drive portfolio adoption
credentials in one secure portal
• Gain insights into cloud
subscriptions
Seamless workflows • Central landing portal
for POVs and user
One login to access all your apps
and maintain context through flows communications
• Both CDO and SWC have enabled opt-in for Cisco Secure Sign-On on Oct 15, 2019
• Cross-launch between CDO and SWC is therefore seamless and using same credentials
© 2019 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential Global
Sales Training
FY20 SWC
Azure Capabilities
• New Azure roles created include:
ex. Azure Availability Set, Load
Balancer, etc
• New Azure alerts
ex. Permissive Security Group,
Permissive Storage Account
• New Azure functionality on the
roadmap include:
- Abnormal User alerting
- Automating Azure setup
- Integration with Marketplace
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
FY20 Grouping and Policy
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Stealthwatch
Prof. Services
FY20 Focus FY20 Releases CSAL
+ DevNet
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Cisco Security Analytics & Logging
• Receives logs, events, and telemetry from Cisco Store & search logs in the cloud
SBG products (starting with CDO managed FTDs
and on-premise network elements) Security analytics for threats,
policy, and compliance
• Logging is the foundation for platform use cases
• Reporting, archival storage for compliance, forensics
Enrichment for incidents from
• Security analytics is the differentiator network logs
• Threat detection, asset discovery, policy tuning,
compliance validation
• Cisco product easy button, not a SIEM
• Enriches incidents by collecting logs from the network
• Offered in tiered subscriptions & can be white-labeled
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Cisco Security Analytics & Logging Licenses
90-day rolling log retention (at 1, 5, 10, 15 or 25 GB per day) per tenant Commentary
Cisco Defense Orchestrator (Mandatory for all licenses) purchased per Firewall
Logging Estimator
Single
1/3/5 Year Subscription (Required)
© 2019 PID
Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Stealthwatch
Prof. Services
FY20 Focus FY20 Releases CSAL
+ DevNet
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Stealthwatch Professional
Services
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Why Sell Stealthwatch Services
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
“I always introduce services to my customers!
Professional Services ensures Stealthwatch is
properly installed and integrated, and worked
firmly into their security toolset. I know that a
happy customer will be an easy renewal when
the time comes, and it keeps my time free to
hunt for new opportunities. ”
💰
James Gill
Technical Solutions Architect
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
What Customers Are Saying…
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Stealthwatch Customer Maturity Model
Services
• Subject Matter Expert Service
• Stealthwatch Implementation
Subscription Service
• Onsite Knowledge Transfer
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Stealthwatch Asset Discovery
& Classification Service
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Asset Discovery & Classification Service
• Provide maximum value to
customers through
enhanced visibility and
monitoring of asset
connectivity
• Find undiscovered devices
from various sources of
network data
• Dig into communication
vectors with easy-to-read
and interactive charts
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Asset Discovery and Classification Service
ISE and Stealthwatch
Custom reportingHost ISE andStealthwatch
Stealthwatch Host Custom output
Groups
dashboards Groups
host groups connectors
ISEStealthwatch
and Stealthwatch Host
BiFlows
Metadata from “connectors”
Release Groups
6.8.2 and later
Stealthwatch
Server agent logs
host groups - Roadmap
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Cluster Analysis
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Cluster Contents
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Asset Discovery & Classification Service Benefits
• Decrease manual efforts and increase
productivity through automation
• Sort and report on assets continuously
• Help reduce the complexity of
segmentation projects
• Receive detailed charts and connectivity
maps
• Improve policy and access decisions
• Design a more available and optimized
network
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
What’s Included
• Installation of Stealthwatch PoC and analysis software tools
• Data Collection
• Data Analysis for common communication profiles
• Classification rule definition
• Build Segments/Enclaves
• Report generation
• Connectivity vector chart
• Stealthwatch host groups creation
• Enclave population reports
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Quoting, Pricing and Sizing
Quoting Pricing
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
What is DevNet?
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
DevNet Mission
Drive business growth for Cisco and its partners and customers
Build a fiercely loyal community and ecosystem
Make DevNet
Drive industry
Make innovation easy developers
transformation
successful
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
DevNet Community
510,000+ 33,000+
Members Companies
72,500+ 60,000
Learning Labs completed Avg. Monthly Active Users
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
DevNet Data as of July 11, 2018 Sales Training
DevNet Community
PRESIDIO
CenturyLink NETCLOUD AG
DEUTSCHE TELEKOM AG Vodafone GENERAL MOTORS
Purple WiFi Ltd MACROVIEW TELECOM BECHTLE LOGISTIK & SERVICE GMBH
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Data from user profile page, sample size 20K Sales Training
Enabling end-to-end developer success
API Experience Developer Sandbox Training and Tutorials
build learn
</>
developer.cisco.com evolve
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Stealthwatch & DevNet
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Stealthwatch API Documentation
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Stealthwatch API Sample Scripts
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Stealthwatch Code Exchange
Scripts include:
• stealthwatch-csv-tools
• TalosBlacklistImporter
• Sentryo / CyberVision
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Stealthwatch API Forum
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
New! Stealthwatch DevNet Sandbox
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
Coming Soon…
Stealthwatch Learning Labs Stealthwatch Cloud on DevNet
• API Documentation
• Sample Scripts
• Code Exchange
• Learning Labs
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
What to do next?
• Start your DevNet Journey
developer.cisco.com/startnow/
• Stealthwatch DevNet Learning Resources
• Stealthwatch Enterprise REST API
documentation
• Set of Postman collections and Python sample
scripts
• Code Exchange for Stealthwatch Enterprise
• Cisco Forum for Stealthwatch APIs
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training
It’s Survey Time!
Audience feedback is
crucial to continuous
improvement, be sure
to encourage survey
completion at the end
of your session...
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Global
Sales Training