Greater Monitoring and Visibility for your Security Success


Contributing author:
Rohan Naggi, Manager, Product Management Enterprise Cloud, and SD-WAN

Managing network and security needs of a modern enterprise

Today’s digital transformation is fostering the modernization of enterprise networks. It’s very common for an enterprise to mix and match vendors to build its network and security infrastructure just like you would use different sources to build your home entertainment center. With the increasing adoption of different point products, SOC (Security Operations Center) engineers are getting overwhelmed with all the consoles they need to keep track of. They need a way to pool all the information together just like you would use a receiver to connect all the components of your home entertainment center

SIEM (Security Information and Event Management) is the “receiver” used to address this challenge by offering a common console to visualize data. Cisco has collaborated with Splunk, one of the market leaders in the SIEM space, to produce a comprehensive SOC dashboard.

Using Cisco SD-WAN and Splunk to create efficiencies 

Your enterprise solution often has comprehensive logging streams, and your SOC team needs an efficient approach to make sense of all the chaos around them. In addition, it’s becoming increasingly challenging to find and retain security professionals. All this and much more fuel the argument that a SIEM is becoming extremely important in enterprise networks.

Cisco has developed the SD-WAN Splunk application to ensure we are not leaving you ‘high and dry’. The application automatically parses the router’s security logs when they are sent to your Splunk environment and populates the data on a pre-built security dashboard.

How it works  

You can locate and download the application on the Splunk marketplace, Splunkbase, using your existing Splunk license. The Cisco SD-WAN and Splunk integration can be achieved in a few simple steps

Cisco SD-WAN / Splunk Topology
Figure 1 – Cisco SD-WAN / Splunk Topology
  1. Download and install the Cisco SD-WAN Splunk App and App Add-on https://splunkbase.splunk.com/app/6657 à Cisco SD-WAN Splunk App
    https://splunkbase.splunk.com/app/6656 à App Add-on
  2. Under the application settings, add the Cisco SD-WAN IP and port number as a source for the log forwarding

On Cisco SD-WAN vManage, add the Splunk Application IP as a destination to forward logs

Cisco SD-WAN App on Splunkbase
Figure 2 – Cisco SD-WAN App on Splunkbase

Deliver significant insights out of a mountain of alerts

You’re then able to make use of a comprehensive SOC dashboard to visualize all the threats captured by the SD-WAN router.

This will serve as a one-stop shop to gain a holistic view of the security events in your network. You can navigate through charts and graphs to drill down to device-level details and inspect what packet flows triggered a security event. These events are listed in three main sections.

Threat Inspection Dashboard
Figure 3 – Threat Inspection Dashboard

Together, Cisco SD-WAN and Splunk enable you to transform your network and security operations

Enterprises rely on Cisco to build secure and agile networks that can safeguard their users and applications from bad actors and external threats. Just like an amplifier helps your receiver consume all the components of your home entertainment center for the best overall experience, the new Cisco SD-WAN Splunk Application helps enterprises collect vital security analytics and ensure their SOC team is on top of all the security events traversing their network.

 

Additional Resources:

https://blogs.cisco.com/networking/cisco-sd-wan-fabric-is-secops-new-best-friend?oid=pstetr030539

https://blogs.cisco.com/networking/more-sase-options-for-customers-with-cisco-sd-wan-security-sse-and-siem-collaborations

Share:



Source link