Which of the following is a SaaS subscription that can detect real-time threats on the local network?
A. Cisco Umbrella
B. Cisco Stealthwatch Enterprise
C. Cisco WSA
D. Cisco ESA
E. Cisco Stealthwatch Cloud
Explanation:
Cisco Stealthwatch Cloud is a Software as a Service (SaaS) subscription that can detect real-time threats on the local network. In addition, Stealthwatch Cloud can provide visibility across networks and in the cloud. It works by examining packet metadata and modeling traffic to detect threats. Cisco Stealthwatch is an agentless threat-detection technology that also provides security analysis of network data that it collects and aggregates. There are two different versions of Stealthwatch: Stealthwatch Cloud and Stealthwatch Enterprise.
There are two variations of Stealthwatch Cloud monitoring: Public Cloud Monitoring and Private Network Monitoring. Public Cloud Monitoring can be integrated with other cloud technologies, such as Amazon Web Services (AWS). It can also be integrated with Stealthwatch Enterprise. Private Network Monitoring, on the other hand, monitors and detects threats on the local network even though the service is delivered from the cloud. Private Network Monitoring requires the installation of an appliance on the local network in order to collect metadata.
Stealthwatch Enterprise is not a SaaS subscription. Instead, Stealthwatch Enterprise is a real-time threat detection solution that requires the network installation of a Flow Rate License, Flow Collector, Stealthwatch Management Console (SMC), and Flow Sensor. The Flow Rate License enables the collection and analysis of network data. The Flow Collector relies on NetFlow and IP Flow Information Export (IPFIX) to perform network flow collection and analysis. The SMC enables an administrator to manage Stealthwatch Enterprise. Finally, the Flow Sensor generates flow information for endpoints that do not support NetFlow.
Cisco Email Security Appliance (ESA) is not a SaaS subscription. An ESA is designed to protect against email threats, such as malware attachments, phishing scams, and spam. The Cisco Context Adaptive Scanning Engine (CASE) on an ESA is a contextual analysis technology that is intended to detect email threats as they are received. CASE checks the reputation of email senders, scans the content of email messages, and analyzes the construction of email messages. As part of this process, CASE submits the email sender to the Cisco SenderBase Network, which contains data on hundreds of thousands of email networks. The sender is assigned a score based on this information. The content of the email messaging is scanned because it could contain language, links, or a call to action that is indicative of a phishing scam.
Cisco Umbrella does not detect real-time threats on the local network. Instead, Cisco Umbrella blocks potentially malicious sites from being accessed by clients on the network. Cisco Umbrella, which evolved from OpenDNS, is a Domain Name System (DNS) service that helps protect endpoints by automatically blocking access to known malicious sites on the Internet. Cisco Umbrella identifies threats by gathering information from DNS requests from millions of users, analyzing those requests, and comparing information about those requests against intelligence collected by Cisco Tabs. From a user’s perspective, Cisco Umbrella simply blocks access to sites that it has deemed malicious. Instead of delivering site content to a user’s browser, Cisco Umbrella produces a page indicating that the site has been identified as a security threat and has therefore been blocked.
Cisco Web Security Appliance (WSA) is not a SaaS subscription. A WSA is a standalone web gateway that offers features that can mitigate web-based attacks, enforce acceptable use policies, and provide detailed reporting. A WSA uses reputation filters, Uniform Resource Locator (URL) filtering, and the Cisco Application Visibility and Control (AVC) feature to scan for and prevent attacks. If an attack occurs, a WSA will attempt to mitigate it by using cloud-based security intelligence, such as Talos and/or Cisco Advanced Malware Protection (AMP).