Co -authors: Lou Norman and Erich Stokes
The golden nugget can be considered valuable information that makes sense increases security measures. In cyber security, the identification and use of such gold nuggets can be essential for maintenance of robust safety positions and preventing violations.
Unlocking the power of network telemetry
Network telemetry is a transformative tool for the public sector, acting as a “gold nugget” withhn Cisco Network and other supplier hardware. It provides a lot of knowledge that can mean network management strategies and security strategies. Effective use of telemetry data can get an understanding of network performance, detect anomalies and optimize resource allocation.
This ability not only improves operational efficiency, but also strengthens safety measures, which means robust and resistant to potential threats. Cisco’s Network Telemetry Solutions seizes public sector entities to unlock the full potential of its network infrastructure, management and efficiency in their operations. However, many organizations do not fully use this powerful function.
This blog is structured into three-piece series to facilitate the system of network telemetry.
IN Part 1, “Defining network telemetry”We define network telemetry and provide a solid foundation for the reader a new topic.
IN Part 2, “a deeper dive understanding of network telemetry”We will explore a more comprehensive understanding of network telemetry.
IN Part 3, “Application and Advantages of Network Telemetry”We will move focus on the pratical side, discuss the benefits of network telemetry and how Cisco can help its public sector unlock its potential.
Part 1: Defining network telemetry
As a filling, network telemetry is a transformation tool for the American public sector. It is a technology used to acquire knowledge and includes various techniques for collecting, correlation and consumption with data separation.
According to the Internet Engineering Working Group (IETF), the network telemetry of technology is to obtain network insight and facilitate efficient and automated network management
Any information that can be extracted from networks and used to obtain visibility or as a basis for action is to consider telemetry network. Telemetric data may also include statistics, even records, protocols, status and configuration images that are extracted from networks to provide visibility or serve as a basis for actions. Telemetric data can come from routers, switches, firewall and can even come from public cloud providers such as AWS, Google and Azure.
Advantages of Securing the visibility of network telemetry
Visibility of network telemetry significantly increases safety by providing organizations the ability to identify each entity and monitor all communication in their network. This ability allows organizations to create a basic line of normal behavior for each user or host by understanding who is approaching what information at any time. This basic line is essential for detecting anomalies and potential threats, as it can be created to alert alert when deviations from normal behavior occur. Such visibility of understanding ensures that business can respond quickly to fibers, minimizing their impact on critical information.
By using rich telemetric data, organizations can conduct forensic investigations, understand resources and threat spread and ensure compliance with security policies. This ability is essential to maintain robust security and support efficient network management.
Definition
We define the following types of network telemetry:
Netflow
Netflow is Cisco technology that provides statistics on packets flowing through devices. It is the standard for obtaining operating data from IP networks and providers that enables network and security monitoring, network planning, operation analysis, IP accounting and supported by many sellers
Ipfix
Information about the Internet Protocol flow Export (IPFIX) is a standard IETF export protocol for sending Netflow packets. It is based on Netflow version 9 and is used to export IP flow for purposes such as birthdays, audit and security. IPFIX format Netflow data and transmits information from export to the collector using UDP as a transport protocol. IPFIX is also supported by many suppliers.
NSel
Netflow Secure Event Logging (NSEL) is a type of network telemetry supported by firewally cisco that provides the status method of IP flow tracking. Export records indicating significant events in the flow such as flow formation, flow, flow and flow-upate. It can also provide a translation for connecting NAT and PAT via Firewall.
NSEL generates the periodic events of the flow-update to provide the bytes counter throughout the duration of the flow, similar to the traditional Netflow. These events are triggered by changes in the stream and are used to export the flow status data.
Encrypted Traffic Analytics (ETA)
Patented ETA and CISCO technology is a type of network telemetry that exports useful information about network streams to collectors and provides visibility to the network. ETA is used for increased analysis of telemetry -based threat and malware identification, even in encrypted operation, without decryption.
Visibility Encryption Motor (EVA)
EVE is a technology used by Cisco to check the client’s HELLO part of the Handshake TLS to identify customer processes. EVE also performs a similar function with a quick Internet connection protocol (Quic). Quic is fast than TLS and quickly becomes a selection protocol compared to TLS for many applications. This initial data packet smells on the server helps identify the customer process on the host. EVE uses this fingerprint, along with other data, such as the IP target address, to identify applications, and take the relevant measures such as permit or blocking. It can identify more than 5,000 customer processes and map them on customer applications for access control rules without allowing decrypting.
EVE also used machine learning to process TLS fingerprints and malware samples a day and updated their fingerprints through the database package of Cisco vulnerability. It can block encrypted harmful traffic without outgoing decryption and allows you to create exemption rules by bypassing your block verdict for trusted networks or internal test activities.
NVM
Network’s visibility module is a technology that provides the terminal telemetry by creating continuous improved data information about IP (IPFIX). It offers rich data behavioral users, allowing the direction and volume of the operation, the target of this operation, software processes, and the application present and the endpoint and the details of the device.
NVM telemetry is used to analyze safety risks and breach of endpoints and violations and can be integrated with other safety solutions to understand the visibility of the endpoint.
Network telemetry refers to the collection and analysis of data from network devices to obtain information about network performance, security and use formulas. Cisco network hardware is equipped with the ability to generate different types of telemetry data.
Conclusion
In conclusion, network telemetry serves as a transformation tool for the American public sector by providing understanding of insights of network, security and formulas. IN Part 1 We defined network telemetry from this blog series. IN Part 2 We will carry out a dive to understand network telemetry and discuss how Cisco network hardware, equipped with advanced telemetry capacities, enables organizations to effectively use data, increasing decision -making processes and efficient operation.
The use of telemetry data can actively solve potential threats, optimize resource allocation and ensure compliance with safety principles. This ability not only strengthens safety positions, but also supports efficient management of the comprehensive network environment, which eventually contributes to improving the provision of services and resistance of the public sector.
Resources
Cisco telemetry architecture guide
Cisco Secure Network Analytics + Splunk
Share: