Co-authors: Lou Norman and Erich Stokes
Purposes and the Advantages of Community Telemetry
Welcome to Half 3 of this weblog sequence “Defining Community Telemetry.” On this part, we are going to talk about the true worth of community telemetry and discover its wide-raging functions. By leveraging telemetry knowledge, organizations can obtain important enhancements in community administration and safety.
To recap, in Half 1, we mentioned how community telemetry is a transformative instrument for the US Public Sector, offering complete insights into community efficiency, safety, and utilization patterns.
In Half 2, we mentioned how community telemetry performs an important function in enhancing safety response instances by offering detailed insights into community actions.
As we dive deeper in Weblog 3, proceed to think about telemetry knowledge like a Golden Nugget for a community administrator. Simply as a prospector sifts by way of filth to seek out treasured metals, analyzing telemetry knowledge to extract worthwhile data can improve community safety and efficiency. Think about the immense worth when a community administrator uncovers hidden insights inside a community and discovers gold.
Harnessing the Energy of Telemetry
The true worth of community telemetry lies in its functions. By leveraging telemetry knowledge, organizations can obtain:
- Enhanced Community Visibility: Telemetry gives real-time insights into community efficiency, permitting organizations to watch visitors patterns, detect anomalies, and optimize community sources. This visibility is essential for figuring out potential points earlier than they escalate into main issues.
- Improved Safety Posture: Telemetry knowledge permits proactive risk detection by constantly monitoring community actions and figuring out deviations from regular habits. This functionality helps in decreasing response instances to safety incidents and enhances the general safety operations by offering detailed insights into community actions.
- Environment friendly Community Administration: With telemetry, organizations can automate community administration duties, resembling visitors engineering and capability planning, by utilizing detailed knowledge on community utilization and efficiency. This automation reduces handbook intervention and improves the effectivity of community operations.
Telemetry and the Cisco Safety Portfolio
Instruments like Safe Community Analytics (SNA), Telemetry Dealer, XDR, Safe Workload, ThousandEyes, Catalyst Heart, Meraki Dashboard, Id Companies Engine (ISE), Hypershield, and Splunk devour telemetry knowledge to detect anomalies, determine threats, and supply actionable insights for safety groups.
Cisco Safety Portfolio – Telemetry Utilization
| Utility Information | |
| Cisco Safe Workload | Cisco Safe Workload leverages telemetry knowledge to supply complete visibility into utility workload flows and interactions. By accumulating metadata fairly than full packets, the platform ensures low bandwidth utilization whereas providing detailed insights into communication patterns and dependencies throughout on-premises and cloud environments. This telemetry knowledge is essential for figuring out coverage violations and potential threats, enabling organizations to take care of compliance and scale back the assault floor in advanced, hybrid multi-cloud environments.
Safe Workload’s means to course of telemetry knowledge shortly permits for real-time monitoring and alerts in opposition to unauthorized habits. Safe Workload integrations guarantee constant coverage enforcement from the info heart to the cloud, enhancing the platform’s means to supply a holistic view of the community. This integration helps agile utility growth and deployment whereas sustaining a powerful safety posture. |
| Cisco Hypershield | Cisco Hypershield leverages superior telemetry knowledge to reinforce safety by integrating AI-native structure immediately into community and workloads. This integration is facilitated by way of Tesseract Safety Brokers and network-based enforcers, which offer deep visibility and enforcement capabilities. These elements monitor community connections, file and system calls, and kernel capabilities, producing event-based telemetry that’s processed in real-time. This telemetry knowledge is used to assemble behavioral graphs, that are dynamic fashions of community habits that allow utility fingerprinting and inform risk detections. By processing telemetry immediately on the edge, Hypershield minimizes knowledge load and enhances real-time decision-making, decreasing risk detection and response instances.
Hypershield’s twin knowledge aircraft know-how permits for the testing and validation of latest software program upgrades or coverage adjustments utilizing dwell visitors with out impacting the manufacturing setting. This strategy ensures that updates could be deployed extra continuously and with larger confidence, sustaining strong defenses in opposition to rising threats. The system’s AI-powered administration automates safety coverage lifecycles and infrastructure upgrades, permitting safety groups to work extra effectively by automating advanced evaluation and decision-making processes whereas sustaining human oversight. This complete use of community telemetry ensures that Hypershield gives steady safety and excessive efficacy in risk detection and response. |
| Community Cloud | |
| Cisco Safe Community Analytics (SNA) | Cisco SNA leverages the facility of community telemetry by utilizing it as a wealthy knowledge supply to supply complete visibility throughout all the community, together with non-public and public clouds. By analyzing community actions, it creates a baseline of regular habits and employs superior analytics, together with behavioral modeling and machine studying, to detect anomalies and threats in real-time.
This agentless resolution makes use of present community infrastructure to watch visitors, even when encrypted, enabling organizations to detect threats resembling Command-and-Management assaults, ransomware, and insider threats with excessive confidence. This strategy transforms the community right into a proactive safety sensor, enhancing risk detection and response capabilities with out the necessity for extra probes or sensors. |
| Cisco Id Companies Engine (ISE) | Cisco ISE harnesses the facility of community telemetry by integrating intelligence from throughout the safety stack to turn out to be the coverage determination level in a zero-trust structure. This integration permits Cisco ISE to routinely uncover, profile, authenticate, and authorize trusted endpoints and customers connecting to the community infrastructure. By leveraging telemetry knowledge, Cisco ISE can dynamically develop and preserve risk-based insurance policies that guarantee solely trusted customers and units acquire entry to community sources. This strategy strikes safety past preliminary authentication, sustaining belief all through all the session.
Safe Community Analytics (SNA) integrates with Cisco ISE and enhances community visibility and management. This integration permits directors to constantly monitor, analyze, and categorize host and consumer data from the community. SNA can detect anomalous behaviors and challenge alerts, enabling fast risk containment by way of Cisco ISE. This functionality gives a complete view of community exercise, serving to to determine a variety of threats, together with malware and insider threats, thereby enhancing general safety posture. Cisco ISE can incorporate and share this contextual details about endpoints with different Cisco merchandise and over 200 different distributors resolution to complement and quantify resolution efficacy for making crucial choices on whether or not visitors is malicious so it may be blocked in actual time. |
| Splunk | Splunk, in collaboration with Cisco Safe Community Analytics (SNA), leverages community telemetry to reinforce safety by utilizing the community as a sensor. This strategy permits SNA to devour circulation knowledge immediately from the infrastructure, offering complete visibility into community actions with out further probes or sensors. The combination of superior behavioral analytics and machine studying permits the identification of suspicious and malicious actions, delivering high-fidelity safety insights immediately into the Splunk platform. This functionality reduces knowledge volumes by compressing uncooked community telemetry, making it simpler for safety groups to know and reply to threats successfully.
Moreover, the seamless integration of SNA with Splunk Enterprise Safety (ES) enhances risk detection and incident response capabilities with out rising prices. This unified resolution is good for enterprises with mature safety operations, regulated industries, and authorities companies, providing a complete, cost-effective strategy to community safety and incident response. By supporting AWS and Azure telemetry, the answer additionally gives safety for hybrid environments, making certain strong safety throughout each on-premises and cloud infrastructures. |
| Cisco Telemetry Dealer | Cisco Telemetry Dealer is a robust instrument designed to optimize the administration of community telemetry knowledge. It acts as a utility to duplicate, remodel, and filter community telemetry flows, thereby simplifying the consumption of telemetry knowledge for business-critical instruments. The dealer can route and replicate telemetry knowledge from a supply location to a number of vacation spot shoppers, permitting for fast on-boarding of latest telemetry-based instruments. It additionally gives fine-grain management over what knowledge shoppers can see and analyze by filtering pointless knowledge, which will help scale back prices related to sending knowledge to costly instruments. Cisco Telemetry Dealer transforms knowledge protocols from the exporter to the patron’s protocol of selection, enabling instruments to devour a number of knowledge codecs seamlessly.
One of many key options of the Cisco Telemetry Dealer is its means to rework AWS VPC circulation logs and Azure NSG circulation logs into IPFIX format, which might then be ingested into Cisco Safe Community Analytics (SNA) on-premises. This transformation functionality expands the info assortment capabilities of Safe Community Analytics by permitting it to ingest and analyze community telemetry from nonstandard sources. By changing these cloud-based telemetry sources right into a format suitable with on-premises instruments, the Cisco Telemetry Dealer enhances visibility and evaluation capabilities throughout hybrid cloud environments. This performance is essential for organizations seeking to preserve complete community safety and efficiency monitoring throughout numerous environments. |
| Cisco Meraki Dashboard | The Cisco Meraki Dashboard harnesses the facility of community telemetry by offering an intuitive and interactive internet interface that connects customers to a number one cloud IT platform. This platform permits for complete community administration and monitoring, providing real-time insights into community efficiency and well being. By leveraging telemetry knowledge, the Meraki Dashboard permits directors to achieve visibility into community visitors, gadget standing, and utility efficiency, which facilitates proactive community administration and troubleshooting. This functionality is essential for sustaining optimum community efficiency and making certain a seamless consumer expertise. The Meraki Dashboard integrates superior options resembling synthetic intelligence and machine studying to reinforce community administration. These applied sciences optimize community effectivity, automate administration duties, and decrease potential bottlenecks throughout peak utilization instances. The dashboard’s means to supply detailed telemetry knowledge helps sustainability initiatives by permitting directors to watch and handle power utilization successfully, thus contributing to organizational sustainability objectives. This integration of telemetry with AI-driven insights ensures that community operations aren’t solely environment friendly but additionally aligned with broader enterprise targets. Moreover, the mixing between Cisco XDR and Meraki MX creates a bi-directional circulation of knowledge, enhancing each safety and community operations by offering worthwhile insights and enabling proactive risk monitoring. |
| XDR/Risk Intelligence | |
| Cisco XDR | Cisco XDR leverages community telemetry by accumulating and correlating knowledge from numerous sources, together with on-premises networks and public clouds. This allows the identification of hosts, understanding of regular host habits, and technology of alerts when gadget habits adjustments in a way related to community safety. By ingesting public cloud logs and integrating with Cloud Service Supplier APIs, Cisco XDR can detect adversary habits and infiltrate deep into a corporation’s cloud setting. The XDR Connector ingests community telemetry from sources like circulation knowledge and NGFW log data, sending it to a SaaS-based knowledge repository for evaluation and correlation, which boosts risk detection and response capabilities. Cisco XDR’s integration capabilities prolong throughout a number of safety domains, together with community, cloud, endpoint, e-mail, id, and functions, offering unified visibility and deep context into superior threats. This integration helps scale back time-consuming false positives and enhances the effectivity of safety operations. The Cisco Safe Cloud Analytics (SCA) Community Detection and Response (NDR) has been built-in into Cisco XDR as an embedded part, enhancing risk detection capabilities by incorporating agentless behavioral and anomaly detection. The NDR part inside XDR makes use of historic community knowledge to enhance risk looking, forensic audits, and incident response. Cisco’s XDR/SCA options are designed to ingest NetFlow, IPFIX, and ETA knowledge from on-premises Cisco Telemetry Dealer (CTB), offering complete visibility and analytics capabilities. The CTB facilitates the transformation of AWS VPC and Azure NSG circulation logs into IPFIX format, enabling seamless integration with on-premises safety instruments. This functionality extends to cloud environments, together with AWS, GCP, and Azure, making certain that numerous telemetry knowledge could be successfully utilized for enhanced safety monitoring and risk detection. |
| Networking | |
| Cisco ThousandEyes Site visitors Insights | The Cisco ThousandEyes Site visitors Insights leverages telemetry knowledge to supply complete visibility into community efficiency and safety. By accumulating and analyzing telemetry knowledge, ThousandEyes can monitor visitors flows throughout numerous community layers, together with the web, cloud, and enterprise networks. This knowledge is essential for figuring out efficiency bottlenecks and potential safety threats, permitting organizations to proactively handle and optimize their digital experiences.
Telemetry knowledge, which incorporates statistics, occasion information, and logs, is used to achieve insights into community habits and efficiency. This knowledge helps in establishing a baseline of regular community exercise, which is crucial for detecting anomalies that would point out safety threats. By constantly monitoring and analyzing this knowledge, ThousandEyes can present actionable insights that assist in decreasing the imply time to determine and resolve points, thereby enhancing the general safety posture of a corporation. |
| Cisco Catalyst Heart | Cisco Catalyst Heart leverages community telemetry to reinforce community administration and operational effectivity. By using telemetry, Catalyst Heart gives a centralized platform for monitoring and managing community efficiency. It collects and analyzes knowledge from numerous community units, resembling routers and switches, to supply real-time insights into community well being and efficiency. This steady streaming of telemetry knowledge permits for proactive identification and determination of community points, decreasing downtime and enhancing general community reliability. The platform’s means to combine with third-party functions additional enhances its capabilities, enabling automated workflows and improved IT operations.
Catalyst Heart’s use of telemetry extends to safety and compliance. By offering detailed visibility into community visitors and gadget habits, it helps in detecting and mitigating safety threats. The telemetry knowledge is used to ascertain baselines of regular community habits, permitting for the identification of anomalies that will point out potential safety breaches. This functionality is essential for sustaining a safe community setting, because it permits steady monitoring and fast response to threats. The combination of telemetry with Cisco’s broader safety options ensures that community safety is maintained with out compromising efficiency. |
Unleashing the Energy of Telemetry
Now that you simply perceive the worth of community telemetry and the way it integrates with the Cisco Safety portfolio serving to you obtain important enhancements in community administration and safety, we are able to transfer ahead and clarify how one can unleash the facility of telemetry – particularly for the wants of the general public sector.
Optimize Community Efficiency
Optimizing community efficiency entails leveraging community telemetry knowledge to achieve complete insights into the community’s operational standing. Telemetry knowledge gives real-time visibility into community visitors, gadget habits, and utility efficiency, permitting community directors to watch and troubleshoot points successfully.
By constantly streaming knowledge from community units, telemetry permits the identification of bottlenecks and potential efficiency points earlier than they affect the community’s effectivity. This proactive strategy permits for well timed interventions, resembling adjusting visitors flows or upgrading infrastructure, to make sure optimum community efficiency.
Moreover, community telemetry knowledge performs an important function in planning for future progress. By analyzing historic and real-time knowledge, community directors can forecast useful resource wants and optimize capability planning. This ensures that the community can accommodate rising calls for with out compromising efficiency.
Telemetry knowledge additionally aids in understanding utilization patterns and developments, enabling knowledgeable choices about scaling community infrastructure and deploying new applied sciences. General, using telemetry knowledge in community efficiency optimization results in a extra resilient, environment friendly, and scalable community setting.
Enhance Operational Effectivity
Enhancing operational effectivity entails leveraging detailed insights into community utilization and efficiency to streamline operations, scale back prices, and improve consumer experiences. By analyzing community knowledge, organizations can determine inefficiencies and bottlenecks, permitting them to optimize useful resource allocation and utilization.
This proactive strategy not solely minimizes waste but additionally ensures that community sources are used successfully, resulting in price financial savings. Moreover, enhanced visibility into community efficiency permits faster identification and determination of points, decreasing downtime and enhancing reliability. Because of this, customers expertise a extra seamless and responsive community, which contributes to general satisfaction and productiveness.
Conclusion
Community telemetry is a robust characteristic embedded inside your Cisco community {hardware}, providing a wealth of insights that may remodel your community administration and safety methods. By understanding and leveraging this Golden Nugget, organizations can unlock new ranges of effectivity, safety, and efficiency.
Empowering US Public Sector Clients with Telemetry
Cisco is devoted to empowering US public sector prospects by providing strong community telemetry options. By means of complete help and revolutionary applied sciences, Cisco assists organizations in seamlessly integrating telemetry knowledge into their present workflows.
This integration permits for enhanced decision-making capabilities, enabling these organizations to proactively tackle potential threats and optimize their operations.
By leveraging telemetry, public sector entities can acquire worthwhile insights into their community environments, making certain they continue to be safe and environment friendly of their operations. Cisco’s dedication to offering tailor-made options ensures that public sector prospects can totally harness the facility of telemetry to fulfill their distinctive wants and challenges.
Sources
Share: