All Endpoint Concentrator functions are now fully managed by the Flow Collectorįigure 1.New NVM reports that are now available in the Report Builder application.
NVM telemetry records can be collected, stored, and queried in the Data Store.Security teams can now gain visibility into activities that they were previously blind to, such as: This gives security practitioners the continuity in visibility that they need by allowing them to monitor remote worker telemetry through the collection and storage NVM endpoint records without the need for NetFlow to gain user and device context. When workers eventually turn their An圜onnect VPNs back on, the Network Visibility Module will phone home and send logs of all their user activities back to Secure Network Analytics. So now, whenever a user works either on-network or remotely – be it at home or a local coffee shop – and thus off-network, without tunneling through a VPN, are optimizing their remote work experience with split tunneling, all their activity will be stored locally. This greatly simplified deployments and enabled customers to obtain more visibility.Starting today, with Release 7.3.2, we’re further extending this capability with the Data Store now supporting all NVM telemetry record collection to offer 100%-complete and continuous remote worker visibility. Complete and continuous remote worker visibilityĬisco Secure Network Analytics began to address this whole “WFH visibility blackout conundrum” with Release 7.3.1 by introducing endpoint Network Visibility Module (NVM) data as a primary telemetry source to provide organizations with continuity in remote worker monitoring and visibility without requiring NetFlow telemetry to be present. SecOps teams were left in the dark and found themselves asking questions like, have any of our users visited malicious URLs? Has anyone “gone rogue”? Are employees exfiltrating sensitive proprietary data? Have users’ devices been unintentionally compromised and are now demonstrating command and control (C&C) activity? Are we facing compliance-related and broader organizational risks due to employees running outdated and vulnerable operating systems that need patching?Ĭomplete. To summarize, visibility evaporated, and meanwhile, organizational risk levels spiked parabolically. This “visibility blackout” led to an explosion in need for remote access from anywhere and on anything, effectively exponentially expanding threat surfaces and increasing opportunities for attackers. Then, fast-forward to March 2020, where practically every organization was hit with a prolonged and complete employee activity visibility blackout. However, back then, although these occasional gaps in visibility did naturally result in minor and temporary increased organizational risks, the overall volume of non-VPN-connected remote work that took place was so low and infrequent that it was considered to be negligible and ignored. Organizations had always historically experienced visibility gaps into employee activities whenever their users were off-VPN while working remotely. To briefly level-set, let’s take a quick step back in time – way back to 2019 before the “work from home (WFH) era” had begun to illustrate the gravity of the paradigm shift that occurred over the past two years and its security implications. It’s no secret that last year’s abrupt exodus away from corporate offices presented organizations with novel challenges related to monitoring and securing their newly remote workforce. We are very excited to announce new Secure Network Analytics features! With release 7.3.2, we have furthered our efforts to extend the zero-trust workplace to anywhere on any device through significant enhancements to Secure Network Analytics’ ability to provide complete and continuous remote worker visibility and have also expanded data collection from integrated Cisco Secure solutions to offer extended visibility beyond the parameters of the traditional network, and more! Preamble: The great network visibility blackout of 2020
0 kommentar(er)
