topic RE: StealthWatch in End of Service Products

StealthWatch

Alexandr_P — Thu, 09 Feb 2017 19:53:00 GMT

Hello, all!

Can you tell me, please, what analog of Cisco's StealthWatch we have?

Thank you!

RE: StealthWatch

Zdeněk_Pala — Thu, 09 Feb 2017 20:39:00 GMT

Hi. Extreme SIEM is able to do the same = behavioral analysis based on flows. In advance SIEM is able to correlate flows with logs from firewall and antivirus and more => much better from the false positive point of view. Regards Z.

RE: StealthWatch

Alexandr_P — Thu, 09 Feb 2017 20:39:00 GMT

Hello, Pala!

In Cisco switches work with StealthWatch (Bundle Catalyst 3650, Lancope StealthWatch).
Where switches work with StealthWatch Appliance as a sensor.
We have to do this with IPFIX on our switches G2?
Or there is other way?

Thank you!

RE: StealthWatch

Zdeněk_Pala — Thu, 09 Feb 2017 20:39:00 GMT

We can use flow based switches = does have unsampled NetFlow on each and every port without performance degradation.

We can use X460-G2 = does have ipfix support

We can use any other Extreme Switch with SFLOW support.

Extreme SIEM does support sflow, netflow, jflow, ipfix, cflowd, qflow, raw data...

RE: StealthWatch

Alexandr_P — Thu, 09 Feb 2017 21:43:00 GMT

Another question is - how SIEM integrate with NetSight?

Sorry, but I have little knowledge about Extreme's SIEM.

Thank you!

RE: StealthWatch

Zdeněk_Pala — Sat, 11 Feb 2017 06:10:00 GMT

The integration between Extreme Control (identity and access management / network access management) is done through alarming = if anything changes with the endsystem the syslog message is generated (java application does have bell icon). Extreme SIEM (Qradar) does recognize the format.

The integration between Extreme Analytics (purview) in old versions was done through syslog. in the new version it is through ipfix = from Analytics Engine to SIEM.

Z.

RE: StealthWatch

Tripathy__Priya — Mon, 13 Feb 2017 10:20:00 GMT

Cisco Stealthwatch uses Net flow to provide visibility across the network, data center, branch offices, and cloud. Its advanced security analytics uncover stealthy attacks on the extended network. Stealthwatch helps us use our existing network as a security sensor and enforce to dramatically improve the threat defense. As per extreme standard this can be replaced as s flow in stead of net flow to serve this better.

Please find below the article link to configure s flow on extreme devices:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-sFlow/

RE: StealthWatch

Tripathy__Priya — Thu, 16 Feb 2017 15:49:00 GMT

Hope you got the response which you were looking for. If needed any more info then let us know on this.

RE: StealthWatch

Alexandr_P — Thu, 16 Feb 2017 15:59:00 GMT

Thank you all for information!

For now it's only comparison at the stage of rendering a similar solution.
Only for understanding can we do the similar or not and how we can do this.