Solved: Cyber Vision Anomalies

zohar7471 · ‎02-28-2023

1. Can Cyber vision alert on anomalies in the machine functioning and not about the way the machine is communicating?

i.e - If the machine is supposed to work at 50 degrees, and for some reason the machine is now working at 100 degrees, will cyber vision alert this?

2.What is the Difference between Cisco Industrial Network Director and Cisco Cyber Vision?

dabehren · ‎02-28-2023

1 - Cyber Vision is able to monitor device details, communications between devices and the variables that are exchanged. However, this is what variables are transmitted, not the value of the variables. In your example of temperature, this would not be a monitored value that would trigger an alert.

2- Cisco Industrial Network Director was developed as a lightweight switch monitoring solution that leveraged some active discovery functionality for the purpose of helping identify where devices were located in the network. It has a limited set of supported protocols, is active only, and is only looking at specific device attributes. It is an application that runs on windows and typically ran from a centralized point in the network. It provides Day 0 switch deployment features as well as very light Day 2 management capabilities (such as modifying the access vlan associated to an interface). Here is an at a glance - https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/industrial-network-director/at-a-glance-c45-737847.html and a quick demo - https://video.cisco.com/detail/video/1682986268343815441

Cisco Cyber Vision leverages full Deep Packet Inspection to decode industrial protocols as well as the ability to leverage active discovery to enhance the device discovery functionality. It distributes both the passive and active discovery functionality in what is referred to as the Cyber Vision Sensor, which runs directly on Cisco's Industrial networking equipment and enterprise class switches, which allows for full visibility across the environment without requiring additional cabling or hardware. More details around this can be found here - https://www.cisco.com/c/dam/m/digital/elq-cmcglobal/witb/2407175/An-Edge-Architecture-Approach-to-Securing-Industrial-IoT-Networks-WP.pdf?ccid=cc002176&oid=wprit022278&dtid=odicdc000509.

Many of the sensors can also leverage Snort IDS functionality. It supports many more protocols - https://www.cisco.com/c/en/us/products/collateral/security/cyber-vision/cyber-vision-protocol-support.html and provides device details as well as information regarding protocol specific details such as commands that are sent within those protocols. Cyber Vision is focused on industrial visibility and does not provide switch management features.

Here is a quick at a glance - https://www.cisco.com/c/en/us/products/collateral/security/cyber-vision/cyber-vision-aag.pdf
and a quick overview - https://www.cisco.com/site/us/en/products/security/industrial-security/cyber-vision/demos.html?socialshare=vod-cybervision

Hopefully that helps, but please let me know if any additional information I can provide.

View solution in original post

dabehren · ‎02-28-2023

1 - Cyber Vision is able to monitor device details, communications between devices and the variables that are exchanged. However, this is what variables are transmitted, not the value of the variables. In your example of temperature, this would not be a monitored value that would trigger an alert.

2- Cisco Industrial Network Director was developed as a lightweight switch monitoring solution that leveraged some active discovery functionality for the purpose of helping identify where devices were located in the network. It has a limited set of supported protocols, is active only, and is only looking at specific device attributes. It is an application that runs on windows and typically ran from a centralized point in the network. It provides Day 0 switch deployment features as well as very light Day 2 management capabilities (such as modifying the access vlan associated to an interface). Here is an at a glance - https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/industrial-network-director/at-a-glance-c45-737847.html and a quick demo - https://video.cisco.com/detail/video/1682986268343815441

Cisco Cyber Vision leverages full Deep Packet Inspection to decode industrial protocols as well as the ability to leverage active discovery to enhance the device discovery functionality. It distributes both the passive and active discovery functionality in what is referred to as the Cyber Vision Sensor, which runs directly on Cisco's Industrial networking equipment and enterprise class switches, which allows for full visibility across the environment without requiring additional cabling or hardware. More details around this can be found here - https://www.cisco.com/c/dam/m/digital/elq-cmcglobal/witb/2407175/An-Edge-Architecture-Approach-to-Securing-Industrial-IoT-Networks-WP.pdf?ccid=cc002176&oid=wprit022278&dtid=odicdc000509.

Many of the sensors can also leverage Snort IDS functionality. It supports many more protocols - https://www.cisco.com/c/en/us/products/collateral/security/cyber-vision/cyber-vision-protocol-support.html and provides device details as well as information regarding protocol specific details such as commands that are sent within those protocols. Cyber Vision is focused on industrial visibility and does not provide switch management features.

Here is a quick at a glance - https://www.cisco.com/c/en/us/products/collateral/security/cyber-vision/cyber-vision-aag.pdf
and a quick overview - https://www.cisco.com/site/us/en/products/security/industrial-security/cyber-vision/demos.html?socialshare=vod-cybervision

Hopefully that helps, but please let me know if any additional information I can provide.

zohar7471 · ‎03-06-2023

How can I know how much storage I need in order to backup Cyber vision Appliance (CV-CNTR-M5S3) with 13 sensors (IC3000-2C2F-K9)? And how can I know required backup size for other Cisco products?