07-01-2019 03:41 AM - last edited on 08-20-2019 10:45 AM by dhuckaby
Hi Experts,
I got a question !
If we have sltealthwatch configured with CTA which can get us C&C flow. Now do we really require SLIC feature?
Regards,
Jay
07-01-2019 03:49 AM
08-06-2019 10:33 AM
It's important to understand the differences in the two approaches; threat intel feed and cloud based data analysis.
The Stealthwatch Threat Intelligence Feed (formerly known as SLIC or Stealthwatch Labs Intelligence Connection) is a IP list that is updated sometimes several times per day based on data from a variety of sources with Cisco and the security industry. That list resides locally on the Stealthwatch Management Console (SMC). When an external IP address in a connection matches an IP on that list an alarm is generated. The process of getting that list from the Internet to the SMC is a download from Cisco. No local SMC data other than the SMC serial number for identification is shared with Cisco.
Stealthwatch Cognitive integration uses both the Flow Collector and the SMC. The Flow Collector identifies connections in it's database that cross the trust boundary defined by Internet gateway. The Flow Collector sends data about connections that cross that trust boundary to Cognitive via an HTTPS tunnel. At Cognitive additional account specific baselines on submitted data are established and the data is used analyzed using a multi layer framework of classifier algorithms. The results are that for each submitted connection a risk score is computed and then sent back to the SMC.
Cognitive holds some processed data and as the classifiers are updated it runs that data through now updated classifiers to determine if the risk score has changed. If it has that info is sent to the SMC.
The Threat Intel feed does not expose any of the customer network and matches very fast.
Stealthwatch with CTA uses cloud based analytics and processing to greatly extend the analysis of customer Internet connection data.
I hope this helps.
05-22-2023 01:18 PM
Hey Brian, can you offer any additional comments on the SLIC, CTA, ETA integrations with SNA? Especially how TALOS fits into the picture?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide