Secure Cloud Analytics formerly known as Stealthwatch Cloud PNM provides visibility and security monitoring for on-premises infrastructure. The solution detects advanced threats and early indicators of compromise by identifying all the entities in the network, modeling network behavior and alerting on behavioral anomalies that are security relevant and should be investigated. This includes a virtual appliance(s) that is installed locally in the network to collect IP metadata, such as Netflow, generated by your switches, routers and firewalls, additionally it can generate flow records by attaching to network ports. The virtual appliance transmits the locally collected data to the service where an advanced model is kept for every entity.
Users get a dedicated portal with unlimited user accounts that is managed by Cisco. Secure Cloud Analytics PNM is also integrated with Secure Cloud Analytics PCM, a public cloud monitoring service, for complete visibility into private and public cloud workloads. A 60-day free trial of Secure Cloud Analytics is available at https://cisco.com/go/secure-cloud-analytics. The solution is billed based on the average number of simultaneous entities we model & maintain.
Example alerts: Potential Database Exfiltration, DNS Abuse, Suspected Botnet Activity, Geographic Unusual Remote Access, Excessive Access Attempts, etc. Also, network reports like top IPs, top ports, active subnets with traffic statistics, etc. are available.