1. No category

PDF

Data Sheet
Cisco Stealthwatch System
The Cisco Stealthwatch™ system provides industry-leading network visibility and
security intelligence for faster, more precise threat detection, incident response, and
forensic analysis.
Cisco Stealthwatch’s ability to provide extended visibility helps you gain better insight into activities occurring within
your network. You can scale this visibility into the cloud, across the network, at branch locations, in the data center,
and down to endpoints.
At the core of the Cisco Stealthwatch system are the Flow Collector, Flow Sensor, and Management Console.
Additional licenses for added functionality are available. Please review the individual data sheets about these
licenses for more detailed information.
●
Cisco Stealthwatch Cloud License: extends visibility to public, private, and hybrid cloud environments
●
Cisco Stealthwatch Endpoint License: extends visibility to the endpoint
●
Cisco Stealthwatch Learning Network License: extends visibility to the branch using Cisco® Integrated
Service Routers (ISRs)
●
Cisco Stealthwatch Proxy License: extends visibility to proxy servers
Benefits
Through its unique view and analysis of network traffic, Cisco Stealthwatch dramatically improves:
●
Real-time threat detection
●
Incident response and forensics
●
Network segmentation
●
Network performance and capacity planning
●
Ability to satisfy regulatory requirements
System Architecture
Management Console
The Management Console manages, coordinates, and configures Cisco Stealthwatch appliances deployed at
critical segments throughout the enterprise.
The capacity of the console determines the volume of NetFlow data that can be analyzed and presented, as well
as the number of Flow Collectors that are deployed. The console is available as a hardware appliance or a virtual
machine. Tables 1, 2, and 3 list the benefits, models, and specifications of the console, respectively.
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 8
Table 1.
Major Benefits of the Management Console
Benefit
Description
Real-time up-to-theminute data
Delivers data flow for monitoring traffic across hundreds of network segments simultaneously, so you can spot
suspicious network behavior. This capability is especially valuable at the enterprise level.
Capability to detect and
prioritize security threats
Rapidly detects and prioritizes security threats, pinpoints network misuse and suboptimal performance, and
manages event response across the enterprise, all from a single control center.
Management of
appliances
Configures, coordinates, and manages Cisco Stealthwatch appliances, including the Flow Collector, Flow Sensor,
and UDP Director
Use of multiple types of
flow data
Consumes multiple types of flow data, including NetFlow, Internet Protocol Flow Information Export (IPFIX), and
sFlow. The result: Cost-effective, behavior-based network protection.
Scalability
Supports even the largest of network demands. Performs well in extremely high-speed environments and can
protect every part of the network that is IP reachable, regardless of size.
Audit trails for network
transactions
Provides a full audit trail of all network transactions for more effective forensic investigations.
Real-time, customizable
relational flow maps
Provides graphical views of the current state of the organization’s traffic. Administrators can easily construct maps of
their network based on any criteria, such as location, function, or virtual environment. By creating a connection
between two groups of hosts, operators can quickly analyze the traffic traveling between them. Then, simply by
selecting a data point in question, they can gain even deeper insight into what is happening at any point in time.
Flexible delivery options
You can order the Appliance Edition, a scalable device suitable for any size organization; or you can order the
Virtual Edition, designed to perform the same functions as the appliance edition, but in a VMware environment.
Table 2.
Management Console Models
Model
Maximum Number of Flow Collectors Supported
Flow Storage Capacity
Stealthwatch Management Console VE
Up to 5
1 TB
Stealthwatch Management Console
1000
5
1 TB
Stealthwatch Management Console
2000
25
2 TB
Table 3.
Management Console Specifications, by Model
SMC 500 and 1010
Network
1 management port: 10/100/1000BASE-TX, copper
Database capacity
1 TB (RAID 6 redundant)
Hardware platform
R630
Hardware generation
13G
Rack unit (mountable)
1RU
Power
Redundant 750W AC, 50/60 Hz, auto-ranging (100V to 240V)
Heat dissipation
2891 Btus per hour maximum
Dimensions
Height: 1.68 in. (4.3 cm)
SMC 2010
2 TB (RAID 6 redundant)
Width: 17.08 in. (43.4 cm)
Depth: 27.25 in. (69.2 cm)
Unit weight
41 lb (18.6 kg)
Rails
Sliding ReadyRails with cable management arm
Regulatory
FCC (U.S. only) Class A
DOC (Canada) Class A
CE Mark (EN 55022 Class A, EN55024, EN61000-3-2, EN61000-3-3, EN60950)
VCCI Class A
UL 1950
CSA 950
Note:
These specifications apply to Cisco Stealthwatch 6.9.
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 2 of 8
Flow Collector
The Flow Collector provides network visibility and security intelligence across physical and virtual environments to
help improve incident response. The volume of NetFlow telemetry collected from the network is determined by the
capacity of the deployed Flow Collectors. Multiple Flow Collectors may be installed. Flow Collectors are available
as hardware appliances or as virtual machines. Table 4 outlines Flow Collector’s benefits, and Table 5 lists its
specifications.
Table 4.
Major Benefits of the Flow Collector
Benefit
Description
Threat detection
Ingests proxy records and associates them with flow records, delivering the user application and URL information for
each flow, to increase contextual awareness. This process enhances your organization’s ability to pinpoint threats
and shortens your mean time to know (MTTK).
Flow-traffic monitoring
Monitors flow traffic across hundreds of network segments simultaneously, so you can spot suspicious network
behavior. This capability is especially valuable at the enterprise level.
Extended data retention
Allows organizations and agencies to retain large amounts of data for long periods.
Scalability
Performs well in extremely high-speed environments and can protect every part of the network that is IP reachable,
regardless of size.
Deduplication and
stitching
Performs deduplication so that any flows that might have traversed more than one router are counted only once. It
then stitches the flow information together for full visibility of a network transaction.
Choice of delivery
methods
You can order the Appliance Edition, a scalable device suitable for any size organization.
Table 5.
Or you can order the Virtual Edition, designed to perform the same functions as the appliance edition, but in a
VMware environment. This solution scales dynamically according to the resources allocated to it.
Flow Collector Specifications, by Model
FC 1010
FC 2010
FC 4010
FC 5020
Description
Redundant power,
storage, and extra
interfaces for flow
collection on multiple
interfaces. Horsepower
for midsize to large
networks.
Full hardware
redundancy and flowprocessing horsepower
for extremely large
NetFlow, sFlow, or IPFIX
environments.
Massively scalable,
with extensible
storage capabilities
and the capability to
process very high
volumes of flow data.
High-capacity flow-ingestion solution
created for enterprise customers
needing superior performance
capabilities, built on the Cisco UCS®
platform.
Maximum flows per
second*
Up to 30,000
Up to 60,000
Up to 120,000
Up to 240,000
Maximum exporters or
routers
500
1000
2000
4096
Hardware platform
R630
R630
R630
Network
1 management port:
● 1x 1-Gbps dedicated
management port
● 1 x port 10000 SFP+ uplink to
engine/database node
● 2 x Intel i350 Gigabit Ethernet
controller ports (LAN1, LAN2)
10/100/1000BASE-TX, copper
3 monitor or listening ports
Flow storage
● Engine: UCSC-C220-M4S
● Database node: UCSC-C240M4S2
1 TB
2 TB
4 TB
8 TB
(RAID 6 redundant)
(RAID 6 redundant)
(RAID 6 redundant)
(RAID 10 redundant)
Hardware generation
13G
Rack units (mountable)
1RU
Power
Redundant 750W AC, 50/60 Hz, auto-ranging (100V to 240V)
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
2RU
● Engine: 1RU
● Database node: 2RU
● Engine: Redundant 770W
power supplies (1+1)
● Database node: Redundant
1200W power supplies (1+1)
Page 3 of 8
FC 1010
Heat dissipation
FC 2010
FC 4010
FC 5020
2891 Btus per hour, maximum
Engine: 2891 Btus per hour
maximum
Database node: 4100 Btus per hour
maximum
Dimensions
● Height: 1.68 in. (4.3
cm)
● Width: 17.08 in.
(43.4 cm)
● Depth: 27.25 in.
(69.2 cm)
● Height: 1.68 in. (4.3
cm)
● Width: 17.08 in.
(43.4 cm)
● Depth: 27.25 in.
(69.2 cm)
● Height: 3.4 in. (8.7 Engine
cm)
● Height: 1.7 in. (4.32 cm)
● Width: 17.5 in.
● Width: 16.89 in. (43.0 cm)
(44.4 cm)
● Depth: 29.8 in. (75.6 cm)
● Depth: 27.25 in.
Database
node
(69.2 cm)
● Height: 3.43 in. (8.7 cm)
● Width: 17.65 in. (44.8 cm)
● Depth: 29.0 in. (73.8 cm)
Weight
41 lb (18.6 kg)
Rails
Sliding ReadyRails with cable management arm
Regulatory
● Engine: 38 lb (17.24 kg)
● Database node: 65 lb (29.48 kg)
65 lb (29.5 kg)
Sliding Rack Rails
(UCSC-RAILB-M4)
● FCC (U.S. only) Class A
● DOC & ICES (Canada) Class A
● CE Mark (EN55022 Class A, EN55024, EN61000-3-2, EN 61000-3-3,
EN60950)
● VCCI Class A UL 1950
● CSA 950
● Products should comply with CE
markings per directives
2004/108/EC and 2006/95/EC
● UL 60950-1 Second Edition
● CAN/CSA-C22.2 No. 60950-1
Second Edition
● EN 60950-1 Second Edition
● IEC 60950-1 Second Edition
● AS/NZS 60950-1
● GB4943 2001
Virtual Flow Collectors
*
L-LC-FC-NF-VE-K9
Flow Collector for
NetFlow Virtual
Edition
30,000*
1,000*
1.0 TB
Virtual
L-LC-FC-SF-VE-K9
Flow Collector for
sFlow Virtual Edition
30,000*
1,000*
1.0 TB
Virtual
L-LC-SW-VE-CONV-K9
Conversion from
physical appliance to
Virtual Edition
The maximum number of flows per second can change, depending on network conditions.
Note:
These specifications apply to Stealthwatch 6.8.2.
Flow Sensor
The Flow Sensor component produces NetFlow data for segments of the switching and routing infrastructure that
do not support NetFlow. It also works in environments where an overlay monitoring solution better fits the
operations model of the IT organization. The Flow Sensor can provide Layer 7 application information for
environments where Cisco Network-Based Application Recognition (NBAR) is not enabled. The Flow Sensor
delivers comprehensive visibility of network and server performance metrics. It combines deep packet inspection
(DPI) and behavior analysis to identify applications and protocols. The result is optimized security, network
operations, and application performance.
The volume of NetFlow data generated from the network is determined by the capacity of the deployed Flow
Sensors. Multiple Flow Sensors may be installed. Flow Sensors are available as hardware appliances or as
software to monitor virtual machine environments. Tables 6 and 7 list the major benefits and specifications of the
Flow Sensor.
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 4 of 8
Table 6.
Major Benefits of the Flow Sensor
Benefit
Description
Layer 7 application visibility
Provides true Layer 7 application visibility by gathering application information along with packet-level
performance statistics.
Packet-level performance
and analysis
Provides true Layer 7 application visibility by gathering application information along with packet-level
performance statistics.
Alerts on network anomalies Pinpoints any unusual network behavior and immediately sends an alarm with contextual intelligence so that
security personnel can take quick action and mitigate damage.
Lower costs
Enhances operational efficiency and reduces costs by identifying and isolating the root cause of an issue or
incident within seconds
Choice of delivery methods
You can order the Appliance Edition, a scalable device suitable for any size organization.
Or you can order the Virtual Edition, designed to perform the same function as the appliance edition, but in a
VMware environment.
Table 7.
Flow Sensor Specifications
FS 1010
FS 2010
FS 3010
FS 4010
1.0 Gbps
2.5 Gbps
5.0 Gbps
20.0 Gbps
(512-byte packets)
(512-byte packets)
(512-byte packets)
(512-byte packets)
400 Mbps
800 Mbps
1.2 Gbps
4 Gbps
(64-byte packets)
(64-byte packets)
(64-byte packets)
(64-byte packets)
2 ports: 10 GB, fiber
optic; rated to monitor
5 Gbps total
4 ports: 10 GB, fiber
optic; rated to monitor
20 Gbps total
Communications
Throughput
Interfaces
Management port
1 port: 10/100/1000BASE-TX, copper
Monitor port
3 ports: 10/100/1000BASETX, copper
Console port
Serial, Kernel-based Virtual Machine (KVM)
5 ports: 1 GB
(5 copper or 3 copper and 2
fiber optic); rated to monitor
2.5 Gbps
Physical
Hardware platform
R220
R630
Hardware generation
12G
13G
Form factor
Dimensions
Stackable
Height: 1.67 in. (4.24 cm)
Height: 1.68 in. (4.3 cm)
Width: 17.09 in. (43.4 cm)
Width: 18.99 in. (48.24 cm) with rack latches; 17.08 in. (43.4 cm) without rack
latches
Depth: 15.5 in. (39.37 cm)
Depth: 29.25 in. (74.3 cm)
Weight
35 lb (15.4 kg)
41 lb (18.6 kg) maximum configuration
Storage
500 GB nonredundant
300 GB (RAID 1 redundant)
Power
Single; 250W (nonredundant)
Redundant 750W AC, 50/60 Hz, auto-ranging (100V to 240V)
Heat dissipation
1040 Btus per hour
2891 Btus per hour maximum
Temperature
Operating: 10° to 35°C
Operating: 10° to 35°C (50° to 95°F) with a maximum gradation of 10°C (50°F)
per hour. Note: For altitudes above 2950 feet, the maximum operating
temperature is derated –17°C (1°F) per 550 feet
Environmental
(50° to 95°F)
Storage: –40° to 65°C
(–40° to 149°F)
Storage: -40° to 65°C (–40° to 149°F) with a maximum gradation of 20°C (68°F)
per hour
Relative humidity
Operating: 10% to 80% (noncondensing) with maximum gradation of 10% per hour. Storage: 5% to 95%
(noncondensing)
Regulatory compliance
CE Emissions/FCC Class
A/RoHS
FCC (U.S only) Class A
DOC (Canada) Class A
VCCI Class A/UL 1950/CSA 950
CE Mark (EN 55022 Class A, EN 55024, EN 61000-3-2, EN 61000-3-3, EN
60950)
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 5 of 8
Note:
These specifications apply to Cisco Stealthwatch 6.9.
Virtual Flow Sensor
*
Product Part Number
Description
Maximum Network
Traffic
Network
Monitoring Ports
Form Factor
L-LC-FSVE-VMW-K9
Flow Sensor virtual appliance for VMware
*
-
Virtual
L-LC-SW-VE-CONV-K9
Conversion from physical appliance to Virtual
Edition
Dependent on the resources of the virtual machine.
UDP Director
The UDP Director simplifies the collection and distribution of network and security data across the enterprise. It
helps reduce the processing power on network routers and switches by receiving essential network and security
information from multiple locations and then forwarding it to a single data stream to one or more destinations.
Tables 8 and 9 list the major benefits and specifications of the UDP Director.
Table 8.
Major Benefits of the UDP Director
Benefit
Description
Reduces unplanned
downtime and service
disruption
UDP Director high availability is available only on the UDP Director 2000 appliances. It is not supported on the
1000 appliances.
Simplifies network security
and monitoring
UDP Director aggregates and provides a single standardized destination for NetFlow, sFlow, syslog, and Simple
Network Management Protocol (SNMP) information. UDP Director appliances can receive data from any
connectionless UDP application, and then retransmit it to multiple destinations, duplicating the data if required.
Can direct UDP data from
any source to any
destination
Receives data from any connectionless UDP application, and then retransmits it to multiple destinations,
duplicating the data if required.
Removes the need to
reconfigure infrastructure
Directs point log data (NetFlow, sFlow, syslog, SNMP) to a single destination without the need to reconfigure the
infrastructure when new tools are added or removed.
Table 9.
UDP Director Specifications
UDP Director 1010
UDP Director 2010
Packet replication rate
(input)**
25,000 pps
37,500 pps
Packet replication rate
(output)**
50,000 pps
75,000 pps
Network
● 1 management port: 10/100/1000BASE-TX, copper
● 1 monitor or listening port
● Integrated HTTPS web UI; serial and KVM access to
command-line interface (CLI)
● 1 management port: 10/100/1000BASE-TX,
copper
● 3 monitor or listening ports
● Optional: 2 add-on Gbps optical fiber
single-port NICs
Storage
160 GB, nonredundant
300 GB, RAID 6, redundant
Hardware platform
R220
R630
Hardware generation
12G
13G
Rack units (mountable)
1RU
Power
Single power supply (250W)
Heat dissipation
1039 Btus per hour maximum
Operating system
Hardened Linux
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
● Redundant 750W AC, 50/60 Hz
● Auto-ranging (100V to 240V)
2891 Btus per hour maximum
Page 6 of 8
Dimensions
UDP Director 1010
UDP Director 2010
Height: 1.67 in. (4.24 cm)
Height: 1.68 in. (4.3 cm)
Width: 17.09 in. (43.4 cm)
Width: 18.99 in. (48.24 cm) with rack latches;
17.08 in. (43.4 cm) without rack latches
Depth: 15.5 in. (39.37 cm)
Depth: 29.25 in (74.3 cm) with power supplies
and bezel; 27.25 in. (69.2 cm) without power
supplies and bezel
Unit weight
34 lb (15 kg)
65 lb (29.5 kg)
Rails
Rack chassis with Versa Rail, round holes for third-party racks
Sliding ReadyRails with cable management
arm
Regulatory
FCC (U.S. only) Class A
DOC (Canada) Class A
CE Mark (EN 55022 Class A, EN55024, EN61000-3-2, EN61000-3-3, EN60950)
VCCI Class A UL 1950
Virtual Edition UDP Director
*
Product Part Number
Description
Maximum Input (pps)
Maximum Output
(pps)
Monitoring Ports
Form Factor
L-LC-UDP-VE-K9
UDP Director
VE license
15,000
30,000
N/A
Virtual
Dependent on the resources of the virtual machine.
Flow Rate License
A Flow Rate License is required to aggregate flows at the Management Console. Flow Rate Licenses also define
the volume of flows that may be collected. Licenses may be combined in any permutation to achieve the desired
level of flow capacity.
Ordering Information
The Cisco Stealthwatch System ordering guide will help you understand the system’s models, components, and
licensing types. To place an order, contact your account representative.
Service and Support
A number of service programs are available for the Cisco Stealthwatch system. These services help you protect
your network investment, optimize network operations, and prepare your network for new applications to extend
network intelligence and the power of your business. For more information about Professional Services, see the
Technical Support homepage.
Cisco Capital
Cisco Capital® financing can help you acquire the technology you need to achieve your objectives and stay
competitive. We can help you reduce CapEx. Accelerate your growth. Optimize your investment dollars and ROI.
Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary thirdparty equipment. And there’s just one predictable payment. Cisco Capital is available in more than 100 countries.
Learn more.
For More Information
For more information about Cisco Stealthwatch, visit http://www.cisco.com/go/stealthwatch or email us at
[email protected]
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 7 of 8
Printed in USA
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
C78-736512-02
C78-736512-04
06/16
03/17
Page 8 of 8

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz