Cisco announced today they will be expanding their threat modeling capabilities by acquiring Observable Networks. This will help expand upon solutions like stealthwatch targeting the ability to identify threats based on unsual and malicious behavior. The big play is adding visiblity within Amazon Web Services and Azure however, Observable is able to take in data from the following sources meaning it has a network play as well.
- Network data from a tap or mirror port
- Network data from NetFlow, IPFIX, or sFlow
- Microsoft Active Directory authentication logs from log forwarder
- Observable Enterprise then delivers alert data to a Syslog receiver.
Lastly, there is a Industrial control systems play for protecting monitor and control industrial processes related to power, transportation, water, oil & gas, and more. This aqusition looks very promising for the Cisco security catalog. The offical post for the annoucment is below and can be found HERE.
The ability to dramatically improve visibility, security and response capabilities across an entire IT surface, including highly distributed branch environments and public cloud infrastructures, is becoming increasingly important as companies and organizations continue their digital transformation. With this in mind, I am pleased to announce Cisco’s intent to acquire Observable Networks, a privately held software company headquartered in St. Louis. Observable Networks provides cloud-native network forensics security applications delivered as a service.
Observable Networks’ technology is based on dynamic behavioral modeling of all devices on the network. Observable Networks’ solutions provide security analysts with the ability to gain real-time situational awareness of all users, devices and traffic on the network, whether in the data center or the cloud. Its cloud-native machine learning techniques for device modeling identifies insider and external threats faster and more accurately. This design supports cloud environments and enables turn-key activation for customers using Amazon Web Services and Microsoft Azure.
Together, Cisco and Observable Networks will extend our Stealthwatch solution into the cloud with highly scalable behavior analytics and comprehensive visibility. On the heels of the unveiling of our new intent-based network, this acquisition reaffirms Cisco’s commitment to providing unparalleled security solutions for our customers and partners.
The acquisition of Observable Networks supports Cisco’s strategic transition toward software-centric solutions. We look forward to welcoming the Observable Networks team to the Security Business Group led by David Ulevitch. We expect the Observable Networks acquisition to be completed in the first quarter of fiscal year 2018.