Site icon

Cisco Stealthwatch Basic Interview Questions

Stealthwatch Overview

Stealthwatch provides enterprise-wide visibility, from the private network to the public cloud, and applies advanced security analytics to detect and respond to threats in real-time. It continuously analyses network activities and creates a baseline of normal network behavior and then uses this baseline, along with advanced machine learning algorithms, to detect anomalies. However, not everything weird is malicious and Stealthwatch can quickly and with high confidence correlate anomalies to threats such as C&C attacks, ransomware, DDoS attacks, illicit crypto mining, unknown malware, as well as insider threats. With a single, agentless solution, you get comprehensive threat monitoring across the data center, branch, endpoint, and cloud, regardless of the presence of network encryption.

Now, if you are looking for a job which is related to the Network Security Administrator who wants to have the complete visibility of on-going activities in the network then you can implement one of the best in class enterprise- wide visibility product i.e. Stealthwatch. If you are preparing for the latest Network Security technologies then you need to understand what Stealthwatch is and related concepts around it. It is true that different product based companies have different product in all the technology space wherein each and every device has its own feature set and in this section we will  be discussing on Stealthwatch and related interview questions. Here, we have prepared the most important document which talks about Stealthwatch and related interview questions along with answers which will help you get ease your day to day activities while managing Stealthwatch and to crack the interviews with ease.

Q. What is Stealthwatch?

Stealthwatch is the industry-leading visibility and security analytics solution that leverages enterprise telemetry from the existing network infrastructure. It provides advanced threat detection, accelerated threat response and simplified network segmentation using multi-layer machine learning and advanced behavioral modeling, all across the extended network.

Q. What are all architecture of Stealthwatch?

Stealthwatch consists of below mentioned key components in its architecture.

Q. What are the main objectives of Stealthwatch?

Key components of Stealthwatch are as follows.

Network Visibility: Stealthwatch will have overall visibility of your Network of both North-South or East-West traffic. It even provides enterprise-wide visibility, from the private network to the public cloud, and applies advanced security analytics to detect and respond to threats in real-time

Detection: Stealthwatch continuously analyses network activities inside your network, analyses network behavior and sets a baseline, it even used advanced machine learning algorithms to detect anomalies. Stealthwatch is behavior and analytical solution.

Incident Response: Stealthwatch is capable of analyzing the Incidents which has happened in your network by going back and analyzing the behavior.

Q. What are the features of Stealthwatch?

Q. How can you deploy Stealthwatch?

Stealthwatch can be either deployed on physical appliance or Virtual Machine.

Physical appliance             :             Stealthwatch can be installed on x210 Series appliance.

Virtual                                :             Stealthwatch can be installed on VMware KVM.

In Stealthwatch smallest flow collector can process 30,000 flows/second.

Q. What is Stealthwatch Management Console?

The Stealthwatch Management Console (SMC) is an enterprise-level security management system that allows network administrators to define, configure, and monitor multiple distributed Stealthwatch Flow Collectors from a single location. It uses graphical representations of network traffic, identity information, customized summary reports, and integrated security and network intelligence for comprehensive analysis.

Stealthwatch Management Console aggregates organizes and presents analysis from, the Cisco Identity Services Engine, and other sources. This system provides flow-based security, network, and application performance monitoring across physical and virtual environments. With Stealthwatch, network operations and security teams can see who is using the network, what applications and services are in use, and how well they are performing.

Q. What are the major benefits of Stealthwatch Management Console(SMC)?

Q. What is Flow Collector?

The Flow Collector leverages enterprise telemetry such as NetFlow, IPFIX and other types of flow data from existing infrastructure such as routers, switches, firewalls, endpoints, and other network infrastructure devices.

Basically, Flow Collector is the Brain of all the operations and it will store the information into the database and this can be used while Incident Response.

The Flow Collector can also receive and collect telemetry from proxy data sources, which can be analyzed by the Global Threat Analytics (formerly Cognitive Threat Analytics), the multi-layered machine learning engine, for deep visibility into both web and network traffic.

Q. What are the major benefits of Flow Collector?

Q. What are the various flows which are supported in Stealthwatch?

Below mentioned are the various types of flows which are supported on Stealthwatch.

Q. What is a Flow Sensor?

The Flow Sensor is an optional component of Stealthwatch Enterprise and produces telemetry for segments of the switching and routing infrastructure that can’t generate NetFlow natively. It also provides visibility into the application layer data. In case if we have non-capable net-flow devices in the network then we have to connect these non-capable devices into a component called Flow Sensor.

In addition to all the telemetry collected by Stealthwatch, the Flow Sensor provides additional security context to enhance the Stealthwatch security analytics. Advanced behavioral modeling and cloud-based multi-layered machine learning is applied to this dataset to detect advanced threats and perform faster investigations.

Q. What are the major benefits of Flow Sensor?

Q. What is UDP Director/Flow Replicator?

The UDP Director simplifies the collection and distribution of network and security data across the enterprise. It helps reduce the processing power on network routers and switches by receiving essential network and security information from multiple locations and then forwarding it to a single data stream to one or more destinations.

Q. What are the major benefits of UDP Director/Flow Replicator?

Q. How do we redirect the traffic from non-NetFlow supported devices? 

Flow Sensors will be deployed in order to collect the information from the non-NetFlow capable devices wherein SPAN/Copy of data packet will be collected from and then flow sensor will transform data packet to full NetFlow.

While doing full NetFlow, Flow sensor will also perform.

Q. What is the use of integrating Stealthwatch with ISE?

Integrate Stealthwatch Management Console to ISE through pxGrid will provide the Stealthwatch system with extra contextual information about the endpoint and user on that endpoint as well as the ability to quarantine that endpoint if they are misbehaving.

Q. What are the key functionalities of ISE post integrating with Stealthwatch?

There are 2 key functionalities of ISE which can be leveraged on Stealthwatch.

Q. What is Packet Analyzer in Cisco Stealthwatch?

The Cisco Packet Analyzer is one of the tool in Stealthwatch which will help you investigate security events and anomalous network activity in your network.

Q. What is the use case of Packet Analyzer in Cisco Stealthwatch?

Suppose Stealthwatch detects abnormal/bad behavior inside the network but as an administrator, if we want to find out what has caused the abnormal behavior, in this case, we can do deep dive inspection using Packet Analyzer.

Packet Analyzer has a 42 Terabyte of Rolling buffer which can store only 42 TB of data in Buffer.

Q. What is Cloud Component in Stealthwatch?

Most of Enterprise network will have cloud platform wherein servers and network devices are installed on cloud. In this case if we want to monitor the Cloud platform then we need to install agent on the Client.

Q. What is Data Concentrator in Cloud Component of Stealthwatch?

In the process of monitoring the devices which are on cloud we install an agent on the Client. Then the Agent will send all the information to a component called as Data Concentrator(Cloud Concentrator).

Data Concentrator will convert all the information which has received from Client(Cloud device) into NetFlow and send that information via tunnel to Flow Collector.

Q.What is Flow in Stealthwatch?

Network Flow is a Unidirectional sequence of packets that have a common characteristics.
Flow is a Stream of information exchanged between the routing protocols, routing tables as well as flow of packets from routers physical interface to routing engine.

Q. What are the characteristics of Flow?

Q. What is NetFlow?

Q. What are the different versions of NetFlow?

Various versions of NetFlow are mentioned below.

Q. What is NetFlow Exporter?

Once the Flow Record has been created then that record has to be binded/tied to a Flow Exporter. Flow Exporter configuration defines either the physical IP address or virtual Flow Collector IP Address to which NetFlow data has to be sent.

It also defines the source interface from which the Flow Exporter device will send NetFlow data, this can be a physical or logical address.

Q. What is NetFlow Generator?

The device where NetFlow is enabled is called as NetFlow Generator.

Note: Advanced questions on stealthwatch are coming soon.

ISE interview question and answer

Information Security interview questions

Cisco FirePower (FTD) Interview Questions and Answers

Exit mobile version