Cisco announces its intention to acquire privately held Observable Networks. Observable Networks was founded in 2011. Cisco says that Observable will help extend their Stealthwatch platform. The Observable Networks team will become part of the Security Business Group. The acquisition is expected to complete in the first quarter of fiscal year 2018.
The Observable Networks Dynamic Endpoint Modeling technology uses five different behaviours to understand the network traffic.
- Forecast: This uses past observations to predict differences in current network traffic as potential security issues.
- Group: This uses groups of devices to decide if an individual device has anomalous traffic behaviours.
- Role: Uses behaviours defined for a particular role of a device, and marks traffic that doesn’t match these as anomalous.
- Rule: Uses rule-based algorithms to find correctness of network protocols and behaviours.
- Consistency: Looks at the consistency of network traffic behaviours.
Their solution does this without agents deployed on the endpoints, meaning it works with any device. A free virtual appliance, which supports connection either as a SPAN port, or as NetFlow or equivalent flow exports, enables this.