Security Solutions

Cisco Security Solutions Comparison

This comparison table provides a detailed overview of key Cisco security solutions covered in the CCNP Security SCOR (350-701) exam, comparing their components, capabilities, and benefits.

Solution	Components	Capabilities	Benefits
Cisco Secure Network Analytics (Stealthwatch)	• Flow Collector • Flow Sensor • Management Console (SMC) • UDP Director • Data Store	• NetFlow/IPFIX collection and analysis • Behavioral analytics and anomaly detection • Threat detection using machine learning • Network visibility and monitoring • East-west traffic analysis	• Detects insider threats and advanced persistent threats • Reduces mean time to detection (MTTD) • Provides complete network visibility • Works with encrypted traffic
Cisco Secure Cloud Analytics (Stealthwatch Cloud)	• Cloud-based SaaS platform • API integrations (AWS, Azure, GCP) • Cloud flow collectors • Analytics engine	• Multi-cloud visibility (AWS, Azure, GCP) • Cloud workload security monitoring • Network traffic analysis for cloud environments • Threat detection in hybrid environments	• Unified visibility across on-premises and cloud • Rapid deployment with no hardware required • Scalable cloud-native security • Continuous compliance monitoring
Cisco pxGrid (Platform Exchange Grid)	• pxGrid Controller (built into ISE) • pxGrid Client SDK • XMPP-based messaging • REST API	• Real-time context sharing between security platforms • Bidirectional information exchange • Session directory sharing • Security group tag (SGT) distribution • Threat and context integration	• Enables ecosystem integration and automation • Faster threat response through context sharing • Vendor-agnostic framework • Reduces security silos
Cisco Umbrella Investigate	• Cloud-based threat intelligence platform • Global resolvers database • Talos threat intelligence feed • API access for automation	• DNS query and response analysis • Domain and IP reputation scoring • Malware and phishing investigation • Historical internet activity patterns • Predictive threat intelligence	• Proactive threat hunting capabilities • Speeds up incident investigation • Identifies attack infrastructure before attacks occur • Enriches security event data
Cisco Cognitive Intelligence (Cognitive Threat Analytics)	• Machine learning engine • Statistical modeling algorithms • Web usage analysis module • Integration with Umbrella	• Detects command and control (C2) callbacks • Identifies malware in encrypted traffic • Analyzes web traffic patterns • Discovers patient zero in attacks • Behavioral baseline analysis	• Detects threats missed by signature-based systems • Works without decrypting traffic • Reduces false positives through ML • Identifies compromised endpoints
Cisco Encrypted Traffic Analytics (ETA)	• Built into Cisco Catalyst switches and routers • Flow telemetry export • Machine learning models • Integration with Stealthwatch	• Analyzes metadata from encrypted traffic • Detects malware in TLS/SSL sessions • Identifies threats without decryption • Sequence of Packet Lengths and Times (SPLT) analysis • Initial Data Packet (IDP) inspection	• Maintains privacy while detecting threats • No performance impact from decryption • Network-based threat detection • Complements endpoint security
Cisco Secure Client Network Visibility Module (NVM)	• Endpoint agent module • Flow data exporter • Part of Cisco Secure Client (AnyConnect) • Integrated with Stealthwatch	• Endpoint flow telemetry collection • Application visibility on endpoints • Process and connection tracking • Off-network endpoint monitoring • Context-aware flow data	• Extends network visibility to endpoints • Monitors remote and mobile devices • Provides host-level context for investigations • Enhances threat detection accuracy
Cisco Secure Workload (Tetration)		• Zero Trust Microsegmentation • Comprehensive Visibility • Compliance & Forensics • Vulnerability Management	• Workload protection, visibility, and micro-segmentation • Hybrid Cloud Security

Key Exam Focus Areas:

Understand how these solutions integrate within the Cisco Security Architecture
Know which solutions work with encrypted traffic (ETA, Cognitive Intelligence)
Recognize the role of pxGrid in ecosystem integration and automation
Differentiate between on-premises (Secure Network Analytics) and cloud-based (Secure Cloud Analytics) visibility solutions
Understand NetFlow/IPFIX collection and analysis concepts
Know how NVM extends visibility to endpoints outside the corporate network

Security Solutions

Cisco Security Solutions Comparison

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!