Cisco Secure Cloud Analytics
Only 56 percent of security alerts are investigated, and more than half of those are not remediated, according to the Cisco 2017 Annual Cybersecurity Report. Responding to these alerts is an overwhelming job, and most organizations do not have the security staff to keep up. Companies of all sizes face the challenge of securing their public cloud environments as well as their on-premises infrastructure.
Adding effective security measures for public cloud workloads—with solutions that can reduce the number of false positives—is a critical task. However, the public cloud infrastructure differs from an on-premises infrastructure. A public cloud offers fewer network-monitoring capabilities, even as it undergoes a very high change rate in assets. To provide effective security while reducing the number of false positives, a new approach is necessary.
Imagine that an employee’s cloud credentials are compromised, through phishing or another method. Can you tell if that employee begins logging in from another country? Cisco Secure Cloud Analytics (formerly Stealthwatch Cloud) provides the actionable security intelligence and visibility necessary to identify these kinds of malicious activities in real time. You can quickly respond before a security incident becomes a devastating breach. Figure 8-33 illustrates Cisco Secure Cloud Analytics integrating with the network.

Figure 8-33 Cisco Secure Cloud Analytics integration
The following are some of key challenges your business faces as it grows in the cloud:
• The transition to the cloud is complicated. In their quest to remain agile, businesses have flocked to the public cloud, a place where they can migrate workloads into managed, serverless, and containerized environments that offer faster and more flexible deployments, higher efficiency, and more scalable ways to grow their operations. According to the Cisco Annual Internet Report, Cloud data centers will process nearly 95% of workloads in 2021. And while your organization and cloud footprint continue to grow, so do your compliance concerns and your attack surface. In fact, 94% of cybersecurity professionals report that they are at least moderately concerned about public cloud security.
• As their cloud footprint expands, businesses are increasingly more worried about ensuring compliance and the risk of threats, which is why maintaining proper cloud security posture is critical. Over the past 5 years, some big-name companies have fallen victim to attacks that stem from improper cloud management and resource configuration. With sensitive workloads and data up in the cloud, it is critical that you have the proper tools in place to monitor and protect this information.
• It doesn’t help that most IT tasks are divided into various functions. Your SecOps organization is responsible for threat hunting and monitoring the network for attacks and malicious behavior, while your DevOps team is responsible for rapidly building and deploying applications in the cloud. These groups are separately trying to tackle a wide variety of challenges in the public cloud, and often they don’t work together as closely as they should. As organizations mature, they often pursue a strategy that enables close collaboration between SecOps and DevOps teams.
Cisco Secure Cloud Analytics has many benefits. With Cisco Secure Cloud Analytics, security teams can confidently monitor and protect their cloud workloads and perform quick security posture assessments of their cloud environments using a cloud-native, API-driven solution that works the way a DevOps team would expect. With just one intuitive solution, both SecOps and DevOps can share information on cloud workloads and resolve compliance or configuration issues before an attack takes place. The following table and Figure 8-34 outline the key benefits of Cisco Secure Cloud Analytics:

Figure 8-34 Cisco Secure Cloud Analytics benefits
• Gain actionable intelligence through visibility of your environment, from the private network to the public cloud
• Rapidly detect advanced threats and indicators of compromise
• Grow your security with your business while lowering operational overhead
• Greatly reduce false positives with higher fidelity alerts supported by underlying observations
• Attain a stronger security posture across the enterprise, including the public cloud
With Secure Cloud Analytics, you can detect external and internal threats across your environment—from the private network to the branch office to the public cloud. Secure Cloud Analytics is a SaaS solution delivered from the cloud. It is easy to try, easy to buy, and simple to operate and maintain. When data is received, it requires very little additional configuration or device classification. All the analysis is automated.