Introduction to Stealthwatch Implementation

This course is designed to take a user through the initial introduction of flow in a network and introduces how Stealthwatch uses flows. It then introduces users to the Stealthwatch product and its functionality enabling you to proactively and reactively maintain network health. This course addressed the SMC client interface and SMC Web App Interface.

Retail Price: $2,295.00

Next Date: Request Date

Course Days: 2


Request a Date

Request Custom Course


About this Course

This course is designed to take a user through the initial introduction of flow in a network and introduces how Stealthwatch uses flows. It then introduces users to the Stealthwatch product and its functionality enabling you to proactively and reactively maintain network health. This course addressed the SMC client interface and SMC Web App Interface.

Audience Profile

  • Customers whose role is to use the Stealthwatch System to monitor network performance.
  • Channel partners responsible for completing the initial configuration of the Stealthwatch System into a customer network.
  • Employees responsible for completing the initial configuration of the Stealthwatch System into a customer network.

At Course Completion

After completing this course you will be able to implement Stealtwatch in you network and collect forensic data. This course aims to do the following:

  • Introduce learners to Flow concepts
  • Introduce learners to Stealthwatch
  • Teach learners how to proactively and reactively use Stealthwatch to maintain the health of their network.

Prerequisites

This course is designed for network engineers who are interested in implementing Stormwatch in their network environment. To fully take advantage of this course and the topics covered therein, one must possess certain skills prior to attending. These skills include but are not limited to the following:

  • CCNA or equivalent knowledge
  • Familiarity with network security concepts
  • Basic Windows navigation skills

Course Outline

Course Introduction

  • Course Objectives
  • Prerequisites
  • Course Timing
  • Student and Instructor Introductions

M1: Flow Basics

This module introduces learners to the basics of flows in network and security operations.

  • Netflow Overview
  • Flow Information
  • Flow Collector
  • Flow Stitching for bi-directional flow
  • Deduplication

M2: Introduction to Stealthwatch

This module focuses on what the Stealthwatch System is, what it does, and how it works. You will learn about the minimum requirements for deployment on a network and additional optional components that can be added to the system.

  • What is Stealthwatch?
  • Types of input
  • Stealthwatch Management Console
  • Flow Collector
  • UDP Director
  • Flow Sensor
  • Cisco ISE
  • Threat Intelligence License
  • Visibility Through Netfow
  • Conversational Flow Record
  • Discovery
  • IOC
  • Response

M3: Introduction to Flow Collector

This module provides an overview of the Functionality of the Flow Collector

  • Overview of Flow Collector
  • Key Features of Flow Collector - Baselining of all IP traffic
  • Anomaly detection in traffic/host behavior
  • Layer 7 anomaly detection
  • Appliance or virtual deployment options
  • NAT stitching
  • P2P file sharing detection
  • Host and service profiling
  • Index-based prioritization technology OS fingerprinting
  • Support for application-aware flows such as NBAR2
  • Support for custom applications
  • Closest interface determination and tracking
  • Deduplication of flows
  • Virtual environment monitoring
  • Host Group tracking and reporting
  • Router interface tracking and reporting
  • Bandwidth accounting and reporting
  • Packet-level performance metrics
  • QoS (DSCP) monitoring
  • Interface utilization alarming
  • Unauthorized host access detection
  • Unauthorized Web server detection
  • Misconfigured firewall detection
  • Combined internal and external monitoring
  • Full flow logging
  • Worm detection
  • Botnet detection
  • DoS/DDoS detection (SYN, ICMP, or UDP flood)
  • Fragmentation attack detection
  • Network scanning and reconnaissance detection
  • Large file transfer detection
  • Rogue server detection
  • Long term flow retention

M4: Introduction to UDP Director

This module introduces learners to the functionality of the UDP director

  • UDP Director Overview
  • Key Features of UDP Director
  • Simplifies collection of network and security data
  • Reduces points of failure on your network
  • Provides a single destination for all UDP formats on the network including Netflow, SNMP, syslog, etc
  • Reduces network congestion for optimum network performance

M5: Introduction to Proxywatch

This module introduces learners to the functionality of Proxywatch.

  • Proxy watch overview
  • Key Features
  • Enhanced network visibility
  • Additional context around conversations
  • Follow the flow

M6: Introduction to StealthWatch Labs Intelligence Center (SLIC) Threat Feed

This module provides a high level overview of the Stealthwatch Labs Intelligence Center Threat Feed.

  • SLIC High Level Overview

M7: Stealthwatch Installation

This module introduces learners to the installation process of a Stealthwatch SMC VM and Flow Collector

  • VM editions
  • Recommended Resources
  • Required Ports
  • Example Deployment
  • Deploying the OVA
  • Logging into the SMC
  • Initial Setup
  • Adding Flow Collectors

M8: Stealthwatch Management Console

This module introduces users to the Stealthwatch Management Console (SMC), how to navigate the SMC client interface and complete general tasks.

  • Overview of SMC
  • Key Features
  • User identity tracking
  • Appliance and virtual deployment options
  • Root-cause analysis and troubleshooting
  • Relational flow maps
  • NAT stitching
  • Custom dashboards
  • Custom reporting
  • Blocking, remediation or rate limiting
  • Top N reports for applications, services, ports, protocols, hosts, peers and conversations
  • Traffic composition breakdown
  • Customizable user interface based on Point-of-View technology
  • Advanced flow visualization
  • Internal and external monitoring
  • Capacity planning and historical traffic trending
  • WAN optimization reporting
  • DSCP bandwidth utilization
  • Worm propagation visualization
  • Internal security for high-speed networks
  • Customizing Views

M9: Case Study

This module works through a sample of how Steathwatch can be used to provide context-aware security for real-time threat detection and forensic response

  • Case Study 1
  • Case Study 2 


Sorry!!!!, it looks like we haven’t updated our dates for the class you selected. There’s a quick way to find out, contact us at 502.265.3057 or email info@training4it.com


Request a Date