Splunk Integrations with Cisco Security Expand with new AnyConnect NVM App

Together, Splunk and Cisco have collaborated to deliver out-of-the-box visibility for more than dozen security products and platforms including multiple Cisco firewalls, Identity Services Engine (ISE), pxGrid, Sourcefire IDS, Advanced Malware Protection, IPS, and various email and web security offerings.

Cisco has just released a new app for Splunk that focuses on user and endpoint usage data by Cisco AnyConnect. Cisco AnyConnect Network Visibility Module (NVM) enables organizations to monitor users on the network while providing additional contextual information such as users, applications, devices, locations and destinations. This rich data can be used by networking, application and security teams to support application capacity planning, troubleshooting, and advanced threat detection.

Cisco-AnyConnect-NVM-App-Home-MedThe Cisco AnyConnect Network Visibility (NVM) App for Splunk streamlines the collection and reporting of IPFIX flows from endpoints (e.g., laptops) both on and off-premise generated by Cisco AnyConnect NVM endpoint sensor technology. The app includes pre-built dashboards to visualize and analyze NVM data (including nvzFlow data). It also features drilldown views of destination domains data usage, application usage information, and endpoint processes usage. Using Cisco AnyConnect NVM app, an IT analyst can analyze and correlate user and endpoint data in Splunk Enterprise with other security data sources.

The response to this new app was immediate – the day it went live we received enthusiastic feedback from security experts at several leading Splunk and Cisco reseller partners.

Maryland-based Force 3, a joint Splunk and Cisco infrastructure services provider, recently helped a federal agency upgrade to 802.1x and always-on VPN deployment. “The ability to easily add AnyConnect dashboards to a Splunk Enterprise environment and correlate AnyConnect, ISE and other data will help accelerate threat detection and forensic analysis,” observed Gregory Kushto, Force 3 Security and Enterprise Networks Director.

Another joint Spunk and Cisco integrator, ePlus Technology, shared similar feedback. “Many of our customers are working on strategic projects that include ASA firewall upgrades, capturing net flow with Lancope, deploying ISE and centralizing monitoring via Splunk software,” explained Regional Security Sales Director Dan Joslin. “Leveraging AnyConnect data as part of a Splunk-enabled SOC can help improve an overall organizations’ security posture.”

This is, of course, just one of many Splunk and Cisco integrations. To learn more, check out the full list of Cisco Apps and Add-ons on SplunkBase.

Wissam Ali-Ahmad  & Friea Berg

Global Strategic Alliances, Splunk Inc.