Cisco Security Solutions Comparison

This comparison table provides a detailed overview of key Cisco security solutions covered in the CCNP Security SCOR (350-701) exam, comparing their components, capabilities, and benefits.

Solution	Components	Capabilities	Benefits
Cisco Secure Network Analytics (Stealthwatch)	• Flow Collector • Flow Sensor • Management Console (SMC) • UDP Director • Data Store	• NetFlow/IPFIX collection and analysis • Behavioral analytics and anomaly detection • Threat detection using machine learning • Network visibility and monitoring • East-west traffic analysis	• Detects insider threats and advanced persistent threats • Reduces mean time to detection (MTTD) • Provides complete network visibility • Works with encrypted traffic
Cisco Secure Cloud Analytics (Stealthwatch Cloud)	• Cloud-based SaaS platform • API integrations (AWS, Azure, GCP) • Cloud flow collectors • Analytics engine	• Multi-cloud visibility (AWS, Azure, GCP) • Cloud workload security monitoring • Network traffic analysis for cloud environments • Threat detection in hybrid environments	• Unified visibility across on-premises and cloud • Rapid deployment with no hardware required • Scalable cloud-native security • Continuous compliance monitoring
Cisco pxGrid (Platform Exchange Grid)	• pxGrid Controller (built into ISE) • pxGrid Client SDK • XMPP-based messaging • REST API	• Real-time context sharing between security platforms • Bidirectional information exchange • Session directory sharing • Security group tag (SGT) distribution • Threat and context integration	• Enables ecosystem integration and automation • Faster threat response through context sharing • Vendor-agnostic framework • Reduces security silos
Cisco Umbrella Investigate	• Cloud-based threat intelligence platform • Global resolvers database • Talos threat intelligence feed • API access for automation	• DNS query and response analysis • Domain and IP reputation scoring • Malware and phishing investigation • Historical internet activity patterns • Predictive threat intelligence	• Proactive threat hunting capabilities • Speeds up incident investigation • Identifies attack infrastructure before attacks occur • Enriches security event data
Cisco Cognitive Intelligence (Cognitive Threat Analytics)	• Machine learning engine • Statistical modeling algorithms • Web usage analysis module • Integration with Umbrella	• Detects command and control (C2) callbacks • Identifies malware in encrypted traffic • Analyzes web traffic patterns • Discovers patient zero in attacks • Behavioral baseline analysis	• Detects threats missed by signature-based systems • Works without decrypting traffic • Reduces false positives through ML • Identifies compromised endpoints
Cisco Encrypted Traffic Analytics (ETA)	• Built into Cisco Catalyst switches and routers • Flow telemetry export • Machine learning models • Integration with Stealthwatch	• Analyzes metadata from encrypted traffic • Detects malware in TLS/SSL sessions • Identifies threats without decryption • Sequence of Packet Lengths and Times (SPLT) analysis • Initial Data Packet (IDP) inspection	• Maintains privacy while detecting threats • No performance impact from decryption • Network-based threat detection • Complements endpoint security
Cisco Secure Client Network Visibility Module (NVM)	• Endpoint agent module • Flow data exporter • Part of Cisco Secure Client (AnyConnect) • Integrated with Stealthwatch	• Endpoint flow telemetry collection • Application visibility on endpoints • Process and connection tracking • Off-network endpoint monitoring • Context-aware flow data	• Extends network visibility to endpoints • Monitors remote and mobile devices • Provides host-level context for investigations • Enhances threat detection accuracy
Cisco Secure Workload (Tetration)		• Zero Trust Microsegmentation • Comprehensive Visibility • Compliance & Forensics • Vulnerability Management	• Workload protection, visibility, and micro-segmentation • Hybrid Cloud Security

Key Exam Focus Areas:

• Understand how these solutions integrate within the Cisco Security Architecture

• Know which solutions work with encrypted traffic (ETA, Cognitive Intelligence)

• Recognize the role of pxGrid in ecosystem integration and automation

• Differentiate between on-premises (Secure Network Analytics) and cloud-based (Secure Cloud Analytics) visibility solutions

• Understand NetFlow/IPFIX collection and analysis concepts

• Know how NVM extends visibility to endpoints outside the corporate network