Intelligent Interoperation with other Systems
Riverbed Cascade uses all of its rich information to intelligently interoperate with other systems to add value and improve workflow. It learns from identity management systems and traffic accelerators to provide real-world business context.
Cascade feeds data to systems and allows them to understand how business services are delivered across the infrastructure. This enables organizations to integrate Cascade into their existing workflows, and to increase the value and ROI of existing tools. Cascade integrates:
Flow Source
Cascade consumes network flow data as its primary instrumentation into the network. Flow data is already available from the existing router and switch infrastructure. No new instrumentation, agents or inline devices are required. Since you’re using the existing network infrastructure, the deployment of Cascade is rapid and cost effective.
WAN Optimization
Riverbed Steelhead and other WAN optimization controllers are capable of generating flow data similar to that available from the router and switch infrastructure. Cascade consumes this data to add visibility into what traffic is traversing the WAN and how effectively optimization efforts are reducing bandwidth demands.
CMDB Discovery
Cascade provides valuable information for the population and upkeep of CMDBs. It discovers all servers on the network, the applications they serve, the dependencies that must exist to deliver those services and the users that consume those services. This information is exported to CMDBs in real time. Cascade immediately notes any changes or additions to the environment and conveys them to the CMDB.
Identity Management
Cascade integrates with user directory, DHCP, and DNS services to provide a more accurate and comprehensive view of network and application usage. Complementing flow and probe data with system name, MAC address and user name, this comprehensive data provides quick access to information indexed by user and enables more accurate definition of typical behavior.
Security Event Management (SEM)
Cascade can send security events to the SEM, ensuring that operators have "a single pane of glass" from which to prioritize and triage incidents. The Riverbed flow API allows operators, without leaving the SEM console, to navigate into Cascade to gain visibility and context into any incident independent of the original source that sent the event.
The integration expands the SEM's capability by providing on-demand visibility into the network including what constitutes normal activity as well as security alerts based on Cascade’s behavior analysis of network traffic.
Vulnerability Management
Cascade enables intelligent vulnerability scanning through integration with leading VM solutions. Cascade notes when hosts first appear on the network and when they begin to exhibit changes in their behavior. Since this activity can be used to trigger events, Cascade will signal the VM systems to initiate a scan. VM integration enhances the incident-response workflow on the Cascade console. The VM can post its scan results on Cascade's GUI.
Mitigation
Cascade supports mitigation actions using a number of different technologies. Cascade can remove a system from the network by turning off switch port(s), creating null-routes or activating access control lists (ACL) on routers, switches and firewalls.
Integrating Cascade with leading IPS systems provides the ability to quarantine a hostile system. Cascade on a NAC can revoke a rogue system’s network access. Different enforcement technologies handle mitigation differently (removal from network access, quarantine, rate limiting, blocking, etc.).
Cascade presents multiple mitigation methods as options in a mitigation plan. It provides context and awareness of a particular mitigating action’s impact. In short, it helps planners make better informed defensive decisions.
Network Management Systems (NMS)
Cascade can send operational and security events to the NMS, ensuring that operators have "a single pane of glass" from which to triage network incidents and prioritize their resolution. The Riverbed flow API allows NMS operators to gain visibility and context into any incident on the network through Cascade, independent of the reporting source and without leaving the NMS console.
The integration expands a network management system’s capability by providing on-demand visibility into the network’s normal activity and into security and network alerts caused by Cascade's behavior analysis.
Riverbed Cascade: Manage, Secure, Optimize...
Riverbed Cascade: How it Works...
Riverbed Cascade: How it's Used...
Riverbed Cascade: How You Benefit...
