In January 2017, Centripetal Networks obtained a patent for a threat detection system that compares a baseline of network traffic to known information about global threat indicators. That correlation process can find malware secretly running on a network.
Cisco implemented that same technology in its Catalyst 9000 series switches, as well as the ASR 1000 and ISR Router 1000 and 4000 routers, the court ruled.
Those network devices send log data generated by Cisco’s NetFlow packet logging system up to the Stealthwatch networking monitoring platform.
With the NetFlow logs, Stealthwatch creates the baseline for what is considered normal traffic on the network. An embedded service called Cognitive Threat Analytics then applies analytic techniques to find advanced threats by correlating the baseline to known threat indicators.