The ability to generate NetFlow from devices that do not natively produce it along with significant storage efficiency and improved workflows make for a significant update to CTB.
Cisco Telemetry Broker (CTB) Release 2.1.3 is generally available as of March 25, 2024. All current customers are eligible to upgrade and should look at the release notes to better understand the upgrade process and any additional considerations.
Currently, all network telemetry-based analytics products require a separate connection to a telemetry exporting source. Network visibility is often only available to certain areas depending on the expertise of the vendor and their chosen, often proprietary, protocols.
Infrastructure companies sell on premise monitoring tools, cloud providers sell cloud monitoring tools, etc. It has become exceedingly complex to have full network, application, and cloud visibility not just in one tool, but multiple. But what if customers could address this problem by creating an aggregator and translation service that ingests a variety of network telemetry and delivers it to your favorite analytics tools? Cisco Telemetry Broker is the answer.
CTB vastly simplifies the consumption of telemetry data from your business-critical tools. It can broker hybrid cloud data, filter unneeded data, and transform data into a more usable format. CTB works to democratize telemetry for all.
This release delivers the innovation and usability that customers expect from the platform. By allowing NetFlow generation from SPAN traffic, dramatically improving storage and device performance and improve input workflow for the future, release 2.1 combines essential platform development with new features and enhancements.
Produces Telemetry for Devices that Cannot Generate NetFlow Natively
To support the notion of an intelligent telemetry plane, there is a need to generate NetFlow for devices that might not be capable of generating the protocol natively. CTB 2.1 gives users the ability to use the SPAN traffic from a switch and generate NetFlow to any UDP collector, including and not limited to Cisco Secure Network Analytics (SNA), and Cisco Secure Cloud Analytics (SCA)/Extended Detection and Response (XDR) destinations. This feature also Supports NetFlow over 1g/10g interfaces.
Vastly improve Disk Storage and Device Performance
Customers frequently run out of disk space on the CTB device, which jeopardizes the ability of the devices to function properly and can lead to delays or failures in the overall security and visibility architecture. To address this challenge, we have decreased disk usage by using our database more efficiently. In CTB 2.1 over 70% less disk space is used by the metrics database. Additionally, the CTB Broker to CTB Manager data bandwidth was optimized which improves overall performance significantly and allows scalability of the Manager node.
Improve Input Type Workflow
We have generalized the way we handle input types to allow for a more diverse set in the future, so it will now be easier to add new and different input types in upcoming releases. There is now a new UI framework for input configuration which is cleaner and more concise than the previous UI, preventing extensive searching and clicking. Finally, the CTB User Interface (UI) is made consistent for all the input types – including CTB generated NetFlow.
By adding the ability to generate NetFlow from SPAN, drastically improving device performance, and building an input workflow for the future – CTB 2.1 continues to prove its value as a key tool for your SOC. We encourage you to review the release notes and speak with your local Cisco provider to begin planning your upgrade.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!
Cisco Security Social Channels
Instagram
Facebook
Twitter
LinkedIn
