Network Visibility Module in Cisco XDR
Cisco Secure Client Network Visibility Module (NVM) collects rich flow context from an endpoint to provide more visibility into your network. NVM creates a flow record of every connection from an endpoint and forwards the data over a secure connection to the cloud.
NVM data:
-
reduces incident investigation time.
-
fills gaps in endpoint visibility for east-west communication and lateral movement.
-
provides detailed information about user behaviors, network communication and processes, and more.
NVM is a core part of Cisco XDR. You can send telemetry directly to Cisco XDR without needing an on-premises collector by installing the XDR Default Deployment on your endpoints. Cisco XDR uses this data to create new detections, correlate multiple events into a single incident, and fill invisibility gaps in your network. For more information about the Default XDR Deployment, see the Deployments help topic.
More Resources
View the following documentation for more information about NVM:
NVM data can also be sent to an on-premises collector. View the following documentation for more information about on-premises NVM: