When you install Cisco Cyber Vision for the first time you get a 90-day trial. Once the trial expires, a connection to the cloud is required so components can be counted and billed in order to continue using Cisco Cyber Vision. Different options exist to get a license depending on the network configuration, its network policy, and whether there is a third-party service provider involved.

An online environment can benefit from a direct connection to the cloud, possibly through a proxy, whereas an offline environment will require an additional license reservation. Industrial networks with many Cisco Cyber Vision Centers to manage may be equipped with a local satellite and use Cisco Smart Software Manager Satellite On-Prem as licensing service. Likewise, customers dealing with a third-party service provider must use a local On-Prem satellite, but under the Managed Service License Agreement.

Smart Licensing Services:

• Cisco Smart Software Manager (CSSM): licensing service located in the cloud.

• Cisco Smart Software Manager Satellite On-Prem (CSSM On-Prem): a local service, also named satellite, which connects to the cloud for license requests.

Online registration: flexible security policy, ease of use. A number of Cisco Cyber Vision credits is purchased through a Smart Account and any Center from the package can use these credits. To retrieve a license and ensure credit management, the Cisco Cyber Vision Center sends usage information to the cloud directly over the internet or via a https proxy. No additional components are required for this connection mode. Access: CSSM or CSSM On-Prem.

Offline registration: strong security policy. As opposed to online registration, the association credits-Center is done manually by the user. Getting a license requires the License Reservation feature to be enabled and information to be copied and pasted between Cisco Cyber Vision and cisco.com. The procedure to get a license is described in the Offline licensing section. Access: CSSM.

Managed Service License Agreement: MSLA is a buying program used whenever there is a third-party service provider involved (i.e. the environment can be whether online or offline). This mode requires the use of Cisco Smart Software Manager Satellite On-Prem, which is an on-site license server through which the license request is done to cisco.com. The procedure to retrieve a license is very similar to the online one and are described under the same section. Access: CSSM On-Prem.

On-Prem registration: On-Prem registration is also available without MSLA, especially useful in industrial networks with numerous Centers to manage. Each Cisco Cyber Vision Center sends usage information to a locally installed appliance named satellite. Information with cisco.com is sent periodically to keep the satellite in synchronization. This synchronization can occur automatically in connected environments or manually in disconnected environments. Access: CSSM On-Prem.

Important

As the installation procedure for online licensing, MSLA and On-Prem (satellite) are very close, they are grouped under the same section. Refer to the Online licensing/MSLA/On-Prem section.

Cisco Cyber Vision provides two different feature packages. The Essentials license provides basic features whereas the Advantage one includes Essentials features, plus advanced features, all listed herebelow. These licenses can be enabled from the License administration page in Cisco Cyber Vision and the activation of the Advantage license could lead to additional costs. In addition, note that to use Snort subscriber rules on sensors with IDS the Advantage license must be enabled.

Cisco Cyber Vision Essentials

Inventory​

• Device inventory​

• Identify communication patterns​

• Generate inventory reports​

Vulnerability​

• Identify device vulnerabilities​

• Generate vulnerability reports​

Activities​

• Track control system events​

• Generate device activity reports​

RESTful API​

• REST API programming interface

Cisco Cyber Vision Advantage

It includes Essentials features, plus:

Security posture​

• Device Risk Scoring​

Intrusion detection​

• Snort IDS on supported sensors​

• Talos community signatures (New rules may be added 30 days after release)​

Behavior monitoring​

• Create baselines for asset behaviors​

• Alerts on deviations​

Advanced integration​

• SecureX Ribbon​

• pxGrid integration with ISE​

• Firepower Host Attribute integration​

• SIEM Integration – Splunk, IBM QRadar​

• ServiceNow OT Management integration​

It is possible to use Snort Intrusion Detection System Community and Subscriber rules on Cisco Cyber Vision through the following compatible sensors:

• Cisco IC3000 Industrial Compute Gateway

• Cisco Catalyst 9300 Series Switches

• Cisco Catalyst 9400 Series Switches

• Cisco IR8340 Integrated Services Router Rugged

• Center DPI (one sensor IDS license must be installed per Center DPI interface)

Snort IDS is only available with the Advantage license enabled on Cisco Cyber Vision.

You can enable IDS on each compatible sensor from the sensor right side panel in the sensor administration page. By default, Community rules are enabled.

A toggle button is available in the Snort administration page for Subscriber rules to take over detection.

Note that Subscriber rules will be enabled on all compatible sensors with IDS enabled. This means that it is not possible to have sensors running with Community rules and others running with Subscriber rules at the same time. An IDS license reservation token is also required per sensor with IDS enabled with Subscriber rules.

If the industrial network is monitored by ten Cisco Catalyst 9300 but only one has IDS enabled, then only one reservation token is required.

In case of offline licensing, you must update the license manually to reserve tokens. To do so, follow the Update license registration in an offline environment procedure.

For more information, refer to the Cisco Cyber Vision GUI Administration Guide.