New Study: Reducing Security Incidents and Impact with Endpoint Protection
May 18, 2021
Introducing Device Insights for Cisco SecureX
May 19, 2021

Extending Detection into Automated Response with SecureX and Secure Cloud Analytics

Networks span across the enterprise, campus, branch, and into the cloud. Resources that enable agile operational models to allow the business to anticipate and respond to change are expanding the attack surface and bring with them more complexity. Complexity that attackers are taking advantage of. Meanwhile an ever-increasing amount of sensitive and legally protected data is traversing the distributed network. Securing this data to maintain compliance is a top concern and challenge.

And that is just the first layer of challenges. In network security, attackers hiding underneath a sea of complexity aren’t the only concern. Security professionals are racing against time. It is a race occurring on two fronts: One to keep up with business needs, and the other to detect and respond to security incidents before they can become security breaches. To hit both of these objectives, we have piled on best-in-class solution after solution, adding to the complexity and taking us further away from answering the business call to be agile and secure.

Taking a platform approach

With it being reported that identifying and containing a breach is taking on average 280 days, we have to find a better way. This is why taking a platform approach to integrate the security stack is gaining so much attention. We have realized that the collective sum is more significant than the individual value. And best in class is no longer being decided on the feature-by-feature battlefield but rather on the plane of integration. What teams are saying they need is simplicity. They don’t want to spend more time and talent deploying “solutions” to drive better security outcomes. They want an integrated and open platform that simplifies their existing ecosystem and is also interoperable with third-party solutions. They want to bring their products together as one cohesive, automated detection and orchestrated response working within one user experience.

SecureX is the platform 

Cisco SecureX is a cloud-native, built-in platform experience within our Cisco Secure portfolio that connects to customers’ infrastructure.   It unifies visibility, enables automation, and strengthens your security across network, endpoints, cloud, and applications–all without replacing your current security infrastructure or layering on new technologies. The power of SecureX is integration, the value is simplifying and automating response with pre-built workflows to achieve any one security outcome. It radically reduces the dwell time and human-powered tasks involved with detecting, investigating, and remediating threats to counter attacks, secure access, or managing policy to stay compliant.

Secure Cloud Analytics is the detection engine

Cisco Secure Cloud Analytics unifies threat detection across on-premises and multi-cloud environments. With visibility into all network devices and the ability to extract telemetry from both the private infrastructure and the cloud, Secure Cloud Analytics can gain insights into anomalies across hybrid environments that could indicate a compromise.

Secure Cloud Analytics uses a combination of machine learning, behavioral modeling, and rule-based detection to generate alerts based on suspicious activities in the network. Alerts on both known and unknown indicators of compromise are prioritized to filter out the noise and help ensure that teams are responding to what matters. With Secure Cloud Analytics you can listen beyond the noise and hear the threats within. When closing alerts, customers have deemed 94% of them to be “helpful,” showing that we are focusing on what matters.

Extending analytics into the platform

How do you improve on industry-leading network threat detection? You integrate it into the industry-leading platform to extend threat detection into automated response. You enable the sharing of insights between solutions to enable threat hunting within one user experience. And you automate everything with prebuilt workflows that make orchestration easy.

With Cisco Secure Cloud Analytics, you get SecureX. The integration is built in; you just have to activate it to start:

Detecting and isolating malicious devices with Cisco Secure Endpoint

Extend threat detection in Secure Cloud Analytics to automate a Secure Endpoint response to isolate a threat and quarantine rogue entities. Yes, it is automated, and yes, it is that simple. Just activate the built-in capabilities and your saving time to keep you one step ahead of threat actors.

Mitigating unauthorized access to AWS

Gain an automated response to unusual attempts to gain remote access to the cloud. Lock down access to EC2 instances on AWS based on suspicious login attempts. And with built-in teams notifications that come with auto-revert links, redundancy is built in to help ensure business continuity.

Scheduling protection from Secure Cloud Analytics global threat alerts with Umbrella

Automated workflows bridge global threat alerts based on Cisco Talos threat intelligence in Secure Cloud Analytics to block malicious domains with Cisco Umbrella. We could have done a direct integration between Secure Cloud Analytics and Umbrella. But with with SecureX, built into both products our engineering team decided to save time and accelerate automated threat detection and response by simply activating the capabilities with SecureX. That is the power of SecureX for us as a vendor and for you as a customer.

Creating forensic incident investigation casebooks with Secure Cloud Analytics

Retrospective alerts from Secure Endpoint (formerly AMP for Endpoints) trigger a workflow to pull up a historical view of lateral movement and added context from Secure Cloud Analytics. Investigative insights between the two solutions are unified into a single casebook by SecureX. Investigations are simplified within one view, and responders save time by focusing on remediation efforts within a single experience.

Teams want and need a lot of things. We know the problems with finding talent to detect and respond to threats manually. So focusing on simplicity and automation with predefined alerts that trigger a predetermined workflow and response is a great way to get started on the path of automation and orchestration. But this story has just begun; we have much more in store, coming in a release near you.

To learn more about this topic and other innovations that unify threat detection, visit the Innovation Insights hub.


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn