Breath Deeply, Relax…Now Focus…on Integrating Your Security Architecture
By Scott Pope “Relax” and “security” are not often found in the same sentence. There is not much about the current threat environment that elicits relaxation.
But in this era of mindfulness and getting focused, Cisco has done just that. We have put a single-minded focus on integrating our own security portfolio so that we close attack vectors and decrease deployment complexity. And we have also forged pathways for integration with our security products so that your multi-vendor security environment can work in unison to focus on the same problem set, together.
Today we welcome 15 new industry partners with 20 new product integrations to the Cisco Security Technology Alliance(CSTA)–Cisco’s security development, integration and certification framework. CSTA is focused on enabling product integrations that deliver easier and better security in multi-vendor deployments. There are now over 175 development partners representing 300+ product-to-product integrations in CSTA. See details of the new partners and product integrations below.
Customers can integrate existing technology with Cisco security products to improve security telemetry, prioritize the urgent alerts, streamline workflows and get better security outcomes. No two customer environments are alike and that’s why we have built a customizable integration framework for nearly every product in the Cisco security portfolio. We’ve also got a talented services team that can help implement all of this, from a small integration to a turnkey solution.
In other big news, the Cisco Platform Exchange Grid (pxGrid) security integration framework is now the foundation of an IETF-approved Internet standard. Read all about it Here
Here’s a summary of what’s new:
New Cisco Advanced Malware Protection (AMP) for Endpoints Integrations
Using the Cisco AMP for Endpoints APIs partner integrations provide analysts with rich threat information and actions on endpoint events like retrieving endpoint information, hunting indicators on endpoints, searching events, etc. Panaseer, JASK, IBM BigFix and IBMResilient are 4 integrations that are now available for AMP for Endpoint customers to integrate with. These integrations collect all AMP for Endpoint event data via the streaming API for correlation or other uses.
New Cisco Cloud Security Integrations
The Cisco Cloud Security ecosystemalso expands with more integrations. BlueCat and NS1 are DDI solutions that integrate and share DNS context with Cisco Umbrella. EclecticIQ and JASK now integrate with Umbrella to enrich their domain context.
Bringing 3rd Party Threat Intelligence into Cisco Next-Gen Firewall
By ingesting threat intelligence from 3rd party threat feeds, Cisco Threat Intelligence Director (CTID) capabilities in the Cisco Firepower Next-Gen Firewall correlate threat intelligence with events in the Firepower Management Console, simplifying threat investigation. CTID has a new integration with Seclytics.
Multi-Vendor Threat Event & Platform Management for Cisco Next-Gen Firewall and ASA
Cisco Firepower and ASA have new partner integrations. AppviewX uses the ASA Management API to manage ASA policies. Firesec’s SOAR platform now supports both Firepower and ASA. Picus identifies security gaps and exposures now supports Firepower.
Cisco ISE Partners being added
The Cisco pxGrid ecosystem is adding 4 new partner integrations to its long list of integrations.
CyberX joins the IoT visibility partners providing enhanced visibility of IoT devices on the network. Nyansa Voyanceprovides IoT threat defense by using ISE to take RTC actions. Smokescreen joins the Deception technology vendors with its IllusionBLACKproduct integrating its decoys and ISE to take remediation actions. Panaseer Smart Inventorywhich provides visibility into risk integrates with ISE to enhance its context of the endpoints. Besides the above pxGrid partners, Noovus Apolois a custom application which integrates with ISE to provide Service Provider customers with an easier method to automate operational functions with ISE.
Cisco Security Connector (CSC) Integrations
Cisco Security Connectorfor Apple iOS provides organizations with the visibility and control they need to confidently accelerate deployment of mobile devices. CSC is the only Apple approved security application for supervised iOS devices, and integrates with best-in-class MDM/EMM platforms. CSC now adds support for InventIT’s MobiConnect.
Sharing Cisco Threat Grid Threat Intelligence
Using the powerful and insightful Cisco Threat Grid API, a new integration in the Cisco Threat Grid ecosystem being announced with Minerva.This integration simplifies threat investigation for our joint customers by incorporating Threat Grid threat intelligence directly into the Minerva platform.
Cisco Threat Response Integrations
Cisco Threat Response automates integrations across select Cisco Security products and accelerates key security operations functions: detection, investigation, and remediation. It also has support for 3rdParty products through its API. Signal Sciences a next-gen WAF and RASP solution now integrates with CTR.
For details on each partner integration in this announcement, please read through the individual partner highlights below.
Happy integrating!
More details about our new partners and their integrations:
[1]New Cisco Advanced Malware Protection (AMP) for Endpoints Integrations
We are announcing two new integrations with IBM Security:
The Cisco AMP4EP integration with IBM Big Fix enables customers to deploy, manage and upgrade AMP connectors quickly in one unified solution; for deeper visibility and control of endpoints. Security and infrastructure teams can track and upgrade AMP4EP across the environment and multiple operating systems (OS); and perform service-related tasks such as reboot computers, start and stop services, enable debug logging, cache clearing and creating support packages. The app includes graphic-rich reporting displaying overviews of the environment; where the AMP connectors are installed and different connector versions, across OS types.
The Cisco AMP4EP integration with IBM Resilient combines enrichment and containment in one consolidated tool; providing the actionable insights needed to accelerate threat detection and incident response. Analysts within Resilient can investigate AMP4EP events for possible malicious activities. Security teams can then automatically pull findings into an incident, rapidly drill down on a threat detected for further analysis and quickly quarantine any malware detected.
JASK ASOC platform seamlessly ingests logs and alerts from Cisco AMP4EP. With this out-of-the-box integration, mutual customers enjoy better context of the endpoint alerts created by AMP4EP. As a SIEM, JASK correlates this data with all other data-sources in the SOC – network, logs, IAM, Threat Intel feeds and more. JASK then automates the triage process by creating Insights – correlated, aggregated, prioritized group of alerts – serving as a real call-for-action for the SOC analyst. This is all done in a cloud-native environment that allows infinite scalability.
The Panaseer Platform enables CISOs and security leaders to quantify business risk and get a grip on RoI. And, by giving analysts the power to model data at scale and freeing IT teams from firefighting it drives continuous, enterprise-wide improvement. The Panaseer Platform fully integrates with Cisco AMP for Endpoints to extract device and event information, feeding the Anti-Malware and Device Inventory data models and enabling end-users to summarize and explore the performance and coverage of AMP for Endpoints.
[2]New Cisco Cloud Security Integrations
Cisco Umbrella uses DNS to block malicious queries at the network boundary and in the cloud, providing a strong external defense. BlueCat offers similar control at the device level by acting as the “first hop” recursive server, applying security policies to DNS activity right at the source of a query. The integration provides source IP and other contextual data from BlueCat to Cisco Umbrella. Data sharing between the two applications provides a consistent, unified approach to DNS-based security which touches every relevant point on the network.
The EclecticIQ Platform is an analyst-centric threat intelligence platform based on STIX/TAXII. By integrating with Umbrella analysts can quickly discern threats and attribution intelligence from observables used in active campaigns as the cloud-based enricher provides information relating domains, IP addresses and file hashes. The integration enables analysts to dynamically build a repository of intelligence relating to domain activity.
JASK ASOC platform seamlessly ingests logs and alerts from CISCO Umbrella. With this out-of-the-box integration, our mutual customers enjoy the better context of the DNS & IP layer, proxy and C&C alerts created by CISCO Umbrella: as a SIEM, JASK correlates this data with all other data sources in the SOC – endpoint, network, logs, IAM, Threat Intel feeds and more. JASK then automates the triage process by creating Insights – correlated, aggregated, prioritized group of alerts – serving as a real call-for-action for the SOC analyst. This is all done in a cloud-native environment that allows infinite scalability.
NS1 is a modern DDI solution that integrates with Cisco Umbrella to offer a unified solution to support agile application deployment and delivery while protecting your most critical assets. Easy to use and simple to manage, the integration allows customers to get the best of intelligent DNS traffic steering behind the firewall while protecting outbound queries with Umbrella security. Designed to be API-first, NS1 delivers flexible, next-generation DNS solutions that solve complex performance, traffic management, and automation challenges. With Cisco Umbrella’s predictive and analytical approach to security, DNS becomes a control plane for the modern enterprise.
[3]New Cisco Threat Intelligence Director (CTID) for Firepower Integrations
Seclytics uses science to identify the origin of attacks 51+ days before they strike. We use patent-pending science to hunt adversaries in the wild during their precrime setup stages, resulting in over 5,000 unique adversary profiles to date. Continuous surveillance ensures we know when they go live on day zero and remove the element of surprise – leveling the playing field for the first time. Our SaaS-based platform uniquely provides prevention at the precrime stage, at zero day when they go live and beyond. The Seclytics Attack Prediction feed has been certified to work with Cisco Firepower’s Threat Intelligence Director benefiting joint customers. To see how Seclytics uses Science to save you time, money and risk, please visit Seclytics.
[4] New Cisco Firepower Next-Gen Firewall Integrations
AppViewX has integrated with Cisco ASA beginning from version 8.4 till the latest 9.9.2 version. Similar to other vendor firewalls once Cisco ASA is added in the inventory, all the Security policies, Objects, NAT rules are downloaded and saved in AppViewX database. Users can view, compare all the downloaded configuration through the centralized AppViewX console and any configuration changes can be done. AppViewX has the intelligence to find out any configuration changes done in Cisco ASA and updates the database with the help of Syslogs.
Firesec is a Security Analysis and Orchestration platform. It is designed solve problems of these personas – CISO, Security Consultant, Security Auditor and Network Administrator. It is an automated solution for security configuration analysis and compliance readiness. It supports a wide variety of firewalls and helps enhance the security of your network as well as significantly speed up compliance to standards such as PCI DSS, CI Security Benchmarks etc., It offers flexible options to perform network device configuration analysis and has both manual and automatic mechanisms to collect the configuration information from Cisco ASA version 8 and up, Cisco IOS version 12.0 and up, Cisco Firepower version 6.
Picus Platform continuously assesses corporate defenses to reveal security gaps, provides a measurement dashboard clearly displaying the live security status and goes beyond current offerings in the market to proactively suggest fixes and mitigate threats. When Picus identifies a potential exposure on a Cisco Firepower platform in a customer environment, options for quick mitigation actions are immediately provided. This approach assures that Cisco Firepower feature set and policy options are fully and continually utilized, and that the best possible resilience is offered against emerging cyber-threats in real-time.
[5]New Cisco pxGrid Integrations
Using patented technology, CyberX provides IoT & ICS Asset Discovery, Risk & Vulnerability Management, Continuous IoT & ICS Threat Monitoring, Incident Response & Threat Hunting, Unified IT/OT security monitoring and governance, and IoT & ICS Threat Intelligence. Network administrators and SOC analysts who use Cisco ISE and CyberX together bring identity management and security policy creation capabilities in ISE to assets in the IoT and ICS environments.
Nyansa Voyance IoT Security solution is an agentless security platform for IoT and unmanaged critical devices that collects data passively. Voyance integrates with Cisco ISE via pxGrid for active threat containment, by isolating the host machines where malicious activity has been observed.
Noovus Apolo is a front-end web application that automate operational functions when ISE is the RADIUS/AAA server. Integrating via the Cisco ISE ERS API, Apolo allows a non-admin user to automatically update user’s passwords, personal information, notify alarms and others.
Panaseer is the first Continuous Controls Monitoring platform to give CISOs visibility of all assets, and the confidence that security controls are working effectively. Panaseer’s integration with Cisco ISE supplements Panaseer’s Smart Inventory with network contextual data. Panaseer uses device attribute information from a variety of sources to create a comprehensive baseline with which to accurately measure the coverage of their security controls, enabling visibility into their greatest risks.
Smokescreen is a deception platform which uses a combination of machine learning and deception to detect cyberattacks that bypass the protection mechanisms. Smokescreen integrates with Cisco ISE via pxGrid for active threat containment, by isolating the host machines where malicious activity has been observed.
[6] New Cisco Security Connector Integrations
InventIT’s MobiConnect manages the Cisco Security Connector application with and its associated functions, Cisco Umbrella and Cisco AMP Clarity to supervised iOS device. Cisco Umbrella and Cisco AMP Clarity with MobiConnect can provide a view of application behavior and protects devices against malicious sites. MobiConnect can deploy Cisco Security Connector applications and profile to devices.
[7]New Cisco Threat Grid Integration
Minerva Labs‘ innovative endpoint security solution protects enterprises from today’s stealthiest attacks without the need to detect threats first, all before any damage has been done. The company’s Anti-Evasion Platform deceives malware by controlling how it perceives its environment, blocking unknown threats that evade existing defenses. Without relying on signatures, models or behavioral patterns, the Anti-Evasion Platform causes malware to disarm itself, thwarting it before the need to engage costly security resources. Minerva’s Anti-Evasion Platform integrates with Threat Grid to automatically identify mutex-based infection markers to protect endpoints.
[8] New Cisco Threat Response Integrations
With its next-gen WAF and RASP solution, Signal Sciences protects over 10,000 applications and over a trillion production requests per month. Signal Sciences‘ patented architecture provides organizations working in a modern development environment with comprehensive and scalable threat protection and security visibility. With the integration, an analyst can analyze and correlate event data using context from Cisco Threat Response; open a case to collect and store key investigative information, orchestrate resources for incident response, and manage and document progress and findings; and take corrective actions in other Cisco products to remediate and address the threats across the security stack by monitoring, filtering, and blocking known attackers.
Source:: Cisco Security Notice