Archiv für die Kategorie: News

By Jessica Bair Cisco Security is honored to be a supporting partner for the Black Hat USA 2019 Network Operations Center (NOC) for the third year; joining conference producer Informa Tech (formerly UBM) and its other security partners: RSA Security, Palo Alto Networks, Ruckus, CenturyLink and Gigamon. Cisco provided DNS visibility and architecture intelligence with Cisco Umbrella and Cisco Investigate; and automated malware analysis and threat intelligence with Cisco Threat Grid, backed by Cisco Talos Intelligence and Cisco Threat Response.
Like other Black Hat conferences, the mission of the NOC is to build the conference network that is secure, stable and accessible for the training events, briefings, sponsors and attendees. This requires a robust connection to the Internet (CenturyLink and Gigamon), firewall protection (Palo Alto Networks), segmented wireless network (Ruckus) and network full packet capture & forensics and SIEM (RSA NetWitness); with Cisco providing cloud-based security and intelligence support. The trainers, briefers and sponsors need to be able to access and demonstrate malicious code and network activity; without infecting attendees or other networks, or experiencing an outage. It is a balancing act that the NOC team enjoys creating at each conference.

Black Hat USA 2019 activity in the NOC was exciting from the first day and it never let up through the week. NOC leaders Neil Wyler (@grifter801) and Bart Stump (@thestump3r) give an out briefing at the end of each conference, on some of the highlights of the security incidents and network metrics; and the security partners each have the ability to blog about some of their findings, with the approval of Black Hat public relations.
Use https and VPNs…
Part of the NOC mission is to protect the users from themselves and to educate the community. On the first day of operations, a PDF was sent to the Threat Grid malware analysis platform from NetWitness. In the thumbnails of the live analysis, I saw what appeared to be a Wells Fargo mortgage statement. I clicked into the Glovebox where the live file could be examined.

The RSA NetWitness and Palo Alto Networks (PAN) Firewall teams were alerted. The PAN team found the .PDF file was downloaded over port 80 to a training class room from a platform that allowed a user to setup a private Dropbox/Box type shared folder in the cloud. However, https was not enabled and all of the data transfer was in the clear. The RSA team was able to reconstruct the packets and observe the plaintext password. With the mortgage account information, the PAN team was able to find the Twitter and PhotoBucket accounts of the user on the Internet and their information security business.
With this information, the PAN team was authorized by the NOC leadership to put up a captive portal for the user, to warn them the next time they connected to the network, that they were passing personal information in the clear. The user saw the warning and clicked through it, without changing their security settings. So, the NOC leader Neil was briefed and went to the classroom to personally inform the student the extent of the personal data and passwords that were being transmitted in the clear. It became a humorous highlight of the conference out briefing.

In a related incident, a user was sending sensitive human resources files in clear text emails. Using the same investigative techniques, the RSA and PAN teams were able to identify the user by name and classroom, and the NOC leadership went to advise them to change the setting on their Outlook email account from http to https.
Lessons learned: Use https and a VPN on a public Wi-Fi network.
So many unique malware samples
There were a number of malware classes that required executables to be downloaded. They were extracted by the NetWitness Packets Malware Analysis and sent to Threat Grid for automated analysis, if the hash has never been seen before…in other words it de-duplicates the files before submission to Threat Grid.

We could see the peaks in the submissions during the training days.

For example, several Metasploit Framework toolkits were downloaded with unique hash values. Metasploit is a collection of tools, exploits and payloads to assist in offensive security exercises. It has a wide variety of payloads that provide remote access capabilities to targets once access has been gained via exploitation of commonly used software. These payloads can be exported to portable executables which can in turn be used to infect machines without requiring initial exploitation.

We also saw the activity of a command shell class, with dozens of unique hash values, illustrating how easy it is to create new files to escape 1-1 hash detection.

Between midnight and 1am on the 2nd day of training, a data exfiltration class came online and downloaded dozens of unique hash exploit kits with random alpha-numeric names.

We also saw a number of instances where Potentially Unwanted Application (PUA) Dealply (also known as Ikarus) was slipped into installers. It is a newer PUA that is in a family of adware that gets distributed through freeware programs and software bundlers. Once installed, Dealply shows advertising pop-ups in the web browser, prompts the user to install fake software updates, modifies default browser settings, and may also collect and transmit various marketing-related information about the user. Dealply was found to be included in packages such as camstudio_0127815701.exe, Setup_ImgBurn_2.5.8.0_dlm_1629102111.exe, idafree50_2113446264.exe and (Hydra) setup_1540910788.exe.

For the first time at Black Hat USA, captured webpage notifications to users who connected to the BH network and were found to be infected with malware. The notifications were done by moving affected users into a group within the PAN Firewall.

Will trade cryptomining for porn
The NOC team also is now alerting users whose devices are seen communicating with cryptomining domains and/or passing clear text passwords. If the attendee wants to cryptomining, that is fine; however, some sites do so without consent.
We saw many cryptomining domains during the conference. However, on the last day of the trainings, I noticed a unique domain that was flagged as both Pornography and Cryptomining.
Cryptomining Domains
Categories
api.bitcore[.]io
Software/Technology,Cryptomining
api.cryptokitties[.]co
Games,Cryptomining
avxhm[.]se
Adult Themes,Illegal Downloads,Cryptomining
ws2.bitcoin[.]de
Ecommerce/Shopping, Financial Institutions, Cryptomining
ws3.bitcoin[.]de
Ecommerce/Shopping, Financial Institutions, Cryptomining
cdn.monero-miner[.]net
Cryptomining
flash-mini[.]com
Search Engines,Cryptomining
gateway.gear.mycelium[.]com
Software/Technology,Cryptomining
host4u.webcounter[.]be
Adware,Web Hosting,Cryptomining
img.cryptokitties[.]co
Games,Cryptomining
javynow[.]com
Pornography,Cryptomining
minergate[.]com
Financial Institutions,Cryptomining
netfixmovie[.]com
Cryptomining
old.nicehash[.]com
Financial Institutions,Online Trading,Cryptomining
www.cryptokitties[.]co
Games,Cryptomining
www.flash-mini[.]com
Search Engines,Cryptomining
www.hostingcloud[.]racing
Cryptomining
www.nicehash[.]com
Financial Institutions,Online Trading,Cryptomining
www.webcounter[.]be
Adware,Web Hosting,Cryptomining

We took a closer look with Umbrella Investigate, to see the global requests and note that several known malicious samples communicated with the domain.

In the Threat Grid Glovebox, we have the ability to investigate URLs without becoming infected, and to observe the behavior. In this case, the website was catering to Japanese porn and we had the ability to see if the behavior of the website changed if the connecting location is the US vs Japan, and if there were differences in the behavior on operating systems, such as the Japanese version of Windows 7.

Examining the website in the Glovebox, we found no mention of the cryptomining in the description of the website, other than they are “…adding more features that will keep your love of for Japanese porn alive and well.”

The Terms of Service also had no mention of the underlying cryptomining.

However, looking at the behavior of the website, we could see the download and execution of the javascript for the mining.

The .js was able to be downloaded as a network artifact from Threat Grid, for further code examination.

Many of the NOC members respected the business model: delivering ad-free full-length HD pornographic movies in exchange for using the CPU cycles for cryptomining. However, it is not disclosed to the user that the mining is taking place. We coordinated with the PAN team for the captive cryptomining portal.

Another very active cryptomining domain was minergate[.]com.

We also safely examined the domain in the Threat Grid glovebox.

The behavior was similar to the pornography / cryptomining domain.

DNS Activity
In 2018, there were about 42.4 million DNS requests on the Black Hat USA network. This year, there were nearly 50 million requests, of which over 5,000 would have been blocked by default as Malware, Command and Control or Phishing.

Working with our partners at RSA NetWitness, we were able to graph the DNS requests into a timeline showing the peaks and valleys from the training events, lunch time and sleeping.

One incident of note, five hosts from five classrooms communicated with a new malicious domain within minutes of each other. Research into the domain reveals abnormal behavior. Coordination with the Talos team indicate this was associated with a new malware campaign.

In App Discovery, over 3,600 applications were used to request DNS. In a production environment, we would have had approval control over category and individual application.

Next stop for the Black Hat NOC team is Black Hat Europe.

Acknowledgements: Special thanks to Michael Auger, our NOC partners RSA (especially the RSA Security team led by Percy Tucker), Palo Alto Networks (especially Sandy Wenzel and Dan Ward), Ruckus (especially Heather Williams), Gigamon, CenturyLink and the entire Black Hat / Informa Tech staff (especially Marissa Parker – Queen of the NOC, Steve Fink – Chief Architect, Neil Wyler and Bart Stump).

About Black Hat
For more than 20 years, Black Hat has provided attendees with the very latest in information security research, development, and trends. These high-profile global events and trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors.
Black Hat Briefings and Trainings are held annually in the United States, Europe and Asia. More information is available at: blackhat.com. Black Hat is brought to you by Informa Tech.

Source:: Cisco Security Notice

By Gabrielle Bridgers Gartner’s Market Guide for Email Security 2019 reaffirms that an increasing number of organizations are migrating their email platforms to the cloud. According to Gartner, “by 2021, Gartner expects 70% of public and private companies to be using cloud email services.”1 But, that access to email from anywhere and on any device means it is essential that organizations protect themselves from increasingly prevalent threats.
To combat threats most effectively, Gartner recommends that, “Security and risk management leaders must adopt a continuous adaptive risk and trust assessment mindset to protect inboxes from exposure to increasingly sophisticated threats”. Gartner states further, “Adopt a CARTA strategic approach to email security by layering inbound, outbound, and internal detection and remediation capabilities.” The CARTA inspired email security architecture is dynamic and robust. Instead of simply protecting at the perimeter, this architecture is always evaluating and detecting, and subsequently, learning and changing.
In that vein, and because email is such a prominent attack vector, Gartner specifically states that “Security professionals have known for years that, due to its importance as an attack vector, email security requires a layered approach.” We believe Cisco’s Cloud Email Security (CES) fully represents this model of protection. The foundation of the solution is Talos, a globally recognized threat research team providing real time threat intelligence. Using that telemetry, CES responds to evolving threats and keeps cloud-based email safe and productive by stopping phishing, spoofing, business email compromises and other cyber threats. Additional subscription services provide the complementary layers that create the comprehensive protection the solution provides. We believe, exemplifying Gartner’s CARTA approach, these layers address the four key areas of protection and according to Gartner, “Email security refers collectively to the prediction, prevention, detection and response framework used to provide attack protection and access protection for email.” These subscription products include multifactor authentication using Duo, Advanced Malware Protection (AMP), Advanced Phishing Protection and Domain Protection.
We believe, the CES solution mirrors Gartner’s guidance of layering inbound, outbound, and internal detection and remediation capabilities.

To help determine which combination of cloud email security products might work best for any organization, we believe, a thorough analysis of existing email security products to understand the current solution’s capabilities completely. Gartner recommends, “Leverage incumbent email security products by verifying and optimizing their capabilities and corresponding configurations. This will serve as the start of a gap analysis to determine where supplementation or replacement may be required.” The Cisco Threat Analyzer for Office 365 quickly detects security gaps in Office 365 email inboxes to provide visibility into threats that may have gone undetected and identify security vulnerabilities.
In addition, to support this growing cloud email platform user base, Cisco Email Security now has data centers with global coverage located in North America, Europe and Asia. These locations allow for local customers to satisfy data access and sovereignty requirements in their specific regions and provide the confidence that their data will remain within region. For those install base customers using an on premise or hybrid solution, this global coverage gives them the peace of mind for migrating from on premise to cloud email.
Understanding the gaps within a current system provide the clearest direction for implementing the most effective email security protections going forward. Cisco Cloud Email Security provides a method for that analysis and a robust layered solution for a comprehensive email security defense. As businesses transition to cloud, email capabilities bring new threats and opportunities that can only be addressed by a complimentary security solution from Cisco Email Security. This layered approach of products and services shows the power of the Cisco Security portfolio.

For the full findings from Gartner, read the report here. And if you’re ready to get started with Cisco Email Security consider our free, 45-day trial.

1 “Public companies‘ unstoppable march to cloud continues with almost 25% — of any size, industry and region — having moved to a cloud email platform. Application leaders can use this research to evaluate Google G Suite and Microsoft Office 365 as cloud email solutions, and to guide deployment plans.” (See “Survey Analysis: Cloud Email Adoption Growth Continues but With Large Regional/Industry Variations.”)
Gartner, Market Guide for Email Security, 6 June 2019, Peter Firstbrook, Neil Wynne

2Cisco 2019 Email Cybersecurity Report
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available for viewing by clicking this link.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Source:: Cisco Security Notice

By Talos Group Modern automobiles contain hundreds of sensors and mechanics that communicate via computers to understand their surrounding environment. Those components provide real-time information to drivers, connect the vehicle to a global network, and in some cases use that telemetry to automatically drive the vehicle. Like any computer, those in vehicles are susceptible to threats, such as vulnerabilities in software, abuse via physical-access, or even allowing remote control of the vehicle, as recently demonstrated by Wired and a DARPA-funded team of researchers.
During a recent engagement, the Connected Vehicle Security practice identified a gap in tooling for automobile security assessments. With ease-of-use, modern car computing requirements, and affordability as motivating factors, the Connected Vehicle Security practice has built and is open-sourcing a hardware tool called “4CAN” with accompanying software, for the benefit of all automobile security researchers. We hope 4CAN will give researchers and car manufacturers the ability to test their on-board computers for potential vulnerabilities, making the vehicles safer and more secure for drivers before they even leave the lot.
Check out the complete FAQ here.

Source:: Cisco Security Notice

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Aug. 9 and Aug. 16. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More
Reference:
TRU08162019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice

By Scott Pope “Relax” and “security” are not often found in the same sentence. There is not much about the current threat environment that elicits relaxation.
But in this era of mindfulness and getting focused, Cisco has done just that. We have put a single-minded focus on integrating our own security portfolio so that we close attack vectors and decrease deployment complexity. And we have also forged pathways for integration with our security products so that your multi-vendor security environment can work in unison to focus on the same problem set, together.
Today we welcome 15 new industry partners with 20 new product integrations to the Cisco Security Technology Alliance(CSTA)–Cisco’s security development, integration and certification framework. CSTA is focused on enabling product integrations that deliver easier and better security in multi-vendor deployments. There are now over 175 development partners representing 300+ product-to-product integrations in CSTA. See details of the new partners and product integrations below.
Customers can integrate existing technology with Cisco security products to improve security telemetry, prioritize the urgent alerts, streamline workflows and get better security outcomes. No two customer environments are alike and that’s why we have built a customizable integration framework for nearly every product in the Cisco security portfolio. We’ve also got a talented services team that can help implement all of this, from a small integration to a turnkey solution.
In other big news, the Cisco Platform Exchange Grid (pxGrid) security integration framework is now the foundation of an IETF-approved Internet standard. Read all about it Here
Here’s a summary of what’s new:
New Cisco Advanced Malware Protection (AMP) for Endpoints Integrations
Using the Cisco AMP for Endpoints APIs partner integrations provide analysts with rich threat information and actions on endpoint events like retrieving endpoint information, hunting indicators on endpoints, searching events, etc. Panaseer, JASK, IBM BigFix and IBMResilient are 4 integrations that are now available for AMP for Endpoint customers to integrate with. These integrations collect all AMP for Endpoint event data via the streaming API for correlation or other uses.
New Cisco Cloud Security Integrations
The Cisco Cloud Security ecosystemalso expands with more integrations. BlueCat and NS1 are DDI solutions that integrate and share DNS context with Cisco Umbrella. EclecticIQ and JASK now integrate with Umbrella to enrich their domain context.
Bringing 3rd Party Threat Intelligence into Cisco Next-Gen Firewall
By ingesting threat intelligence from 3rd party threat feeds, Cisco Threat Intelligence Director (CTID) capabilities in the Cisco Firepower Next-Gen Firewall correlate threat intelligence with events in the Firepower Management Console, simplifying threat investigation. CTID has a new integration with Seclytics.
Multi-Vendor Threat Event & Platform Management for Cisco Next-Gen Firewall and ASA
Cisco Firepower and ASA have new partner integrations. AppviewX uses the ASA Management API to manage ASA policies. Firesec’s SOAR platform now supports both Firepower and ASA. Picus identifies security gaps and exposures now supports Firepower.
Cisco ISE Partners being added
The Cisco pxGrid ecosystem is adding 4 new partner integrations to its long list of integrations.
CyberX joins the IoT visibility partners providing enhanced visibility of IoT devices on the network. Nyansa Voyanceprovides IoT threat defense by using ISE to take RTC actions. Smokescreen joins the Deception technology vendors with its IllusionBLACKproduct integrating its decoys and ISE to take remediation actions. Panaseer Smart Inventorywhich provides visibility into risk integrates with ISE to enhance its context of the endpoints. Besides the above pxGrid partners, Noovus Apolois a custom application which integrates with ISE to provide Service Provider customers with an easier method to automate operational functions with ISE.
Cisco Security Connector (CSC) Integrations
Cisco Security Connectorfor Apple iOS provides organizations with the visibility and control they need to confidently accelerate deployment of mobile devices. CSC is the only Apple approved security application for supervised iOS devices, and integrates with best-in-class MDM/EMM platforms. CSC now adds support for InventIT’s MobiConnect.
Sharing Cisco Threat Grid Threat Intelligence
Using the powerful and insightful Cisco Threat Grid API, a new integration in the Cisco Threat Grid ecosystem being announced with Minerva.This integration simplifies threat investigation for our joint customers by incorporating Threat Grid threat intelligence directly into the Minerva platform.
Cisco Threat Response Integrations
Cisco Threat Response automates integrations across select Cisco Security products and accelerates key security operations functions: detection, investigation, and remediation. It also has support for 3rdParty products through its API. Signal Sciences a next-gen WAF and RASP solution now integrates with CTR.
For details on each partner integration in this announcement, please read through the individual partner highlights below.
Happy integrating!
More details about our new partners and their integrations:
[1]New Cisco Advanced Malware Protection (AMP) for Endpoints Integrations
We are announcing two new integrations with IBM Security:
The Cisco AMP4EP integration with IBM Big Fix enables customers to deploy, manage and upgrade AMP connectors quickly in one unified solution; for deeper visibility and control of endpoints. Security and infrastructure teams can track and upgrade AMP4EP across the environment and multiple operating systems (OS); and perform service-related tasks such as reboot computers, start and stop services, enable debug logging, cache clearing and creating support packages. The app includes graphic-rich reporting displaying overviews of the environment; where the AMP connectors are installed and different connector versions, across OS types.
The Cisco AMP4EP integration with IBM Resilient combines enrichment and containment in one consolidated tool; providing the actionable insights needed to accelerate threat detection and incident response. Analysts within Resilient can investigate AMP4EP events for possible malicious activities. Security teams can then automatically pull findings into an incident, rapidly drill down on a threat detected for further analysis and quickly quarantine any malware detected.
JASK ASOC platform seamlessly ingests logs and alerts from Cisco AMP4EP. With this out-of-the-box integration, mutual customers enjoy better context of the endpoint alerts created by AMP4EP. As a SIEM, JASK correlates this data with all other data-sources in the SOC – network, logs, IAM, Threat Intel feeds and more. JASK then automates the triage process by creating Insights – correlated, aggregated, prioritized group of alerts – serving as a real call-for-action for the SOC analyst. This is all done in a cloud-native environment that allows infinite scalability.
The Panaseer Platform enables CISOs and security leaders to quantify business risk and get a grip on RoI. And, by giving analysts the power to model data at scale and freeing IT teams from firefighting it drives continuous, enterprise-wide improvement. The Panaseer Platform fully integrates with Cisco AMP for Endpoints to extract device and event information, feeding the Anti-Malware and Device Inventory data models and enabling end-users to summarize and explore the performance and coverage of AMP for Endpoints.
[2]New Cisco Cloud Security Integrations
Cisco Umbrella uses DNS to block malicious queries at the network boundary and in the cloud, providing a strong external defense. BlueCat offers similar control at the device level by acting as the “first hop” recursive server, applying security policies to DNS activity right at the source of a query. The integration provides source IP and other contextual data from BlueCat to Cisco Umbrella. Data sharing between the two applications provides a consistent, unified approach to DNS-based security which touches every relevant point on the network.
The EclecticIQ Platform is an analyst-centric threat intelligence platform based on STIX/TAXII. By integrating with Umbrella analysts can quickly discern threats and attribution intelligence from observables used in active campaigns as the cloud-based enricher provides information relating domains, IP addresses and file hashes. The integration enables analysts to dynamically build a repository of intelligence relating to domain activity.

JASK ASOC platform seamlessly ingests logs and alerts from CISCO Umbrella. With this out-of-the-box integration, our mutual customers enjoy the better context of the DNS & IP layer, proxy and C&C alerts created by CISCO Umbrella: as a SIEM, JASK correlates this data with all other data sources in the SOC – endpoint, network, logs, IAM, Threat Intel feeds and more. JASK then automates the triage process by creating Insights – correlated, aggregated, prioritized group of alerts – serving as a real call-for-action for the SOC analyst. This is all done in a cloud-native environment that allows infinite scalability.

NS1 is a modern DDI solution that integrates with Cisco Umbrella to offer a unified solution to support agile application deployment and delivery while protecting your most critical assets. Easy to use and simple to manage, the integration allows customers to get the best of intelligent DNS traffic steering behind the firewall while protecting outbound queries with Umbrella security. Designed to be API-first, NS1 delivers flexible, next-generation DNS solutions that solve complex performance, traffic management, and automation challenges. With Cisco Umbrella’s predictive and analytical approach to security, DNS becomes a control plane for the modern enterprise.
[3]New Cisco Threat Intelligence Director (CTID) for Firepower Integrations
Seclytics uses science to identify the origin of attacks 51+ days before they strike. We use patent-pending science to hunt adversaries in the wild during their precrime setup stages, resulting in over 5,000 unique adversary profiles to date. Continuous surveillance ensures we know when they go live on day zero and remove the element of surprise – leveling the playing field for the first time. Our SaaS-based platform uniquely provides prevention at the precrime stage, at zero day when they go live and beyond. The Seclytics Attack Prediction feed has been certified to work with Cisco Firepower’s Threat Intelligence Director benefiting joint customers. To see how Seclytics uses Science to save you time, money and risk, please visit Seclytics.
[4] New Cisco Firepower Next-Gen Firewall Integrations
AppViewX has integrated with Cisco ASA beginning from version 8.4 till the latest 9.9.2 version. Similar to other vendor firewalls once Cisco ASA is added in the inventory, all the Security policies, Objects, NAT rules are downloaded and saved in AppViewX database. Users can view, compare all the downloaded configuration through the centralized AppViewX console and any configuration changes can be done. AppViewX has the intelligence to find out any configuration changes done in Cisco ASA and updates the database with the help of Syslogs.
Firesec is a Security Analysis and Orchestration platform. It is designed solve problems of these personas – CISO, Security Consultant, Security Auditor and Network Administrator. It is an automated solution for security configuration analysis and compliance readiness. It supports a wide variety of firewalls and helps enhance the security of your network as well as significantly speed up compliance to standards such as PCI DSS, CI Security Benchmarks etc., It offers flexible options to perform network device configuration analysis and has both manual and automatic mechanisms to collect the configuration information from Cisco ASA version 8 and up, Cisco IOS version 12.0 and up, Cisco Firepower version 6.
Picus Platform continuously assesses corporate defenses to reveal security gaps, provides a measurement dashboard clearly displaying the live security status and goes beyond current offerings in the market to proactively suggest fixes and mitigate threats. When Picus identifies a potential exposure on a Cisco Firepower platform in a customer environment, options for quick mitigation actions are immediately provided. This approach assures that Cisco Firepower feature set and policy options are fully and continually utilized, and that the best possible resilience is offered against emerging cyber-threats in real-time.
[5]New Cisco pxGrid Integrations
Using patented technology, CyberX provides IoT & ICS Asset Discovery, Risk & Vulnerability Management, Continuous IoT & ICS Threat Monitoring, Incident Response & Threat Hunting, Unified IT/OT security monitoring and governance, and IoT & ICS Threat Intelligence. Network administrators and SOC analysts who use Cisco ISE and CyberX together bring identity management and security policy creation capabilities in ISE to assets in the IoT and ICS environments.

Nyansa Voyance IoT Security solution is an agentless security platform for IoT and unmanaged critical devices that collects data passively. Voyance integrates with Cisco ISE via pxGrid for active threat containment, by isolating the host machines where malicious activity has been observed.

Noovus Apolo is a front-end web application that automate operational functions when ISE is the RADIUS/AAA server. Integrating via the Cisco ISE ERS API, Apolo allows a non-admin user to automatically update user’s passwords, personal information, notify alarms and others.
Panaseer is the first Continuous Controls Monitoring platform to give CISOs visibility of all assets, and the confidence that security controls are working effectively. Panaseer’s integration with Cisco ISE supplements Panaseer’s Smart Inventory with network contextual data. Panaseer uses device attribute information from a variety of sources to create a comprehensive baseline with which to accurately measure the coverage of their security controls, enabling visibility into their greatest risks.

Smokescreen is a deception platform which uses a combination of machine learning and deception to detect cyberattacks that bypass the protection mechanisms. Smokescreen integrates with Cisco ISE via pxGrid for active threat containment, by isolating the host machines where malicious activity has been observed.
[6] New Cisco Security Connector Integrations
InventIT’s MobiConnect manages the Cisco Security Connector application with and its associated functions, Cisco Umbrella and Cisco AMP Clarity to supervised iOS device. Cisco Umbrella and Cisco AMP Clarity with MobiConnect can provide a view of application behavior and protects devices against malicious sites. MobiConnect can deploy Cisco Security Connector applications and profile to devices.
[7]New Cisco Threat Grid Integration
Minerva Labs‘ innovative endpoint security solution protects enterprises from today’s stealthiest attacks without the need to detect threats first, all before any damage has been done. The company’s Anti-Evasion Platform deceives malware by controlling how it perceives its environment, blocking unknown threats that evade existing defenses. Without relying on signatures, models or behavioral patterns, the Anti-Evasion Platform causes malware to disarm itself, thwarting it before the need to engage costly security resources. Minerva’s Anti-Evasion Platform integrates with Threat Grid to automatically identify mutex-based infection markers to protect endpoints.
[8] New Cisco Threat Response Integrations
With its next-gen WAF and RASP solution, Signal Sciences protects over 10,000 applications and over a trillion production requests per month. Signal Sciences‘ patented architecture provides organizations working in a modern development environment with comprehensive and scalable threat protection and security visibility. With the integration, an analyst can analyze and correlate event data using context from Cisco Threat Response; open a case to collect and store key investigative information, orchestrate resources for incident response, and manage and document progress and findings; and take corrective actions in other Cisco products to remediate and address the threats across the security stack by monitoring, filtering, and blocking known attackers.

Source:: Cisco Security Notice