Category Archives: Cisco

  • 0

You already own the most powerful security tool. Are you really using it? Really?

Category : Cisco

See and stop threats using your existing network.

If you live in the United States, there’s a 44% chance your most valuable personal data were recently compromised[1]. The silver lining, if there is one, is that this breach compelled many to start actively monitoring their credit report for signs of suspicious activity. It often takes a mega breach – such as that of a major credit reporting agency – to incite action. This is despite the fact that identity theft was already a $15 billion problem and the likelihood of being victimized was significant even before the new breach. One of the reasons identity theft can be so damaging is that most people don’t have the appropriate precautions in place, and by the time they realize they’ve been owned, it’s too late.

A similar dynamic exists with organizations. The likelihood of a network compromise has never been higher. It’s not a matter of “if” you’ll be breached, but rather “when”.  And in the event of a breach, companies often have open networks, making it easier for threats to move laterally throughout the network. Or there’s simply no mechanism to see malicious activity after it breaks through the perimeter. This all means free reign for threats to reach and exploit your critical data, unimpeded. This is a key reason why the industry average time-to-detection and containment are 191 and 70 days, respectively. And these time-to-detection lag times make expensive breaches even costlier at an average of $3.62 million in 2017.[2]

Since the invention of the network, security has been a prime concern. Ironically, the recent trend is to manage networking and security separately, and call it network security. This approach has led to fragmented defense postures, which are challenging to implement and too easy for hackers to circumvent. The two shouldn’t be mutually exclusive.

Cisco has long believed enhancing the network itself is the most effective and practical way to safeguard your data. And despite the fact that both networking and security have dramatically evolved, it’s now more important than ever to streamline your network defenses with built-in security solutions. We’re pleased to announce the official launch our Network Visibility and Enforcement solution, which features Cisco Stealthwatch, the Identity Services Engine (ISE) and TrustSec. Only Cisco is positioned to offer the most effective way to achieve the following key outcomes that will minimize the impact of a breach:

  • Prepare as though you will be breached
  • Detect threats sooner
  • Achieve rapid threat containment

Prepare as though you will be breached

When the day comes (and likely, it already has) that a threat presents itself in your network, you want to make sure that any damage is limited to the specific part of the network where the breach occurred, and nowhere else. This is why a segmented network is so critical. But not all approaches to segmentation are created equal. More on that in a minute. Cisco Identity Services Engine (ISE) in conjunction with Cisco TrustSec provides role-based segmentation for simplified access control that scales with your business. And Cisco Stealthwatch provides the assurance necessary for effective segmentation monitoring.

Detect Threats Sooner

Do you know if you’ve been breached? How do you know? Whether it’s an insider threat or malware, there’s indicators of compromise that are manifested in your network traffic. You just need the visibility and detection capabilities to discover these bad actors. Cisco Stealthwatch lights up the dark corners of your network by gathering network telemetry, using multi-layer machine-learning to analyze and detect malicious activity. Integration with ISE makes it possible for Stealthwatch to ingest user and device details for more actionable reporting. This includes our new Cisco Encrypted Traffic Analytics solution that leverages Stealthwatch to provide visibility and security analytics to encrypted traffic. So even when the inevitable a breach occurs, you’ll know it – faster.

Rapid Threat Containment

When Stealthwatch raises a security event, you have the power to respond…. at the click of a button. Within the Stealthwatch management console, ISE is alerted to immediately quarantine any compromised devices and the impact of the attack is contained. This is where software-defined segmentation plays such a critical role. TrustSec the agility to automatically remove a given device from the network is very challenging to execute at scale with access control lists (ACLs). Central policy management is maintained in ISE, which leverages TrustSec software-defined segmentation technology to dynamically enforce across the network without all the manual configuration.

Customers are already enjoying the benefits of Network Visibility and Enforcement. Read more about how Sentara Healthcare has dramatically improved their security posture.

Digital transformation is demanding change at an unprecedented pace and putting extraordinary pressure on the network. This network complexity is increasing the attack surface, impeding visibility and making organizations more vulnerable to attacks. Network Visibility and Enforcement is a strategy to proactively safeguard your data from the inevitable breach. The inability to anticipate every breach and minimize its impact is too costly to ignore. You should start developing these capabilities today!

Learn how you can see and stop threats using the power of your network. Find out more about Cisco Network Visibility and Enforcement at cisco.com/go/nve.

[1] AP News

[2] Ponemon Institute

Source: https://blogs.cisco.com/security/you-already-own-the-most-powerful-security-tool-are-you-really-using-it-really?CAMPAIGN=Security&Country_Site=us&POSITION=Social+Media&REFERRING_SITE=LinkedIn&CREATIVE=Cisco%20Security

Author: Dan Stotts


  • 0

How to avoid cybercrime while shopping—and what Cisco is doing to help

Category : Cisco

Cybersecurity should be top of mind when shopping online this season.

Hackers are trying to steal your personal details—this is a sentiment you’re likely aware of and even partially vigilant against, but new studies show this is something to seriously revisit.

Cisco has found there are now 19.7 billion cyber threats per day. Figures from the UK’s Information Commissioner’s Office also show the number of retailers who have had data breaches has doubled in just one year. This means that as retailers accumulate more shopper data, more personal information is at risk to become compromised. In 2015-2016, 19 breaches caused the loss of client data—this rose to a whopping 38 breaches in the 2016-2017 timeframe.

Research by KPMG shows that in a 2016 survey of 100 retail senior cybersecurity executives, only 55% of these have invested capital funds in cybersecurity protection in the last year.

Senior Director of Threat Intelligence at Cisco Matt Watchinski tells CNBC that threats definitely increase during the holiday season. Knowing that breaches have gained over the last year, here’s some tips to keep your personal information safe:

1.Avoid sketchy emails

Don’t click on anything (including texts) that sound too good to be true. Check their website instead.

2.Update your passphrases

Passwords, operating systems, browsers, apps, and more—it’s always good to keep them fresh.

3.Vary your security questions (and answers)

Keep your security questions varied, creative, and hard to guess. Answers shouldn’t be easy to find through public search.

4.Don’t save credit card info

Keeping this information in browsers, retailers, and public spaces is a great risk. Watchinski also recommends visiting your credit card’s website to get a one-time credit card code.

To help with the fight against cybersecurity crime, Cisco has recently partnered with INTERPOL(International Police Organization) to share threat intelligence as a joint effort against cybercrime. The aim is for both organizations to develop a focused approach to share data. This will help quickly pinpoint threats around the world.

Cisco’s already-broad security portfolio helps retailers and beyond to find a threat, and stop it everywhere. With the alliance with INTERPOL, Cisco will be able to reduce even more digital risk.

Source: https://newsroom.cisco.com/feature-content?type=webcontent&articleId=1899011&CAMPAIGN=Corporate%20Communications&Country_Site=GL&POSITION=Social+Media&REFERRING_SITE=LinkedIn&CREATIVE=Cisco++

Author: Stephanie Chan


  • 0

Security, Off the Beaten Path

Category : Cisco

Cisco Umbrella and AMP for Endpoints extend protection anywhere users go.

Protecting endpoints everywhere

How can you strengthen your defenses? Respond where today’s attacks occur.

DOWNLOAD THE EBOOK

Cisco AMP for Endpoints and Umbrella

Gain the visibility, context and control needed to prevent, detect and respond to attacks targeting endpoints.

READ THE SOLUTION BRIEF

Protecting endpoints, better together

Cisco AMP for Endpoints and Cisco Umbrella work in harmony to provide the visibility, context, and control needed to prevent, detect, and respond to attacks targeting endpoints, before damage can be done.

A cloud-delivered service, Umbrella provides the first line of defense against threats on the Internet, giving organizations visibility to protect users across all network devices, office locations, and beyond. With Umbrella, customers can stop malware infections earlier, identify already infected devices faster, and prevent data exfiltration.

AMP for Endpoints is a cloud-managed, next generation endpoint security solution that not only prevents cyber attacks, but also rapidly detects, contains, and remediates malicious files if they evade defenses and infiltrate endpoint— before damage can be done.

Hoot Hoot. Security that won’t sleep

When users and endpoints are off-network, antivirus is often the only protection available. Signature detection and preventative measures are no match for today’s advanced threats. You need to see an attack coming, not wait to respond to it after it breaks through your perimeter and endpoints. You need always-on security that works everywhere your users go, both on and off the corporate network.

Gaps in security

 70%  of breaches start on endpoint devices

Source: Effective Incident Detection and Investigation Saves Money, IDC, 2016

 65% of organizations say attacks evade existing preventative tools

Source: A Year of Mega Breaches, Ponemon Institute, 2015

 55% of organizations are unable to determine cause of breach

Source: A Year of Mega Breaches, Ponemon Institute, 2015

 48% of attackers bypass endpoint defenses because of user error

Source: Exploits at the Endpoint: SANS 2016 Threat Landscape Survey

 An interview with NHL University: Ransomware and using Cisco AMP for Endpoints

“Cisco Advanced Malware Protection, in combination with Cisco Umbrella, has decreased the number of ransomware outbreaks to zero during the last 8 months.”

Freek Bosscha, IT Architect, NHL University

Don’t take our word for it

Start a free trial of Umbrella to see how it complements AMP for Endpoints.

START YOUR UMBRELLA FREE TRIAL

Test your endpoint security with a free trial of AMP for Endpoints.

START YOUR AMP FOR ENDPOINTS FREE TRIAL

Cisco

 

Problems we solve

Blind to malware, uh-oh

Sensitive data and applications have moved beyond the firewall. Perimeter security appliances and VPNs aren’t enough to protect your devices and data. And now you have more locations and more devices to protect than ever before. The high cost of backhauling traffic to corporate has led to an increase in more direct-to-internet connections for branch and remote offices. As a result, users are more likely to get infected with malware, creating more gaps in visibility and coverage for IT security professionals.

Complementary layers

Working at different yet complementary layers, Umbrella prevents connections to malicious destinations and command & control callbacks at the DNS and IP layers while AMP works at the file level to prevent the initial malware execution and track file behavior over time. Together these solutions help organizations to protect against blended threats that use both email and web, and other more sophisticated techniques.

 

 

 

 

 

DOWNLOAD THE ENDPOINT PROTECTION EBOOK

 Source: https://resources.umbrella.com/protect-users-everywhere/?utm_medium=social-paid&utm_source=linkedin&utm_campaign=amp-for-endpoints

  • 0

Expanding the Cisco Security Technology Ecosystem

Category : Cisco

Today we are delighted to announce that the Cisco Security Technology Alliance (CSTA) is adding 26 technology integrations to expand its partner ecosystem to over 140 partners representing 225+ product platform integrations. Some of these integrations are with net-new partners while others are with existing partners that have integrated with yet more Cisco Security products. The rationale for this continued growth in the CSTA ecosystem is simple – there is a need for collaborative security.

Customers have a choice of various point products in the evolving security market. These disparate systems, however, can result in reduced security effectiveness – reduced time to respond to security threats, increased risk and exposure. By integrating siloed security technologies into the broader Cisco Security architecture, security practitioners can achieve faster and more accurate threat identification as well as rapid response to security threats. CSTA provides an environment for security vendors to integrate with various Cisco APIs & SDKs like Firepower eStreamer, pxGrid, REST etc. across the Cisco Security portfolio to the benefit of our mutual customer security deployments.

Enterprise security is comprised of interdependent systems; no one product can achieve absolute security.  By that same token no security solution exists in isolation. The more point security products interconnect with each other, share threat context, participate in an incident response framework, the less the risk of data breaches and security incidents. CSTA is an ecosystem where vendors integrate across a gamut of technologies – perimeter defense, intrusion prevention, advanced threat, sandboxing, cloud security and network policy, making it one of the largest security ecosystems out there. But the end goal isn’t size…it is increased security and decreased risk for our mutual customers.  This is what makes CSTA a truly collaborative ecosystem.

What’s New:

Bringing 3rd Party Threat Intelligence into Cisco Next-Gen Firewall

By ingesting threat intelligence from 3rd party threat feeds, Cisco Threat Intelligence Director (CTID) capabilities in the Cisco Firepower Next-Gen Firewall correlate threat intelligence with events in the Firepower Management Console, thereby simplifying threat investigation. CTID has 6 new integrations with AlienVaultEclecticIQInfobloxNC4ThreatConnect and ThreatQuotient.

Multi-Vendor Threat Event and Platform Management for Cisco Next-Gen Firewall

Cisco Firepower has new partner integrations to its highly-enriched threat event API, eStreamer. ExabeamLogZillaQmulos and Verodinnow utilize Firepower next-gen firewall and threat context to complement their native threat analysis capabilities. Furthermore, Cisco firewall customers can now use Firewall Platform Management solutions from TufinAlgosec and Firemon for policy and configuration management with integrations built using the new Firepower REST API.

New Cisco pxGrid and Cisco ISE Technology Partners

Five new partners—CloudPost NetworksDB NetworksSecuronixTriagingX and WireX Systems are adopting pxGrid to gain network contextual awareness and network threat response capabilities with Rapid Threat Containment. Other partners joining the ISE Ecosysteminclude EMM/MDM vendor Moysle and ISE Guest integration partner Envoy. Also ALEF NULA has integrated their set of 802.1X productivity tools with ISE to simplify secure network access deployments.

Sharing Cisco Threat Grid Threat Intelligence

New partners BluVector and WireX Systems that have adopted the Cisco Threat Grid API to obtain powerful intelligence on malware and have joined the Threat Grid ecosystem.  This integration ecosystem simplifies threat investigation for our joint customers by incorporating Threat Grid threat intelligence directly into our partners’ platforms.

More Technology Partners Under the (Cisco) Umbrella

The Cisco Umbrella & Investigate ecosystem also expands with the inclusion of partners like Digital ShadowsExabeam, and LogRhythm. These integrations not only help organizations manage, prioritize, and mitigate IOCs, but they also provide mechanisms to automate several threat lifecycle workflows, effectively improving both mean time to detect and response to threats, as well overall SOC efficacy.

New Splunk Apps and McAfee pxGrid/DXL Integrations Now Shipping

Previously announced Cisco Firepower eNcore App for Splunk and Cisco AMP for Endpoints Apps for Splunk are both now shipping. Also, our joint announcement with McAfee to create the security industry’s most impactful integration ecosystem is now shipping as well.

Perhaps we should do these announcements more often, because there is a lot to absorb here.  But we like to shine the light on our new partners because multi-vendor integration and openness is key to successful and effective security deployment.

For even more details, read through the individual partner highlights.

Happy integrating!

Source: https://blogs.cisco.com/security/expanding-cisco-security-technology-ecosystem?CAMPAIGN=Security&Country_Site=us&POSITION=Social+Media&REFERRING_SITE=LinkedIn&CREATIVE=Cisco%20Security

Authore: Scott Pope


  • 0

Telemedicine startup wants to make it easier to see your doctor

Category : Cisco

With advances in technology, it’s easier than ever to get treated remotely.

Many people avoid seeing a doctor because of the time or expense involved in the process. This is especially true for people who live in rural or low-income areas; although there’s no question that for most people, access to healthcare is anything but convenient

But advances in technology combined with a recent easing in regulations are making it easier for people to be treated via mobile devices for a variety of medical issues. At the same time, more doctors are coming on board with the idea of treating patients remotely.

As evidence of the growing industry of telemedicine, look at investor interest levels. Global communications and consulting firm Mercom Capital Group’s research shows that globally, telemedicine and remote monitoring companies raised $660 million in venture capital funding across 86 deals in 2016. This compared to $93 million being invested in 46 global telehealth deals just three years prior.

As more states lift regulations, the telemedicine space is poised to become even bigger in coming years. In May 2017, Texas legislators approved SB 1107, a bill that eases some of the state’s more restrictive requirements for telemedicine. The law allows a doctor to provide telemedicine services without first having an in-person consultation.

In the U.S. alone, telemedicine companies will soon be able to legally compete in all 50 states.

Some of the bigger players in the space include San Francisco-based Doctor on Demand, which provides a mobile app providing access to doctors, psychologists and other healthcare providers; the now-publicly traded Teladoc, a New York-based company promises to deliver on-demand health care anytime, from almost anywhere via mobile devices, the Internet, secure video and phone and Fort Lauderdale, Fla.-based MDLIVE, which provides online and on-demand healthcare delivery services.

Your own doctor, right at your fingertips

One Texas startup claims to be taking telemedicine a step further.  Rather than connecting patients to a doctor they have never before spoken to, Austin-based Medici says it can connect patients to all of their existing doctors (including primary care physicians, pediatricians, nutritionists, mental health professionals and even veterinarians) via text or video through an app.

Founded by South African native Clint Phillips, Medici raised $24 million in 2016 and is growing globally. It has launched in the U.S. and South Africa with plans to be in 20 countries by the end of 2018. In January 2018, 30 million South Africans will be invited to use Medici.

“There’s a number of companies providing a patient with a call center doc,” Phillips said. “But there’s no context or records involved. Medici allows patients to speak to their own doctor.”

Physicians like Medici, according to Phillips, because it is not actively trying to take patients from their practice but rather offer them another way to be treated. It is HIPPA compliant and provides malpractice insurance so that doctors can feel safe treating patients remotely, according to Phillips.

Currently, more than 1,000 providers in North America have downloaded the Medici app. The company’s revenue comes from charging doctors a fee for every encounter they have via the application.

Recently, Medici also made it possible for providers to connect with other providers – based on feedback from insurance companies wanting to cut down on unnecessary visits to hospitals, for example.

It recently hired the former head of products from UnderArmour “to bring global thinking and scale” to its business, according to Phillips. Medici is also piloting its app in hospitals, home health and individual practices.

“There are more and more things you can do on the app every month as we improve our roadmap,” Phillips said.

Because of advances in telemedicine, people can avoid having to drive more than an hour just to get a refill, Phillips notes. Some physicians even have the option of working from home from time to time, allowing for a more flexible schedule.

A doctor’s perspective

Dr. Tina Carroll-Scott, medical director of South Miami Children’s Clinic, said she discovered the Medici app earlier this year. When it first opened, the clinic primarily served uninsured patients in an underserved neighborhood. Eventually, Scott helped many patients get insurance so that she could help provide them with continuity of care.

But she still found that many of her patients would go a hospital emergency room to be treated after hours.

“Early on, I started giving out my cell number and having people communicate with me that way,” Scott recalls. “But that wasn’t HIPPA compliant so I started researching ways to protect myself that would allow me to still provide access to them.”

That’s when she came across the Medici app.

“Now I have something safe and secure that gives them the same access I had been giving them for years,” Scott said. “It’s been wonderful and the patients are using it.”

Scott especially likes the video conferencing aspect of it because it gives her a way to see her patients at home.

“When you see them in the environment in which they live, I can glean a lot more information than I could when they just came to the office,” she said. “It’s given me additional information such as that they might not have electricity that has been very valuable in making sure they get the type of healthcare they need.”

Patients do things like upload pictures of rashes, for example, rather than going to the ER.

“I’m able to diagnose things via video so that they understand I should be their first avenue before going to an urgent care or the ER unless it’s a true emergency such as respiratory distress,” she said. “By communicating first with me via the app, I can advise them whether they need to be seen right away or if the issue can wait until the next day.”

One patient with cerebral palsy who had severe asthma was able to save a trip to the doctor by using the video conferencing capability on the app.

“I exported the visit to my electronic record,” Scot said. “And the mother didn’t have to hassle with bringing her wheelchair-bound child in. I just hope that moving forward, legislation works in our favor. We really need to move forward for getting reimbursements for physicians so more people will want to join the bandwagon.”

Source: https://newsroom.cisco.com/feature-content?type=webcontent&articleId=1887178

Author: 

 


  • 0

What are Cisco and Google Cloud Working On…Together?

Category : Cisco

During my early years in software development at Bell Labs, I learned quickly that putting brilliant engineers together — collaborating on an interesting idea — more often than not leads to impactful outcomes. There’s a level of energy and excitement that builds from these types of collaborative development projects.

I could see that same level of energy and excitement when the Cisco and Google Cloud engineering teams met to share their respective thinking on how cloud computing ultimately would evolve — and an open sourced approach for architecting the infrastructure enterprises would need to get there as fast and seamlessly as possible.

The alignment was clear from the very first meeting — the future of cloud for enterprises is moving more towards an extension of the distributed computing model — only now, this model seamlessly incorporates and leverages both on-premises and cloud domains.

Regardless of where they might be in terms of implementing their cloud strategies, if you listen to what enterprise IT teams are saying today compared with the past few years, the foregone conclusion that every on-premises workload inevitably will “move” to a cloud workload has become a less favorable point of view.

Although cloud adoption is still in the initial stages of what will be a decades-long lifecycle, it’s far enough along now that we have a clearer picture of the direction it’s heading. For example, as an industry, we’ve learned that workload “lift and shift” can be difficult. We’ve learned also that trying to manage and orchestrate both on-premises and cloud environments with completely different abstraction tools can be difficult too.

This scenario is exactly what we’re working to solve — together. Summed up in a single sentence, our partnership demonstrates a commitment from both Cisco and Google Cloud to enable a true hybrid experience for enterprises. Why?

Cisco’s perspective is that the world has landed on multicloud — and when it comes to this world, the right conversation for IT teams to be having is about “expanding to the cloud” rather than “moving to the cloud”.

With networking and security platforms that securely connect the majority of the earth, Cisco is in a unique position to help enterprises lower cloud adoption barriers while closing the gap between on-premises and cloud environments. We’re making the distinction between on-premises and cloud environments disappear. Blurring these hard boundaries means the confinements associated with each separate environment are eliminated.

In other words, Cisco’s strategy is to do what we do best and continue securely connecting the world through our software, silicon and hardware — only now, it’s multicloud.

Our joint development efforts with the Google Cloud team is an important milestone for the industry. Together, we’re defining an open source architecture that enables our customers to abstract the view of their infrastructure whether it is on-premises or in the cloud. With this architecture, applications are agnostic and run on top of an open source network fabric. This approach means enterprise IT teams can run an application where it is most beneficial for their businesses — pulling data from anywhere across their distributed environments.

Open Source. Cloud Agile. Seamless. Secure. We’re very excited to work with Google on this project and contribute our technology to the future of cloud adoption.

Source: https://medium.com/@DavidGoeckeler/what-are-cisco-and-google-cloud-working-on-together-934f547dbe46

Author: David Goeckeler


  • 0

Joining Forces for Cybersecurity Openness – Cisco pxGrid and McAfee OpenDXL

Category : Cisco

Interoperation of two leading security integration frameworks delivers unprecedented breadth in multi-vendor collaboration.  Simplifies security vendor integration for customers.

There is strength in numbers.  Here the strength is in the number 2, because it equals almost 100.  Funny math you say?  Well let me explain.

Here the “2” is Cisco and McAfee, two leaders in cybersecurity.  Our respective leadership areas in the industry are attributable in no small part to our openness to integration with 3rd party security platforms.  We have each forged a broad path for cross-vendor integration via our respective security fabrics, Cisco pxGrid and McAfee OpenDXL.  As cybersecurity industry analyst Eric Parizo of IT analyst firm GlobalData (formerly Current Analysis) put it in his report on Security Product Integration Frameworks, “Security product integration frameworks (SPIF) have the potential to change the game.”  He has also intimated throughout his research that cybersecurity practitioners would be best served if Cisco and McAfee would just work together on this stuff.  This is where the “100” comes in.

Cisco and McAfee agree with GlobalData, and the joint customers who have told us the same… that we should enable pxGrid and OpenDXL to interoperate so we can better solve cybersecurity issues they face.  A key component of that is enabling the components of multi-vendor security networks to coordinate their information sharing and threat response.  Interoperation of pxGrid and OpenDXL provides a hefty down payment on that by bringing together our respective cybersecurity ecosystems.  And that is where “100” comes in.  Because the collaboration of “2” with Cisco and McAfee delivers just shy of 100 (98 at last count) pxGrid and OpenDXL partner products that can interoperate via each framework.

While we think bringing pxGrid and OpenDXL together enables material long-term impact on cybersecurity operations and effectiveness, it also has immediate positive impact.  Here’s what it does today:

Employ a Vendor Ecosystem for Threat Response

The “100” can be put to work today on network and endpoint threat response.  Integration between pxGrid and OpenDXL enables our respective threat response ecosystems to collaborate via Cisco® Identity Services Engine (ISE) and McAfee® ePolicy Orchestrator® (ePO).  When a threat response partner takes an automated or manual threat response action via pxGrid or OpenDXL, that response is captured and relayed between ISE and ePO for appropriate Rapid Threat Containment action on the Cisco network or remediation at the McAfee ePO-managed endpoint.  This enables a broad threat response ecosystem composed of almost 100 vendors from every type of security technology.

A common use-case for this is threat response from a SIEM console.  A security analyst decides that a threat event in her SIEM requires immediate action.  If that SIEM vendor is either a pxGrid or DXL partner (pretty much all are), a threat mitigation or investigation action can be launched directly from the SIEM console and executed on both the network via Cisco ISE and on the endpoint via McAfee ePO.  Pretty powerful.

SIEM partner using pxGrid/DXL interoperability to execute threat response actions.

Integration of Cisco ISE and McAfee ePO for Threat Response

Similar to above, ISE and ePO can directly collaborate on threat response by informing each other when one has taken a threat response action so that the other can take an appropriate action according to its respective policy.  This delivers more effective threat response by allowing the endpoint and network to take automated or manual actions as appropriate for the threat conditions. 

Consistent Network Access and Endpoint Control Policy with Cisco ISE and McAfee ePO

Collaboration between ISE and ePO also enables comprehensive network-attached endpoint visibility and network access policy.  ISE, by serving as a gatekeeper for every user/device trying to access the network, possesses a wealth of user identity, endpoint device and network context.  ISE can share via pxGrid its network-attached endpoint session inventory with McAfee OpenDXL, which then relays the information to McAfee ePO.  This provides ePO with visibility to endpoints that it may not know about thus allowing ePO to make determinations about whether or not to bring those newly discovered endpoints under management.  Similarly, Cisco ISE can detect whether an endpoint has McAfee ePO installed and create network access policy based on its presence.

Looking more broadly beyond these specific integrations, Cisco continues to be active in the IETF Security Automation and Continuous Monitoring (SACM) and Managed Incident Lightweight Exchange (MILE) workgroups to drive standardized methods of enabling exchange of monitoring telemetry between security platforms.   Furthermore Cisco continues to drive a “simple, open, automated” approach to security by implementing integrations based on pxGrid and other methods within the Cisco Security portfolio.  Coordinated threat detection, investigation and containment are enabled through Cisco architectural integrations like Talos threat intelligence leveraged across our portfolio, system-wide malware protection with AMP EverywhereUmbrella Enforcement from the cloud, and Cisco’s own Rapid Threat Containment solutions–between ISE, Firepower NGFW, Stealthwatch, and AMP.

Cross-platform integration is critical to securing the networks that run our schools, businesses, government…our world.  Whether you are a customer deploying security platforms, a vendor partner or start-up integrating security platforms, or a services integration partner building unique security service offerings an open integration environment is a necessity.  Collaboration between Cisco pxGrid and McAfee OpenDXL helps toward those ends.

Source: https://blogs.cisco.com/security/joining-forces-for-cybersecurity-openness?CAMPAIGN=Security&Country_Site=us&POSITION=Social+Media&REFERRING_SITE=LinkedIn&CREATIVE=Cisco%20Security

Author: Scott Pope


  • 0

Simplifying Security Through Integration

Category : Cisco

(Live Webinar October 13, 2017 at 1:00pm Eastern Time / 10:00am Pacific Time)

Security administrators today suffer from a barrage of products that work in isolation, and tax an already limited security manpower budget to give hackers the advantage. A more intelligent security solution would be able to exchange information regarding events, policy, threats, and context to correlate events, automatically respond to attacks, close gaps in enforcement, increase network visibility.  Cisco is the only security vendor that purpose built products to work together and share information because we believe that effective security is delivered when all the pieces work together seamlessly.

Agenda

45 minutes of demo

15 minutes of Q&A

REGISTER


  • 0

Ask the IoT Whiz, Defending Your Operations in the Era of IoT

Category : Cisco

This Cybersecurity Month, I’m pleased to present you with the second installment of the Ask the IoT Whiz #CiscoChat podcast, Defending Your Operations in the Era of IoT. In this episode we take a look at the possibilities and potential threats of Internet of Things (IoT) technology.

As connected devices continue to proliferate across the extended enterprise — helping to drive revenue growth, optimize processes, increase efficiency, and make for more meaningful customer interactions — so too do the risks of security breaches. This is the challenge many companies now face: How to make the most of IoT opportunities while protecting infrastructure and data.

In this podcast episode, I chat with IoT Product Marketing Manager John Reno, Security Product Marketing Manager Steve Caimi, and IoT Security TME Mustafa Mustafa. John, Steve, and Mustafa walk through the current IoT landscape before sharing how Cisco’s IoT Threat Defense solution helps customers keep their operations secure. Tune in for answers to the following questions:

  • What are the primary IoT threats?
  • What are the key security challenges businesses face with IoT?
  • How does Cisco IoT Threat Defense work? What are best practices?

For perspective on this pervasive problem, as well as several solutions, listen to the podcast below or on Soundcloud.

Remember to contribute to the conversation yourself in the comments or on social media by following  @Cisco_IoT on Twitter.

To learn more about the topics on this episode, please visit the links below:

Source: https://blogs.cisco.com/digital/defending-your-operations-in-the-era-of-iot?CAMPAIGN=Security&Country_Site=us&POSITION=Social+Media&REFERRING_SITE=LinkedIn&CREATIVE=Cisco%20Security

Author: Stephanie Gaspar


  • 0

Cisco Stealthwatch Cloud Free Trial

Category : Cisco

Secure your public cloud, private network, or hybrid environment. It’s easy and it’s free.

Secure your environment without installing software or hardware. Cisco Stealthwatch Cloud is a SaaS-based, efficient way to gain visibility and threat detection.
Learn about Stealthwatch Cloud

Stealthwatch Cloud offers easy-to-deploy passive network security monitoring. With it you can:

  • Identify indicators of compromise in real time
  • Automate threat detection and alerting
  • Reduce security incident response times
  • Understand network entity behavior
  • Deploy in minutes, not hours or days, in on-premises or Amazon Web Services (AWS) environments

Use it in your public cloud, private network, or both.


Support