Category Archives: Cisco

  • 0

Joining Forces for Cybersecurity Openness – Cisco pxGrid and McAfee OpenDXL

Category : Cisco

Interoperation of two leading security integration frameworks delivers unprecedented breadth in multi-vendor collaboration.  Simplifies security vendor integration for customers.

There is strength in numbers.  Here the strength is in the number 2, because it equals almost 100.  Funny math you say?  Well let me explain.

Here the “2” is Cisco and McAfee, two leaders in cybersecurity.  Our respective leadership areas in the industry are attributable in no small part to our openness to integration with 3rd party security platforms.  We have each forged a broad path for cross-vendor integration via our respective security fabrics, Cisco pxGrid and McAfee OpenDXL.  As cybersecurity industry analyst Eric Parizo of IT analyst firm GlobalData (formerly Current Analysis) put it in his report on Security Product Integration Frameworks, “Security product integration frameworks (SPIF) have the potential to change the game.”  He has also intimated throughout his research that cybersecurity practitioners would be best served if Cisco and McAfee would just work together on this stuff.  This is where the “100” comes in.

Cisco and McAfee agree with GlobalData, and the joint customers who have told us the same… that we should enable pxGrid and OpenDXL to interoperate so we can better solve cybersecurity issues they face.  A key component of that is enabling the components of multi-vendor security networks to coordinate their information sharing and threat response.  Interoperation of pxGrid and OpenDXL provides a hefty down payment on that by bringing together our respective cybersecurity ecosystems.  And that is where “100” comes in.  Because the collaboration of “2” with Cisco and McAfee delivers just shy of 100 (98 at last count) pxGrid and OpenDXL partner products that can interoperate via each framework.

While we think bringing pxGrid and OpenDXL together enables material long-term impact on cybersecurity operations and effectiveness, it also has immediate positive impact.  Here’s what it does today:

Employ a Vendor Ecosystem for Threat Response

The “100” can be put to work today on network and endpoint threat response.  Integration between pxGrid and OpenDXL enables our respective threat response ecosystems to collaborate via Cisco® Identity Services Engine (ISE) and McAfee® ePolicy Orchestrator® (ePO).  When a threat response partner takes an automated or manual threat response action via pxGrid or OpenDXL, that response is captured and relayed between ISE and ePO for appropriate Rapid Threat Containment action on the Cisco network or remediation at the McAfee ePO-managed endpoint.  This enables a broad threat response ecosystem composed of almost 100 vendors from every type of security technology.

A common use-case for this is threat response from a SIEM console.  A security analyst decides that a threat event in her SIEM requires immediate action.  If that SIEM vendor is either a pxGrid or DXL partner (pretty much all are), a threat mitigation or investigation action can be launched directly from the SIEM console and executed on both the network via Cisco ISE and on the endpoint via McAfee ePO.  Pretty powerful.

SIEM partner using pxGrid/DXL interoperability to execute threat response actions.

Integration of Cisco ISE and McAfee ePO for Threat Response

Similar to above, ISE and ePO can directly collaborate on threat response by informing each other when one has taken a threat response action so that the other can take an appropriate action according to its respective policy.  This delivers more effective threat response by allowing the endpoint and network to take automated or manual actions as appropriate for the threat conditions. 

Consistent Network Access and Endpoint Control Policy with Cisco ISE and McAfee ePO

Collaboration between ISE and ePO also enables comprehensive network-attached endpoint visibility and network access policy.  ISE, by serving as a gatekeeper for every user/device trying to access the network, possesses a wealth of user identity, endpoint device and network context.  ISE can share via pxGrid its network-attached endpoint session inventory with McAfee OpenDXL, which then relays the information to McAfee ePO.  This provides ePO with visibility to endpoints that it may not know about thus allowing ePO to make determinations about whether or not to bring those newly discovered endpoints under management.  Similarly, Cisco ISE can detect whether an endpoint has McAfee ePO installed and create network access policy based on its presence.

Looking more broadly beyond these specific integrations, Cisco continues to be active in the IETF Security Automation and Continuous Monitoring (SACM) and Managed Incident Lightweight Exchange (MILE) workgroups to drive standardized methods of enabling exchange of monitoring telemetry between security platforms.   Furthermore Cisco continues to drive a “simple, open, automated” approach to security by implementing integrations based on pxGrid and other methods within the Cisco Security portfolio.  Coordinated threat detection, investigation and containment are enabled through Cisco architectural integrations like Talos threat intelligence leveraged across our portfolio, system-wide malware protection with AMP EverywhereUmbrella Enforcement from the cloud, and Cisco’s own Rapid Threat Containment solutions–between ISE, Firepower NGFW, Stealthwatch, and AMP.

Cross-platform integration is critical to securing the networks that run our schools, businesses, government…our world.  Whether you are a customer deploying security platforms, a vendor partner or start-up integrating security platforms, or a services integration partner building unique security service offerings an open integration environment is a necessity.  Collaboration between Cisco pxGrid and McAfee OpenDXL helps toward those ends.


Author: Scott Pope

  • 0

Simplifying Security Through Integration

Category : Cisco

(Live Webinar October 13, 2017 at 1:00pm Eastern Time / 10:00am Pacific Time)

Security administrators today suffer from a barrage of products that work in isolation, and tax an already limited security manpower budget to give hackers the advantage. A more intelligent security solution would be able to exchange information regarding events, policy, threats, and context to correlate events, automatically respond to attacks, close gaps in enforcement, increase network visibility.  Cisco is the only security vendor that purpose built products to work together and share information because we believe that effective security is delivered when all the pieces work together seamlessly.


45 minutes of demo

15 minutes of Q&A


  • 0

Ask the IoT Whiz, Defending Your Operations in the Era of IoT

Category : Cisco

This Cybersecurity Month, I’m pleased to present you with the second installment of the Ask the IoT Whiz #CiscoChat podcast, Defending Your Operations in the Era of IoT. In this episode we take a look at the possibilities and potential threats of Internet of Things (IoT) technology.

As connected devices continue to proliferate across the extended enterprise — helping to drive revenue growth, optimize processes, increase efficiency, and make for more meaningful customer interactions — so too do the risks of security breaches. This is the challenge many companies now face: How to make the most of IoT opportunities while protecting infrastructure and data.

In this podcast episode, I chat with IoT Product Marketing Manager John Reno, Security Product Marketing Manager Steve Caimi, and IoT Security TME Mustafa Mustafa. John, Steve, and Mustafa walk through the current IoT landscape before sharing how Cisco’s IoT Threat Defense solution helps customers keep their operations secure. Tune in for answers to the following questions:

  • What are the primary IoT threats?
  • What are the key security challenges businesses face with IoT?
  • How does Cisco IoT Threat Defense work? What are best practices?

For perspective on this pervasive problem, as well as several solutions, listen to the podcast below or on Soundcloud.

Remember to contribute to the conversation yourself in the comments or on social media by following  @Cisco_IoT on Twitter.

To learn more about the topics on this episode, please visit the links below:


Author: Stephanie Gaspar

  • 0

Cisco Stealthwatch Cloud Free Trial

Category : Cisco

Secure your public cloud, private network, or hybrid environment. It’s easy and it’s free.

Secure your environment without installing software or hardware. Cisco Stealthwatch Cloud is a SaaS-based, efficient way to gain visibility and threat detection.
Learn about Stealthwatch Cloud

Stealthwatch Cloud offers easy-to-deploy passive network security monitoring. With it you can:

  • Identify indicators of compromise in real time
  • Automate threat detection and alerting
  • Reduce security incident response times
  • Understand network entity behavior
  • Deploy in minutes, not hours or days, in on-premises or Amazon Web Services (AWS) environments

Use it in your public cloud, private network, or both.

  • 0

Discover the Top 3 Reasons to Upgrade to a Cisco NGFW

Category : Cisco

As a Cisco customer, you expect the best in defending against today’s attacks. You need an advanced level of defense against an ever-changing threat landscape. The recent outbreaks demonstrate how damaging and disruptive security breaches can be to business operations and productivity. The last few years have seen threats explode in popularity and compromise millions of devices worldwide.

Now is the time to refresh you current ASA 5585 firewall deployments to Cisco Firepower, the industry’s first threat-focused Next-Generation Firewall to better protect your network from today’s threats.

Join us for the upcoming webinar, “Discover the Top 3 Reasons to Upgrade to a Cisco NGFW,”at 11AM ET to learn from Cisco experts:

  • Why now is the right time to migrate to Cisco Firepower NGFW
  • How Firepower helps you gain visibility, be flexible, reduce costs, and protect better
  • What new incentives & promotions are available to you as an ASA 5585 customer

Cisco WebEx
8:00AM PT / 11:00AM ET

Register now!

  • 0

When Walls Come Down

Category : Cisco

When you begin remodeling an older home you realize that some walls are there for good reasons. Others block our modern, open-floor-plan lifestyles and can come down. Years ago, factories and utilities separated their Information Technology (IT) and Operations Technology (OT) teams. The thinking was that such walls helped ensure reliability and uptime so that critical systems stay running. The Internet of Things (IoT) is challenging this old model and causing a shift in how OT and IT work.

Gartner estimates that there will be 20 billion connected things by 2020 in all economic sectors including healthcare, manufacturing, and utilities. And the promise of the IoT is a wealth of benefits. Our research shows that these industries stand to gain trillions of dollars in digital value, be it from increasing uptime, productivity, and global competitive advantage, to the efficient and confident delivery of power everywhere it is needed. Connectedness makes this possible. Yet it also brings a whole new generation of risks.

Industroyer uses industrial communication protocols that were designed years ago when industrial systems were walled off from other systems. The malware communicates using a language the systems understand and can control electricity substation switches and circuit breakers directly, disrupting power, creating other failures, and even destroying infrastructure.

In addition to serving as stepping stones into corporate networks, IoT devices are being hijacked for use in IoT botnets. Over the last year IoT botnets have infected hundreds of thousands of devices, turning them into armies capable of launching powerful, coordinated attacks against major corporations and Internet infrastructure that other enterprises rely on. One of the most destructive is BrickerBot, which not only compromises devices but can damage them so severely that the hardware must be reinstalled or replaced. You can read the Cisco 2017 Midyear Cybersecurity Report for more details on these types of attacks and how they work.

Our researchers have been monitoring for years how mobility, cloud computing, and other technology advancements are redefining the security perimeter that you’re charged with defending. As IoT devices proliferate, adversaries will have ample opportunity to exploit vulnerabilities and security gaps for maximum impact. So what can you do to more quickly detect and stop malicious activity at the endpoint, including IoT devices, and even detect ‘infrastructure harvesting’ – where adversaries use infrastructures as a launching pad for attacks?

As walls come down that expose organizations to threats, other walls must come down to strengthen defenses. I’m talking about the traditional wall between IT and OT. But that’s only possible with a proven solution that extends security from the corporate network to the industrial control network and the IoT devices they connect to, while respecting and upholding performance requirements for both.

Cisco’s new IoT Threat Defense solution is a portfolio of products and services to detect and defeat IoT threats. It starts with awareness of every endpoint on your network, including IT and OT devices, through Cisco Identity Services Engine (ISE). Cisco ISE also facilitates authoring and provisioning software-defined segmentation (such as Cisco TrustSec) policy for both IT and OT networks. With this visibility, when an authorized endpoint connects to the Internet directly, Cisco Umbrella and Umbrella Roaming deliver a first line of defense against infections by blocking connections to bad IP addresses, URLs and domains. Cisco Umbrella protects any and all devices using any ports and can be easily activated in AnyConnect to provide seamless protection from malware, phishing, and command-and-control callbacks.

Complementing Cisco Umbrella, Cisco AMP for Endpoints provides protection on the endpoint itself. If a user clicks on a site that has been recently infected with malware or attempts to download a malicious file, Cisco AMP for Endpoints stops these types of known and unknown attacks. Even if user devices don’t have an AMP for Endpoint agent, AMP can tell you if the system is compromised. You can see how AMP for Endpoints works by downloading this cool, new, instant demo. Instead of just watching a video demo, you can interact with the console. An audio tour guides you as AMP for Endpoints uses various methods to prevent breaches and continuously monitors all file behavior to uncover and contain stealthy threats that evade defenses and get inside.

Cisco Cognitive Threat Analytics extends threat detection and protection to devices where AMP for Endpoints can’t be installed, like IoT-type devices and personal devices. It blocks attempts to establish a presence in your environment and pinpoints unusual traffic before data can be exfiltrated.

Our IoT Threat Defense solution builds on our Cisco Firepower next-generation firewall which includes endpoint security capabilities to prevent an attack in the first place. But if a threat gets through, it uses segmentation, network visibility and continuous analysis, and expert guidance to respond to incidents.

No organization wants to leave value on the table. As walls come down, the potential for upside is huge in the digital age. Cisco is here to help with the most comprehensive cybersecurity solution set for the IoT – one that balances the right walls with the right level of interconnectedness and helps deliver on the true promise of the IoT.


Author: Jason Lamar

  • 0

Cloud Security Attack – Fancy Hare

Category : Cisco

IT Security Leaders know their network and endpoints inside and out. But the cloud is another story. This video takes you inside the mind of hackers and why they have shifted their focus to cloud attacks. Learn more at:…

  • 0

The Network. Intuitive. Explained.

Category : Cisco

Introducing an entirely new era of networking. Constantly learning. Constantly adapting. Constantly protecting. The Network. Intuitive. Learn more:

  • 0

Cisco 2017 Midyear Cybersecurity Report

Category : Cisco

Discover the latest cybersecurity vulnerabilities and see how defenders are improving their ability to detect threats and prevent attacks.

Get the Report

  • 0

Cisco and IBM collaborate to increase security effectiveness

Category : Cisco

On May 30, 2017, Cisco and IBM Security announced a key relationship to address the rising tide of security threats and the need to respond rapidly. Cisco and IBM Security will work together to offer specific product integrations, a managed security service provider (MSSP) roadmap, and threat intelligence collaboration programs.

The relationship focuses on making security simpler and more effective and is a reflection of each company’s commitment to openness and interoperability. Together, Cisco and IBM are focused on reducing the time to detect and mitigate threats, giving you integrated tools to automate threat response with greater speed and accuracy.

What are the offerings?

Here’s a closer look at the three pillars of the relationship:

1. Product integrations

Both organizations are building integrations among the product portfolios. Cisco is building new apps for the IBM QRadar SIEM platform, which helps security teams understand and respond to advanced threats. A variety of Cisco® security solutionswill increase the effectiveness of IBM QRadar® over time, with data from networks, endpoints and the cloud. On the other hand, IBM is building extensions into Resilient and X-Force Exchange to include Cisco products and intelligence data.

The first three apps focus on integrations with Cisco Firepower® technologyCisco Threat Grid and Cisco Identity Services Engine (ISE), and will be available on the IBM Security App Exchange.

Meanwhile, IBM is building extensions into Resilient and X-Force Exchange to include Cisco products. Resilient and X-Force Exchange will be able to ingest Cisco Threat Grid content.

2. Services

The IBM End to End Outsourcing and Managed Security Services team is working with Cisco to deliver new services aimed at further reducing complexity. As enterprise customers manage their equipment on premise and in a datacenter, they are also looking to migrate their security infrastructure to public and private cloud providers. IBM Security will provide outsourcing and managed security services to support Cisco security platforms in leading public cloud services as well as legacy on premise and datacenter environments.

Cisco and IBM Security customers will be able to consume these solutions in a way that complements their existing architecture. Customers will be able to build and manage their own integration, working with a trusted channel partner common to both IBM and Cisco, as well as deploy a full turnkey managed solution supported by IBM Security Services.

3. X-Force and Talos research collaboration

We have also established a new relationship between the IBM X-Force and Cisco Talos security research teams, who now share threat intelligence research and coordinate around major cybersecurity incidents. Shared intelligence also means enhanced performance of security products, and richer outcomes such as reduced time to detect.

For example, Cisco and IBM threat research teams collaborated on defending against the WannaCry ransomware attack. IBM and Cisco researchers coordinated their actions and exchanged insights into how the malware was spreading. Afterward, they continued the joint investigation to provide clients and the industry with the most relevant information.

What’s new and what’s next?

Product integrations will become available in the coming weeks, starting with the Cisco Firepower NGIPS, NGFW and Threat Grid apps. The Cisco ISE app will follow in the late fall and additional apps will become available later in 2017 and beyond. We are excited that the IBM Security team is working closely with Cisco product teams, and we hope to highlight this collaboration in future promotions from both companies including blogs and webinars.

Another important announcement

Today, IBM announced its intention to stop selling its Intrusion Prevention System (IPS) solution, the IBM QRadar Network Security (XGS) product line. This decision will take effect on December 31, 2017. However, current customers will be supported for a full five years through December 31, 2022.

IBM’s decision was based on an analysis of market conditions, competitiveness, strategic fit and it also reflects IBM’s belief in the strength and value of our partnership. When IBM XGS customers look to refresh their network security defenses, IBM’s sales organizations will introduce Cisco’s Firepower NGIPS and Firepower NGFW solutions.

More information on the Cisco and IBM security alliance is coming soon.

Visit our Cisco Firepower page to learn more about Cisco’s industry leading NGIPS.


Author: Dov Yoran