The Case for Multi-Vendor Safety Integrations

The Case for Multi-Vendor Security Integrations

Identical to the myriad increasing galaxies seen within the newest photos from the James Webb area telescope, the cybersecurity panorama consists of a rising variety of safety expertise distributors, every with the purpose of addressing the frequently evolving threats confronted by clients at this time. So as to be efficient, cybersecurity instruments need to be collaborative—be it sharing related menace intelligence, machine & person insights, appearing on detection and remediation workflows, and extra.

We at Cisco Secure have embraced this idea for some time now with our frequently rising ecosystem of multi-vendor expertise integrations. On the RSA Convention 2022 earlier this 12 months, Jeetu Patel, Cisco’s Government Vice President and Basic Supervisor of Security and Collaboration, spoke of how the ‘cybersecurity poverty line’ is widening and the way malicious actors are benefiting from this gaping gap to unleash persistent assaults. It’s crucial that cybersecurity distributors work together with and collaborate with one another to decrease this hole. To do that, security vendors must adopt open ecosystems of APIs to simply combine with one another to supply efficient methods for mutual clients to defend and react to cybersecurity assaults.

Like in prior years, this fiscal 12 months 2022 noticed us rising to incorporate new ecosystem companions and integrations. With 22 new companions and 51 new integrations in our ecosystem, Cisco Safe Technical Alliance (CSTA) now boasts over 450 integrations, together with technical integrations with Cisco Duo and Cisco Kenna. This enables our mutual customers the liberty to implement the cybersecurity instruments of their selection with the information that these instruments can combine with one another if they should, thus realizing a greater return on funding of their cybersecurity spending and enhancing cybersecurity posture.

On this annual round-up of our ecosystem, we congratulate our new companions in CSTA and current companions as effectively, who’ve both created new integrations throughout our portfolio or augmented current ones. For extra particulars on every accomplice integration on this announcement, please learn by means of the person accomplice highlights under.

Completely satisfied integrating!


New Cisco Safe Endpoint Integrations

AT&T Cybersecurity

The AlienApp for Cisco Safe Endpoint allows you to automate menace detection and response actions between USM Anyplace and Cisco Safe Endpoint. It additionally enhances the menace response capabilities of USM Anyplace by offering orchestration and response actions to isolate or un-isolate hosts primarily based on dangers recognized in USM Anyplace. As well as, it means that you can accumulate hourly occasions from Cisco Safe Endpoint by means of the USM Anyplace Job Scheduler. Learn extra right here.

AttackIQ

AttackIQ LogoAttackIQ automates the analysis of Cisco Safe Endpoint towards the tactic classes as outlined by MITRE ATT&CK™. The AttackIQ and Cisco partnership and technical integration allows organizations to validate that the Cisco Safe Endpoint is deployed appropriately and configured optimally, guaranteeing safety in your endpoints towards the most recent threats. Learn extra right here.

Certego

Certego logoWith Certego Tactical Response for Cisco Safe Endpoint, monitored endpoints are monitored by the Certego PanOptikon SOAR platform. When Certego IRT detects malicious actions on a particular host within the buyer’s community, it may isolate compromised hosts to dam the assault, even with out requiring the person to entry the Cisco Safe Endpoint Console. Learn extra concerning the Certego right here.

ServiceNow

ServiceNow logoCisco Safe Endpoint is now licensed for the ServiceNow ITSM San Diego launch. The Cisco Secure Endpoint App on ServiceNow gives customers with the flexibility to combine occasion information from the Cisco Safe Endpoint into ServiceNow by creating ITSM incidents. The app automates the collection of events from Cisco Secure Endpoint and teams them into single incidents. Learn extra right here.

New Cisco Safety Connector for iOS Integrations

FAMOC

FAMOC handle from Techstep, a Gartner-recognized MMS supplier, is an MDM designed to provide IT a whole view and absolute management over mobile units utilized by the workforce, so that folks can work extra successfully and securely. With the Cisco Security Connector for iOS integration, FAMOC MDM extends its enterprise mobility administration with an additional layer of community safety and visitors evaluation software, giving IT admins instruments to make actionable selections and design entry management insurance policies. Learn extra right here.

New Cisco Cloud Safety Integrations

Elastic Safety

Elastic Safety now helps occasion ingestion from Cisco Umbrella, offering visibility into person exercise and makes an attempt to entry doubtlessly malicious domains. This new integration helps Umbrella proxy, cloud firewall, IP, and DNS logs. This integration allows safety analysts to detect threats and visualize Cisco Umbrella information, and likewise correlate Umbrella occasions with different information sources together with endpoint, cloud, and community. This integration expands on Elastic’s on-going enlargement of Cisco integrations together with ASA, Nexus, Meraki, Duo and Safe Firewall Menace Protection. Learn extra right here.

Fortinet

FortiSIEM brings collectively visibility, correlation, automated response, and remediation in a single, scalable resolution. It reduces the complexity of managing community and safety operations to successfully free sources, enhance breach detection, and even forestall breaches. Learn extra right here.

Hunters

Hunters ingests Cisco Umbrella log and alert data into our SOC Platform; the Platform then correlates that data with all the different (vendor agnostic) buyer safety telemetry, together with EDR, Id and Cloud/Community log information, within the buyer’s infrastructure to synthesize and detect incidents with the next constancy than any single software alone can produce. Learn extra right here.

LearnSafe

LearnSafe equips college leaders (Ok-12) with evidence-based data to raised perceive which students are exhibiting behavioral points and in want of assist primarily based on what they’re utilizing, saying, and doing on the school-owned laptop. With Cisco Umbrella, LearnSafe directors are in a position to block entry to domains their college students shouldn’t be accessing. Learn extra right here.

Microsoft

The Cisco Umbrella resolution for Microsoft Azure Sentinel is now reside!  This integration allows your clients to ingest Cisco Umbrella occasions saved in Amazon S3 into Microsoft Sentinel utilizing the Amazon S3 REST API.  Learn extra right here.

Sumo Logic

Sumo Logic’s cloud-native collector helps automated ingestion of logs from Cisco Umbrella’s hosted AWS S3 buckets. Knowledge collected from Umbrella can then be routed to Sumo’s Cloud SIEM, the place it’s then robotically normalized and utilized to our rule’s engine. A number of built-in guidelines for Umbrella have been created that, when triggered, will generate safety alerts within the platform. These and different safety alerts are then clustered collectively primarily based on associated entities (IP, email, area title, URL, and many others.) to create insights for evaluation by the SOC. Learn extra right here.

New Cisco Firepower Subsequent-Gen Firewall Integrations

Alkira

The Safe Firewall workforce and Alkira have validated Safe Firewall (Digital) Model 7.1 to run on Alkira’s cloud community as-a-service (CNaaS) platform. The answer presents on-demand hybrid and multi-cloud connectivity, built-in community and safety companies, end-to-end visibility, controls and governance. Learn extra right here.

Cyware

The Safe Firewall workforce has validated Cyware’s STIX 1.2 menace intelligence feed for interoperability with Safe Firewall’s Menace Intelligence Director. Clients can shortly operationalize the inbound information to guard the community from the most recent threats. Learn extra right here.

Dragos

Dragos protects important infrastructure and has joined the CSTA program. Dragos inventories belongings, determines threat and vulnerabilities and generates firewall coverage objects that directors can apply to their Cisco Safe Firewall deployment by means of its REST API. Learn extra right here.

Equinix

The Safe Firewall workforce and Equinix have validated Safe Firewall (Digital) to run on Equinix’s Community Edge as a Service platform. Equinix Cloth means that you can join digital infrastructure and companies on demand through safe, software-defined interconnection (Ecosystem). Learn extra right here.

Fastvue

Fastvue has joined the CSTA program. The Fastvue Web site Clear engine intelligently interprets Cisco Safe Firewall log information in order that non-technical workers can simply see what individuals are really doing on-line. The info use to maintain firms compliant with office and college policies. Learn extra right here.

New Cisco ISE Ecosystem Integrations

Alef Nula

Alef Nula has developed a brand new integration with ISE. The Alef Nula Id Bridge consumes identification updates revealed by pxGrid and serves them to ASA firewalls utilizing the CDA/Radius protocol. Utilizing pxGrid v2.0, it replaces unsupported Cisco CDA and permits ASA firewalls to grow to be an identification shopper of ISE context. It will possibly learn the total identification database and might replace registered ASA firewalls in Full Obtain mode. Learn extra right here.

Forescout

Forescout’s pxGrid Plugin integrates with current Cisco ISE deployments so that you could profit from Forescout visibility and evaluation for coverage selections, whereas persevering with to make use of ISE as an enforcement level. The pxGrid Plugin allows Forescout platform insurance policies to detect ISE-related properties on endpoints, and to use Cisco ISE ANC insurance policies, including policies that assign Security Teams to units. Learn extra right here.

Fortinet

FortiManager gives automation-driven centralized administration of Fortinet units from a single console, enabling full administration and visibility of your community units by means of streamlined provisioning and modern automation instruments. FortiManager dynamically collects updates from Cisco ISE with pxGrid and forwards them to FortiGate utilizing the Fortinet Single Signal On (FSSO) protocol. This permits using session data collected by Cisco ISE to be leveraged in FortiOS safety insurance policies. Learn extra right here.

Radiflow

Radiflow gives OT ICS coverage creation and enforcement with the Radiflow iSID IDS. They not too long ago accomplished a brand new integration with ISE leveraging pxGrid. With this integration Cisco ISE receives enriched data of OT devices from Radiflow iSID and will process it in keeping with the profiles and insurance policies which have been configured. Enriching ISE with OT particular insights accessible with iSID’s DPI engine allows higher choice making inside ISE by offering further context to categorize units by their sort/operate throughout the OT setting. Learn extra right here.

XTENDISE

XTENDISE is an easy net software linked to Cisco ISE. It’s designed for directors, helpdesk, operators or anybody who must work with ISE and helps them with on a regular basis routine duties associated to 802.1X with out the necessity to prepare them in Cisco ISE. XTENDISE saves directors’ time, prevents errors and will increase community safety. Learn extra right here.

New Safe Malware Analytics (Menace Grid) Integrations

Splunk

The Cisco Safe Malware Analytics Add-On for Splunk leverages the Menace Grid API to counterpoint occasions inside Splunk. The add-on is now up to date for Splunk 8 and is accessible on Splunkbase. Learn extra right here.

New SecureX Menace Response Integrations

Censys

Censys now has an integration with SecureX menace response, which returns Sightings of IP and IPv6 Observables (IOCs) in an investigation. Learn extra concerning the Censys relay module right here.

Exabeam

The brand new Exabeam integration empowers customers to analyze an observable and decide whether it is contained in a log message saved in Exabeam Fusion SIEM Knowledge Lake. It gives customers with the date and time the observable was seen within the log, the forwarder that despatched the log, and the uncooked log messages. Whenever you pivot into Exabeam and seek for an observable in all of the log messages, the outcomes of the search are displayed within the Exabeam UI. This integration means that you can question IPv4, IPv6, SHA-1, SHA-256, MD5, area, URL, file path, person and electronic mail information sorts and it returns sightings of an observable from every log message. Learn extra right here.

LogRythm

The LogRhythm integration empowers customers to analyze an observable and decide whether it is contained in an occasion saved in LogRhythm. It gives customers with the date and time the observable was seen within the occasion and the uncooked occasion information. This integration means that you can question IPv4 and IPv6 information sorts and it returns sightings of an observable from every occasion. Learn extra right here.

NetWitness

A proof-of-concept integration with RSA NetWitness SIEM was constructed for the RSAC SOC and Black Hat NOCs. The SecureX Concrete Relay implementation utilizing NetWitness as a third-party Cyber Menace Intelligence service supplier. The Relay itself is only a easy software written in Python that may be simply packaged and deployed. Learn extra right here.

ServiceNow

Cisco SecureX menace response integration with SecOps is now licensed for the ServiceNow San Diego launch. The module permits ServiceNow SecOps to leverage the Verdicts, Refer and Response capabilities offered by SecureX menace response to help the safety analyst of their investigation workflow. Learn extra right here.

Sumo Logic

The Sumo Logic Cloud SIEM integration gives safety analysts with enhanced visibility throughout the enterprise to totally perceive the affect and context of an assault. Streamlined workflows robotically triage alerts to maximise safety analyst effectivity and focus. This integration signifies to users that the observable in an investigation is contained in an insight and/or signal inside Sumo Logic Cloud SIEM. It means that you can question IPv4, IPv6, SHA-1, SHA-256, MD5, area, and URL information sorts. It additionally returns sightings and indicators of an observable from every perception and sign retrieved from Sumo Logic Cloud SIEM. Learn extra right here.

New SecureX Orchestration Integrations

APIVoid

APIVoid gives JSON APIs helpful for cyber menace evaluation, menace detection and menace prevention. The next APIVoid atomic actions for SecureX Orchestration Workflows at the moment are accessible: Get Area Repute, Get IP Repute, Get URL Repute, Get URL Standing. Entry the workflows right here.

Censys

Censys is an organization that enables customers to find the units, networks, and infrastructure on the Web and monitor the way it adjustments over time. SecureX orchestration atomic actions for Censys is now accessible and consists of: Fundamental Search. Entry the workflows right here.

Cohesity

This integration radically reduces the time and sources enterprises spend to detect, examine, and remediate ransomware threats to information. It empowers SecOps, ITOps and NetOps with visibility and automation to collaborate in countering ransomware — no matter whether or not information resides on-premises or within the cloud — delivering enterprise-wide confidence in deterring, detecting, and recovering quick from cyberattacks. Cohesity’s next-gen information administration enhances Cisco SecureX by including visibility and context to information, complementing Cisco’s current capabilities for networks, endpoints, clouds, and apps. Learn extra right here.

Farsight Safety

SecureX orchestration atomic actions for workflows at the moment are accessible for Farsight Safety DNSDB. They embody varied objects like DKIM key inspections, DNS Useful resource Information and extra. Entry the workflows right here.

Fortinet

SecureX orchestration workflows for Fortinet FortiGate at the moment are accessible: Block URL, IP and Area Menace Containment. Entry the workflows right here.

Jamf Professional

SecureX orchestration workflows for Jamf Professional embody: Lock Pc, Lock Cell Machine. Entry the workflows right here.

Palo Alto Networks

SecureX orchestration workflows for Palo Alto Networks Panorama at the moment are accessible: Block URL, IP, Area Menace Containment. Entry the workflows right here.

ServiceNow

A brand new Orchestration motion gives high MacOS IR Indicators to ServiceNow This workflow runs a number of Orbital queries on the endpoint offered to search for high incident response indicators of compromise. The outcomes are then posted to a ServiceNow incident. Supported observables: ip, mac_address, amp_computer_guid, hostname. Entry the workflow right here.

Shodan

Shodan is a database of billions of publicly accessible IP addresses, and it’s utilized by safety specialists to investigate community safety. SecureX orchestration atomic actions for Shodan embody: Fundamental Search. Entry the workflows right here.

New SecureX Machine Insights Integrations

Earlier this 12 months we introduced SecureX Machine Insights which gives complete endpoint stock in a single unified view. Endpoint looking out and reporting means that you can assess machine safety configuration on employee-owned, contractor-owned, firm owned, and IoT/OT units—with out risking enterprise disruption. With Machine Insights you possibly can

  • Achieve a holistic view of your machine information that can assist you simplify and automate safety investigations.
  • Establish gaps in management protection, construct customized insurance policies, and create playbook pushed automation choices

Machine insights helps the next third-party sources in its preliminary launch: Jamf Professional, Microsoft Intune, Ivanti MobileIron and VMware Workspace ONE (previously AirWatch).

New Cisco Safe Entry by Duo Integrations

Bitglass

Bitglass’ Subsequent-Gen CASB gives information safety, menace safety, entry administration, and visibility, whereas Duo presents identification verification choices like SSO and MFA. The Duo and Bitglass integration present a synergistic resolution that funnels visitors by means of Duo’s SSO and verifies customers through its MFA so Bitglass can ship real-time information loss prevention and granular adaptive entry management. Due to Bitglass’ agentless structure, the joint resolution can safe any app, any machine, anyplace. Learn extra concerning the integration right here. A joint resolution transient can be accessible right here.

Cmd

Cmd helps firms authenticate and handle person security in Linux production environments without slowing down teams — you don’t need to individually configure identities and units. Cmd integrates with Duo to place 2FA checkpoints into Linux-based information facilities and cloud infrastructure. The mix of Cmd and Duo allows growth groups to run on the fashionable, agile tempo they’re accustomed to with none security-induced slowdowns. Learn extra right here.

Darktrace

Darktrace is an AI-native platform that delivers self-learning cyber protection and AI investigations and seamlessly integrates with different instruments through an open and extensible structure. Darktrace’s Safety Module for Duo gives protection over entry, person periods and platform administration throughout the Duo platform. Learn extra right here.

Dashlane

Dashlane is a password supervisor that now helps Duo utilizing Duo SSO. The combination lets IT Directors simply deploy Duo + Dashlane and arrange entry insurance policies. Finish customers can simply entry Dashlane and their passwords with SSO from Duo. Learn extra right here.

HashiCorp

HashiCorp Vault is an identity-based secrets and techniques and encryption administration system. A secret is something that you simply need to tightly management entry to, comparable to API encryption keys, passwords, and certificates. Add one other layer of safety and defend entry to secrets and techniques inside HashiCorp Vault with Duo Safety MFA. Learn extra right here. A recording of the Cisco Duo + HashiCorp webinar is accessible to view right here.

Oort

Oort discovers vulnerabilities throughout a complete person inhabitants (or a phase of it). Set off notifications associated to behavioral anomalies or finest practices, or insurance policies not being adopted. Oort integrates with Duo for identification analytics and menace detection to supply a whole image of the person habits and spotlight any anomalous exercise or determine dangers. Learn extra right here.

Perimeter 81

Perimeter 81 simplifies cyber and community safety for the hybrid workforce, guaranteeing safe entry to native networks, purposes, and cloud infrastructure. Their integration with Duo gives safety for directors and end-users who have to log in to Perimeter 81. Learn extra right here.

Specops Software program

Specops Software program, a number one supplier of password administration and authentication options, protects businesses by securing user authentication across high-risk tasks including account unlocks and password recovery via self-service or the IT service desk. Organizations can prolong Duo authentication to safe person verification throughout these use instances. Learn concerning the integration right here.  A weblog on the mixing can be accessible right here.

Sectona

Sectona is a Privileged Entry Administration firm that delivers built-in privilege administration parts for securing dynamic distant workforce entry throughout on-premises or cloud workloads, endpoints, and machine-to-machine communication. Duo’s safe entry multi-factor authentication can be utilized to make sure that every person authenticates utilizing a number of strategies (components) whereas accessing Sectona Privileged Entry Administration. Learn extra right here.


We’d love to listen to what you suppose. Ask a Query, Remark Beneath, and Stay Connected with Cisco Secure on social!

Cisco Safe Social Channels

Instagram
Fb
Twitter
LinkedIn

Share:

 

x