Overwhelmed by the sheer volume of security alerts and potential threats hitting your SOC? Security risks have never been greater, with networks expanding into the cloud, the explosion of mobile and IoT devices, and increasingly sophisticated threats. On top of that, disparate security tools make it tougher to find and remediate threats, especially when you’re under attack and time matters most.

So how can you stay ahead of threats? Enter Cisco Threat Response, a tool that was created to help SOC analysts simplify and speed threat detection, investigation, and remediation from a single interface.

This week at Cisco Live, we’re excited to share continued innovations from Threat Response designed to make your life even easier.

1. Introducing our integration with Cisco Firepower NGFW

You may know that Threat Response is already integrated across multiple Cisco Security products – AMP for Endpoints, Threat Grid, Umbrella, and Email Security. In the coming weeks, you will be able to analyze and triage high priority IPS alerts in Threat Response and enrich these IPS events alongside data from other integrated products. This means  streamlined threat investigations with a fuller picture of the impact across your network, all from a single console.

Join us at Cisco Live to get a preview of this exciting integration. You can see a live NGFW with Threat Response integrated demo at the Cisco Security booth in the World of Solutions. In the meantime, check out this new episode of ThreatWise TV that showcases how Firepower events are integrated into Threat Response.

2. Learn how to enhance your existing SIEM and SOAR tools with open APIs

Threat Response isn’t trying to replace the SIEM or SOAR you’ve already got; rather you can leverage our open APIs for 3rd-party integrations to complement your existing security stack. Script up your own integrations to automate data enrichment and response actions across multiple security products, all in a single interface for a seamless workflow.

At Cisco Live, get your learn on and get hands-on in the DevNet Zone:

  • DEVNET-2505– Automate your threat hunting workflow with Cisco Threat Response APIs – Presented by Christopher Van Der Made.
  • DEVWKS-2639– Security Research and Response Workflows with APIs – Workshop with Neil Patel.

3. Use our browser plug-ins to access threat intel and kick off investigations now

Still haven’t leveraged our APIs or you’re using non-Cisco security products?  Don’t worry, you can still use Cisco Threat Response thanks to our browser plug-ins for Chrome and Firefox. In seconds, you’ll be able to pull threat intelligence to get verdicts on observables and start investigations.

You can see the Threat Response browser plug-in in action in demos and breakout sessions at Cisco Live. We’ll show you how you can pull threat data from sources like Talos  and take actions without native integrations.

  • Demos across the Cisco Security booth in World of Solutions.
  • BRKSEC-2433– Threat hunting and incident response with Cisco Threat Response – Breakout session with Ben Greenbaum.

Additionally, you can check out Threat Response elsewhere on the ground in San Diego:

More integrated demos at the Cisco Security booth in World of Solutions

  • AMP for Endpoints
  • Email Security
  • Umbrella theater sessions: Umbrella Investigate, Umbrella and AMP for Endpoints

Hands-on Labs

  • LABSEC-1012– Threat intelligence, security investigation, incident response with Cisco Threat Response – Sunil Kumar and Vivek Singh
  • LTRSEC-2200– You Got Hacked! Here is What to Do (AMP4E, TG, Splunk, CTR, CTA)
  • – Karel Simek, Michal Svoboda, Ben Greenbaum


  • CCP-1302– Roadmap: Endpoint Security – Cisco Customer Connection Program session with Snehal Patel (CCP membership required – it’s free to join, sign up here)

Come see why there’s so much buzz around Threat Response at Cisco Live this week. Holler at me on Twitter @jolenetam if you’ll be around! Until then, learn more at http://cisco.com/go/ctr.



Jolene Tam

Product Marketing Manager