There are so many companies each year at the RSA Conference, it would be useful to have some analytics to help guide your time there; which of the 700 plus vendors should you try and spend time with to solve your current problems? Similarly, customers are trying to keep up with the growing list of tools from all these companies that they can use to protect their environments.
With today’s constant deluge of attacks and complex enterprise infrastructure, a successful security program requires the right mix of ingredients. The CISOs I talk to are more likely to ask, “How many more ingredients do I have to add to the mix? I am already struggling to manage and respond to the alerts I am receiving from my current technologies. Where does it end?”
In my last blog post, I discussed the criticality of security analytics for dealing with this challenge. Without analytics, our security professionals would be even more overwhelmed than they already are, trying to make sense of non-stop alerts from various technologies. Through the use of analytics, intelligence, and automation, Cisco is helping security teams take back control of their environments and their schedules through more proactive defenses.
According to our newly released 2020 CISO Benchmark Report, a majority (77%) of respondents are planning to increase automation to simplify and speed up response in their security ecosystems over the next year. We can’t fix the current state of security overnight, but it’s a goal that Cisco is continually striving for as we expand and evolve our portfolio.
Introducing Cisco SecureX – The broadest, most integrated security platform
This week at the RSA Conference, we are announcing our new security platform, called Cisco SecureX. As the broadest, most integrated platform on the market, SecureX brings Cisco and other security products and capabilities together to work as a team. It connects the breadth of Cisco’s integrated security portfolio and customers’ entire security infrastructure for a consistent experience that unifies visibility, enables automation, and strengthens protection.
Cisco SecureX makes it easy to establish coverage across every threat vector and access point, and evolve security to meet the needs of tomorrow. It leverages all parts of your infrastructure to enable better decision making based on comprehensive threat detection and meaningful security analytics.
You’ve probably heard others talk about security platforms before. Here’s the thing: their platforms don’t cover all the threat vectors. They don’t work with an ecosystem of third-party technologies. And they don’t integrate with core business technologies like the network.
Cisco SecureX does all of this to bring enhanced integration, visibility, and automation to security teams. This results in more streamlined, efficient, and collaborative protection across your entire infrastructure. And analytics play a key role in connecting these dots and extracting maximum value from an integrated security platform.
Precise Analytics Across the Platform
My previous blog post focused on the valuable security analytics delivered by our Network Traffic Analysis technology, Cisco Stealthwatch. While crucial, it’s important to note that Stealthwatch is just one component of our analytics capabilities, which span our entire platform and portfolio – from the network and cloud to endpoints and applications. There are now seemingly infinite avenues for attackers to infiltrate our environments, so each one must be equipped with strong security fortified by analytics and intelligence.
On the network…
Cisco Stealthwatch leverages behavioral modeling and machine learning to process billions of network transactions, detect anomalies, and reduce them to critical alerts for enhanced threat detection – even in encrypted traffic. Meanwhile, Cisco Web Security uses URL filtering, reputation analysis, and other techniques to automatically detect and block web-based threats.
In the cloud…
Cisco Umbrella uses statistical models to automatically score and classify data processed by our global network to detect anomalies, identify attacker infrastructure, and uncover known and emergent threats. This helps users remain safe while on the Internet – anytime, and from anywhere. Additionally, Stealthwatch threat detection can also be extended into the public cloud via Stealthwatch Cloud.
On the endpoints…
Our AMP for Endpoints product is trained by algorithms to “learn” to identify malicious files and activity based on the attributes of known malware. Machine learning capabilities in AMP for Endpoints can help detect never-before-seen malware at the point of entry. Additionally, Cisco Endpoint Security Analytics Built on Splunk uses behavioral analysis to obtain insight and shorten investigation time for potential threats on the endpoints, whether they are on or off the network.
Duo Security develops a baseline of normal access within an organization, and then analyzes each new access attempt to highlight anomalous behavior. This way, unauthorized users can be prevented from accessing sensitive applications and data. Additionally, Cisco Tetration uses security analytics to understand application behaviors for faster threat detection and consistent microsegmentation.
For More Information
Security analytics can help detect unknown threats and policy violations, and also reduce alert fatigue within security teams. The best part is, through our platform approach, these multiple analytics engines will not work in silos. Our products are being strategically integrated to exchange information, share context, increase automation, and more comprehensively protect your environment.